Subscribe:
-
Utility risks invading your dreams? Mitigating risk through ERM
If concerns about utility leadership retirements, staff turnover and energy generation shifts invade your dreams, enterprise resource management is a proven risk evaluation and mitigation methodology. -
Real estate company strengthens third-party management processes, enhances investor confidence
A real estate investment management company hired Baker Tilly to review and enhance their internal controls and processes for managing third-party agreements. -
Strategic Thinking… Focus on the Future
In a recent PICPA blog article, Dr. John Park discusses the importance of strategic thinking and planning for individuals and businesses. -
Leveraging big data in the consumer credit industry: Better use of quality data can revitalize exhausted servicers
Understand the nature of data fatigue, quality data and other concerns big data imposes on mortgage servicing organizations and what companies can do to overcome these challenges by downloading this informative whitepaper. -
Tribal government conducts enterprise wide risk assessment to develop annual internal audit plan
A large tribal government needed assistance in developing a best-in-class internal audit function to improve internal controls, governance and overall operations. -
Integrating corporate compliance programs into enterprise risk programs
The internal audit function can play several roles in the formalization of risk management and compliance processes as well as integrating compliance into ERM. -
HIPAA in Higher Ed – Does your risk assessment get an A+ from OCR?
This Baker Tilly and ACUA webinar discusses the latest HIPAA news and recent higher education OCR actions, commonly forgotten areas of the risk assessment, standard tools recommended by OCR and a practical assessment approach that can lead to efficiencies and savings. -
Data Security: Keys to Building a Sound Data Risk Management Program
Listen in as Baker Tilly and Thompson Hine law firm teamed up to cover this critical discussion on data security. -
Baker Tilly performs extensive array of internal audit functions at research institution, and serves in the role of interim CAE during transition period
One of Baker Tilly’s professionals served in the role of interim (CAE) while the university during the recruiting and hiring process for a new full time position, while collaborating with senior leadership and internal audit stakeholders to transition the function to new leadership. -
An increasing emphasis on enterprise risk management drives university to seek external assessment
Baker Tilly conducted a compliance infrastructure assessment that resulted in concrete and practical recommendations for enhancing and monitoring compliance-related activities, filling gaps and providing increased visibility to the board and senior leaders. -
Not-for-profit undergoes IT general controls and application controls audit and receives recommendations that will drive IT planning and budget processes and improve operating effectiveness
The organization plans to use Baker Tilly's recommendations to drive their IT planning and budget process. -
Health Plans: Membership and Premium Cycle Audits
This is the second article in a four-part series on health plan audits, and it focuses on the risks and important control processes in membership and premium cycles. -
Audits of Sponsored Research - Introduction
This auditing sponsored research article discusses the regulatory environment, risks associated with noncompliance, obstacle to compliance and the role of internal audit. -
Risk-based advisory services: strategic partnerships and approaches for gaining assurance in an increasingly complex higher education environment
Leadership needs a strategic partner they can rely on to help foster an effective approach to managing risk, compliance, and the alignment of organizational strategy and operational tactics. -
Be a Catalyst for Your Enterprise Risk Management Program
This webinar will share how stakeholders throughout an institution can use various tools, including internal and external assessments, to improve the effectiveness of ERM. -
Using enterprise risk management to achieve your mission
As risks and complexities continue to change and grow, not-for-profit organizations can embrace enterprise risk management (ERM) as a strategic advantage. -
WPS transforms internal audit function and enterprise risk management
Baker Tilly helps WPS Health Solutions strengthen internal audit function and bolster risk management throughout the organization. -
Serving as the internal audit department for a global, private equity-owned manufacturer of baked goods
Serving as the internal audit department for a global, private equity-owned manufacturer of baked goods -
Playing offense and defense: Assessing and managing cyber risk effectively
No organization is immune from a cyber attack. Organizations that are best positioned to protect themselves will play both offense and defense—beginning with a thorough cybersecurity risk assessment. -
OCC standards require strict oversight of third-party relationships
