Issue 14: The Risks of Going Dark

Welcome to Issue 14 of This Week in GRC, MBK Search’s weekly digest of the world of governance, risk, and compliance

The Opening Bell

Reddit’s Dark Days

Reddit’s GRC communities are tiny, but busy. r/riskmanagement has 823 subscribers, while r/compliance and r/InternalAudit have 2,100 and 4,300 respectively. Unlike r/programming which has more than a million subscribers, GRC professionals don’t seem to flock to Reddit to talk shop.

But perhaps the $10b social giant could do with a few more risk managers on site to cope with the slew of popular subs that have ‘gone dark’. The subs have turned off the lights in protest over Reddit’s decision to charge popular third-party apps an extortionate amount of money to access its API.

What is the risk of annoying a massive userbase that’s used to regulating its own fun? They’ll up sticks and leave.

When your company’s valuation is predicated on the active participation of millions of people on your platform, keeping them generally happy should be goal numero-uno.?

(And if r/wallstreetbets is anything to go by , the whim of the Sub is nothing to ignore.) ?

Plus, if your advertisers start packing bags , it's time to reassess.

Reddit seem determined to ride out the storm, but if Twitter’s brand implosion has showed, social media is a capricious tool, and people don’t like having their fun messed with. Indeed, something a basic risk assessment would have told Reddit right from the get-go.

Newsbits

·?????Fed, SEC probing Goldman Sach’s role in SVB’s final days

·?????EU says it might seek breakup of Google’s ad-tech business

·?????Huma receives FDA clearance for SaMD platform

·?????Crypto investors step up risk management after last year’s meltdowns

·?????Improvements needed in monitoring and allocating development aid

1: Is there a compliance crisis coming?

The catch-cry of 2023's banking crisis was "Where was risk management?" But what if GRC simply wasn't on the payroll to begin with?

Fascinating piece from the FCPA which poses a worrying assessment on the general state of compliance. The post explains that:

• Many companies are chopping their compliance budgets
• There has been a decrease in FCPA enforcement in 2023
• That decrease makes it harder to justify large compliance budgets

What's the upshot? It's a panopticon effect. If bad actors know fewer people are watching them, they're more likely to act badly.

Read the full blog post here.

2: Fact or fiction: Only accountants make good internal auditors

Friend of the newsletter Richard Chambers chimes in with a timely piece about what makes a 'good' internal auditor.

In the post, Chambers argues that the profession has evolved beyond mere bean counting. A well-resourced IA function will include people with strong financial backgrounds, but also those with operations, IT, compliance, and fraud expertise too.

From a hiring and recruitment perspective, Chambers cites an IIA Pulse survey that found Chief Audit Executives predominantly look for candidates with accounting and finance degrees. But, when asked to name the skills they recruit, CAEs identified their top three choices as analytical/critical thinking, communication, and business acumen. "Accounting and finance knowledge barely made it into the top 10."

Tell us what you think in the comments, and read the full piece here .

3: Unlocking resilience: The power of risk intelligence in business

MIT's Sloan Review is a treasure trove of insight and research, and their summer update dives deep into risk management.

The thinktank's latest research challenges the traditional view of risk as a threat, proposing that understanding and managing risk can unlock business opportunities.

Interestingly, it emphasizes the role of Integrated Risk Management (IRM) technology in providing a comprehensive view of digital risks, and suggests five steps to leverage digital risk:

1. Fostering a learning culture
2. Investing in IRM
3. Embedding risk management in strategy
4. Promoting cross-functional collaboration
5. Adapting to the digital landscape.

A timely deep-dive to take to your next strategy session. Download the full report here.

4: Three red flags when doing a risk assessment

Are you making these three big mistakes when conducting a risk assessment?

The RISK Academy's latest blog explores big red flags companies sometimes miss when weighing up risks:

1. Risk Assessments Disconnected from Decisions: The piece argues risk assessments should be tied to significant decisions or process optimizations, not done just because it's a routine or a scheduled activity.
2. Error-Adding Methodologies: Risk assessment methodologies should not add error to the output. It's advisable to back test old risk assessments to ensure their accuracy.
3. One-Size-Fits-All Methodology: Different risks often require unique assessment techniques. Using a single methodology for all risks can lead to inaccurate assessments.

Do you agree? Read the full piece here and let us know your thoughts in the comments.

5: The relationship between ERM and Internal Audit

The Risk Management Show speaks with enterprise risk management consultant Carol Williams who talks about the best way ERM and Internal Audit can collaborate. Agree with Carol? Let us know below.

6: Reddit is destroying itself

Harkening back to the Opening Bell, what is going on at Reddit? And where does risk management play its part?

Is it time to think about the next step in your career? MBK Search finds career-shaping opportunities for the best GRC talent. Here are some of the big roles we're recruiting for this week. But as always, you can see our full range of jobs on our job board .

1: Senior Director, Internal Audit (Global Leading Bank)

New York City Metropolitan Area (Hybrid)

$141,830 - $265,000 per year

Click here to apply

2: Manager, Corporate Finance

Los Angeles Metropolitan Area (Hybrid)

$120,000 - $140,000 per year

Click here to apply

3: Corporate Tax Manager

Reading, United Kingdom (Hybrid)

￡45,000 - ￡60,000

Click here to apply