How can the Government be your Risk Management Friend?
If you've not noticed this yet, our textbook is terribly British in its orientation and outlook on life; this is clearly apparent in the very brief discussions about legal and regulatory compliance regimes that organizations must deal with. By contrast, American textbooks on risk management have whole chapters dedicated to a detailed review of a seemingly endless list of laws, guidelines, regulations, Uniform Commercial Code, insurance underwriter rules, ... all of which are trying, in theory, to help keep you and your organization out of trouble. From HIPPA to FERPA, from Sarbanes-Oxley to the latest INFOSEC directives and standards ... the US list of "help" from Washington is almost endless. And overwhelming.
Discuss:
The question this week: How can laws which say what you must do to manage risk, specify how to do it, in detail, and then how to self-assess and report your compliance with the laws actually help you do the job of managing and mitigating risk?
Find an example. Take a stand - decide if it's help in disguise or a threat to your organization's life blood.