It’s no longer enough for banks and other financial institutions to simply have good working relationships with the third parties that provide IT and other services. New, stricter standards and increased scrutiny by the Office of the Comptroller of the Currency (OCC) and the Consumer Financial Protection Bureau (CFPB), as well as the Federal Deposit Insurance Corporation (FDIC) and the Federal Financial Institutions Examination Council (FFIEC), mean financial institutions now have the same responsibilities for in-house and out-of-house services. -
How to Fraud Proof Your Law Firm
Baker Tilly talks with Bisnow about cyber fraud threats facing the legal industry and shares solutions about how law firms can protect sensitive data. -
EU-US Privacy Shield Agreement increases oversight of data transfers: US companies brace for requirements
U.S. companies are bracing for requirements related to the new EU-U.S. “Privacy Shield”, which establishes a new framework for data transfers that underpin the world’s largest trading relationship between the EU and the U.S. Get a head start on compliance by understanding the agreement’s data transfer protocol requirements, oversight, and compliance implications for affected U.S. companies. -
Cybersecurity Disclosure Act of 2015: What you need to know now
The proposed Cybersecurity Disclosure Act of 2015 has provoked discussion about the role of the Board of Directors in cybersecurity oversight and board member knowledge and awareness of an organization’s cybersecurity management program. Baker Tilly outlines the potential impacts to boards and what’s important to know now. -
How to solve your organization’s biggest cybersecurity threat
Baker Tilly talks with Bisnow about how to implement an effective cybersecurity management program by looking at cybersecurity holistically and not just as a technology problem. Learn more about what common, yet critical areas most organizations overlook and actionable steps you can take today to protect your data. -
Top ten tips for board members approaching mergers and acquisitions
At a recent NACD roundtable discussing emerging trends, key considerations, and hot topics related to mergers and acquisitions (M&A), Baker Tilly CEO and AICPA Chairman Tim Christen facilitated a spirited discussion among corporate board directors. Covering organization targeting, merger strategy, implementation planning, compensation and incentives, deal makers/breakers, and success measures, the diverse group shared insights gleaned from their experiences. -
Credit union relies on risk and internal audit expertise
Credit union aligns internal audit and risk management by working with Baker Tilly’s risk, internal audit, and financial institution specialists. -
2015 SOC update and developments
Baker Tilly’s Service Organization Controls (SOC) specialists explained new developments for SOC reports in 2015 in this recent webinar. -
AICPA changes to SOC 2: What service organizations need to know
The American Institute of Certified Public Accountants (AICPA) recently released an updated Service Organization Controls (SOC) 2 report audit guide with a number of enhancements that impact SOC 2 reports. -
Five best practices to manage hedge fund cybersecurity risks
Cybersecurity is a critical business issue for hedge funds and other investment management firms. The financial consequences of a cyber attack can be significant and could result in a serious impact to a firm’s reputation. Not surprisingly, cybersecurity is also a growing concern for regulators, and an area where fund managers are increasing their focus. -
Credit unions look to raise the level of commercial lending competition
The National Credit Union Administration (NCUA) has proposed five new rules that, if enacted as written, have the potential to significantly change the commercial lending playing field for both credit unions and banks. -
NAIC provides additional ORSA feedback to industry
Overall, the 2015 Working Group memo indicated that the depth and breadth of the content of the ORSA reports varied significantly from company to company, and that the ORSA reports of life insurers generally demonstrated more mature ERM and capital management frameworks than those of property-casualty and health insurers. -
Network Health augments staff with experienced industry specialists
Network Health’s CFO initially turned to Baker Tilly for staff augmentation and accounting assistance with tax and quarterly state insurance department filings. -
Baker Tilly Comment Letter to the AICPA on the Proposed Revision of Trust Services Principles and Criteria
We are pleased to have the opportunity to provide feedback to the AICPA Assurance Services Executive Committee (ASEC) Trust Information Integrity Task Force's Privacy Working Group with respect to its recent Proposed Revision of Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy. -
Proposed revisions to the Trust Services Principles and Criteria are available for comment
The AICPA recently released an exposure draft of the proposed revisions to the Trust Services Principles and Criteria. The most significant change in the proposed revisions is the integration of the privacy principles and criteria into the common criteria. -
Transitioning to the 2013 COSO Framework
Since the Committee of Sponsoring Organizations (COSO) issued its Internal Control — Integrated Framework (2013 Framework) in May 2013, many organizations have implemented the new framework to comply with the initial December 15, 2014 transition deadline. The 2013 Framework requires management to assess whether 17 principles are present and functioning, which is a change from the previous framework. Further, the 2013 Framework includes points of focus, which are important characteristics of the 17 principles and assist management with determining whether controls are properly present and functioning. -
Banking brief: Vendor risk management increasingly complex
The heightened complexity of vendor risk management for US banks was evident at a conference sponsored by Marcus Evans in Chicago on June 3-4. Need for resources, maintaining oversight, and how organizations are managing the process internally were all hot topics of conversation. -
Insurance regulators zeroing in on cybersecurity
Recent activity by regulators shows an increased focus on cybersecurity in the insurance industry. The National Association of Insurance Commissioners (NAIC) has published its Principles for Effective Cybersecurity Insurance Regulatory Guidance. In addition, the New York Department of Financial Services (NY DFS) recently released guidance for New York insurance organizations with their Report on Cybersecurity in the Insurance Sector. -
What insurance organizations can do now to prepare for state regulatory cybersecurity initiatives
Within the last several months, two significant insurance organizations have announced greater involvement in initiatives to reduce cybersecurity risk throughout the insurance industry. The New York State Department of Financial Services (NY DFS) released the results of its survey on cybersecurity practices and the National Association of Insurance Commissioners (NAIC) recently adopted a set of cybersecurity regulatory principles. -
Are captives right for you? A webinar overview of captive insurance company benefits and challenges
Baker Tilly's insurance industry specialists discuss if captive insurance companies could be a solution for your organization. -
Responding to a changing housing finance culture in America: Challenges and opportunities in 2015
How housing is financed has changed significantly in the seven years since the mortgage crisis, from tighter regulation and increased oversight to shifts in housing needs and our country’s cultural dynamics. What role do banks, local not-for-profits, and individuals play in the ever evolving mortgage and housing markets? -
State and local governments are not immune from cyber-attacks
As the holders of sensitive information and the provider of essential human services, state and local governments should be concerned about cybersecurity. -
Final Basel III capital rule will affect community banks
The final rules for the Basel III international capital accord, which will be phased in between the beginning of this year and 2019, include some relief for community banks. There are also some changes that affect the capital standards and reporting for community banks. -
Own Risk and Solvency Assessment becoming key part of regulatory framework for US insurers
2015 marks the first year that an ORSA Summary Report must be filed with an insurer’s state of regulatory domicile. Some state regulators have already notified companies of the report due date, while other states have not. Regardless, all insurance companies that exceed the $500 million written premium threshold should be preparing the first drafts of their reports. -
Enterprise risk management for your not-for-profit organization
This ERM webinar takes you into the practical application of establishing a formal ERM program in your not-for-profit organization. -
As technology advances – are you at risk?
When you don’t properly secure your IT infrastructure, risk is sure to follow. -
Cybersecurity: Stay ahead of an evolving landscape
While safeguarding information assets is not a new business objective, cybersecurity has emerged as an area of critical concern for executives and boards of directors. As organizations’ key business operations have become more technology-reliant, they also have become more vulnerable to a cyber-attack. -
Enterprise Risk Management: Developing, implementing, and sustaining an effective ERM program
This Enterprise Risk Management, or ERM, webinar takes you into the practical application of establishing a formal ERM program in your utility. -
Understand changes made to the trust services principles for SOC 2 reporting
Understand the framework underlying a SOC 2 report and learn what principles your organization should have examined. -
Internal Controls 2014 Webinar
Baker Tilly's financial services industry specialists review internal controls best practices in the Internal Controls 2014 webinar. -
Understanding changes to the Trust Services Principles for SOC 2 reporting
A SOC 2 report is an independent examination of a service organization’s controls over its system’s security, availability, processing integrity, confidentiality, and privacy. -
Not-for-profit improves IT effectiveness with technology risk professionals
Baker Tilly addressed IT challenges to increase efficiency across mission critical operations. -
Manage mobile device risks holistically
Mobile devices transform the way your organization serves customers and generates business, as well as communicates with your employees and stakeholders. These same devices bring new and increased risks to your organization’s data, competitive advantage/intellectual property, and reputation. Managing these risks requires a holistic approach, which goes beyond just securing the software on a device. -
ORSA – Why should exempt companies care?
Over the last few years the NAIC has established its expectations for insurance companies to maintain a risk management framework and conduct an Own Risk and Solvency Assessment (ORSA), including the filing of an ORSA Summary Report with state regulators. In 2012, the NAIC issued a Guidance Manual to provide insurers guidance with respect to reporting on ORSA, and later the NAIC adopted an ORSA Model Act. In 2012 and 2013 the NAIC conducted two separate feedback pilot projects and provided feedback and observations in a memo to the industry. -
Insurance outlook briefing: Charging ahead of recent developments in ORSA expectations
At the recent National Association of Insurance Commissioners (NAIC) Spring 2014 national meeting, two new documents were approved for release as exposure drafts: the Draft Own Risk and Solvency Assessment (ORSA) Guidance for Financial Analysts and the Draft ORSA Guidance for Financial Examiners. While the documents are intended to be guidance for insurance department financial analysts and examiners, the guidance provides a window into expectations for the future. -
A framework for auditing mobile devices
While mobile devices improve productivity and efficiency with increased mobility and functionality, they also, increase your risks, especially as worldwide laws and regulations regarding the privacy and security of data evolve. -
NAIC’s ORSA subgroup provides new feedback to the industry
The NAIC formally adopted the Own Risk and Solvency Assessment (ORSA) Model Act in September 2012, and the ORSA requirement for qualifying insurers will be effective January 2015. In an effort to improve guidance and regulation, the NAIC’s ORSA (E) Subgroup has completed two feedback pilot projects, one in June 2012 and the most recent in September 2013. -
Business continuity planning checklist
Business continuity planning can seem overwhelming when you first think about all you need to cover. Use this overview checklist to assist your organization in preparing for its planning process. -
Devising Plan B: What to do when (and before) disaster strikes
Too many banks prepare a business continuity/disaster recovery plan that collects dust on a shelf or ignores critical components. Plans aren’t tested or updated. They fail to plan for certain contingencies, such as a CEO who’s unavailable when disaster strikes. Federal and state agencies require a written business continuity and disaster recover plan. Smart business requires something more: a thorough plan that takes every contingency into account and is tested and updated regularly. -
ORSA: Common questions and answers
During and following the 2013 ORSA, insurance accounting, and financial reporting updates webinar, the Baker Tilly insurance team fielded several questions around ORSA – Own Risk Solvency Assessment. Here are some of the most common questions and answers. -
NAIC Risk Management and Own Risk and Solvency Assessment (RMORSA) Model Act Implementation for Insurance Companies
The paper will examine domestic and global insurer solvency requirements with a primary focus on the United States’ National Association of Insurance Commissioners’ (NAIC) Risk Management and Own Risk and Solvency Assessment (RMORSA) Model Act. In addition, this paper will provide industry guidance to small through midsized insurance companies that have recently breached or are close to reaching the $500 million of annual direct written and unaffiliated assumed premium. -
Manufacturing company successfully realigns its global control environment
Baker Tilly assists manufacturer with Sarbanes-Oxley compliance -
Managing risk appetite and tolerance in a dynamic banking environment
Today’s banking environment presents unprecedented challenges to successfully managing risk and establishing a platform for achieving predictable and sustainable earnings. -
Not-for-profit organization positions its focus to its highest risk areas
The board of trustees of a large organization expressed concern to management about whether the board was receiving information about their highest risk areas. The organization desired to objectively assess its most significant risks and ensure that risk mitigation plans were in place to address them. -
Strong financial management cuts fraud and increases profits
The realities of the economic recession related to the legal profession have resulted in what appears to be long term changes to the business model of law firms.