Discover and read the best of Twitter Threads about #grc

Most recents (15)

Most of the #ERM Units / Desks at banks hire Actuaries as Quantitative Risk Experts in either the front or the middle offices.
However, to be a CRO, you ideally ought to know the business model risks, credit underwriting risks (if you are working at a Commercial Bank),
the governance, risk and compliance issues, IT/Data and Cybersecurity related Risk Issues, risk culture, risk attitudes, risk conduct and risk change management processes, DRP and BCP, and the Non -Financial Operational Risks in addition to quantifiable risks such as Credit,
Market and Liquidity Risks that exists across financial markets and asset class/es.
Read 10 tweets
What is better in a banking career, risk management or internal audit?
Difficult question.

Depends on where you are and what you have studied in the past?
Risk, is an emerging area, within the first world. Just visit the financial careers website to check out the jobs in Citi and elsewhere.
Read 14 tweets
I still don't know why so many IAD Officials detested my work at some firms where I was chosen to work as a CRO/ Lead Risk Consultant?
After all, the Risk Desk and the IAD should work as partners, but, I do feel there is an unspoken rivalry between these two lines of defence.
Turfs warfare?
Internal Audit was the bespoke risk management desk before Risk Desks were set up by the corporate boards across the globe.
Auditing and Credits Departments at Banks are bigger adversaries of Risk as an independent reporting function compared to the business desks.
You can add #CFO in charge of Finance to the list of another back-office function/ department which hates to work with the #CRO, Chief Risk Officer.
I remember my encounter with a Head of Finance at a bank, who insisted on computing capital charges & CAR using @BIS_org weights
Read 5 tweets
Hey GRC and Risk management cyber security professionals.

You just received a SOC 2 report, what are you supposed to look at? What is the important stuff behind all that CPA language? A thread..
There are really three areas you should focus your review on.

1. The opinion (Pass/Fail)
2. Section 3 (Description of the system)
3. Control testing
The Opinion: In Section 1 (Independent Auditors Report), you will find the auditors' opinion, which is their Pass/Fail determination in the audit. Examples:

Unqualified = No issues identified.
Qualified = 1 or more issues, not that big of a deal.
Adverse = Holy sh*t, really bad
Read 8 tweets
Many students doing basic mathematics cannot distinguish between #iteration, #simulation, and #emulation as different methods of experiment design.
Even further surprised why so many students don't know the similarity and the difference between computation and calculation.
These are some of the basic mistakes which one, embedded into the mind, will work their way right into a workplace and destroy our educational foundations
For, e.g. when I was teaching Introduction to FRM Financial Risk Management, I noticed many students thought they are three different types of VaR - Value at Risk.
What they didn't realize is that VaR can be computed using different models aka methodologies, namely, HS, VCV, MCS.
Read 10 tweets
What should I know about risk management for a job interview with an asset management and securities brokerage firm?
@IOSCOWIW @efc_global @MarketIntegrity @GARP_Risk
You need to know everything about Capital Markets at least.

Investment Banking and Asset Management Sector /brokerage require an exceptional understanding of debt and equity market instruments and asset classes.
Sound knowledge of derivative markets will add to your CV.
Read 15 tweets
Every socio-economic, political, legal, natural disaster, man-made disaster, or another process, which leads to a negative outcome must be recorded and taxonomized as an incident having material or near-miss risk characteristics, in the right category box in the risk register.
Modern #ERM & Traditional Risk Management are getting more and divided.
ERM is not just about Operational Loss Management and Materiality Assessment based on Assurance and Risk Review drove Internal Controls and Testing, but, it goes beyond that!
@IASassociation @TheIIA @BIS_org
More and more #Analytics is being used in both Auditing and Risk management, to understand the organizational dynamics of commercial strategy and the vulnerabilities associated thereof.
Especially the design, inserting and removal of Internal Controls is an analytical exercise.
Read 19 tweets
Which are some stylized failures of Risk Management?
It is the only subject when turned into a profession, which fails to deliver in SVA terms in most of the cases, as witnessed now outside the Insurance Sector
Insurance is a different game because the profession is led by well-trained quantitative professionals such as Actuaries
Why it has not worked well outside the Insurance Sector/s?
The multiple reasons for the failure of Risk Management and Auditing Departments at firms could be the following =>
Read 20 tweets
Which are some interesting stylized facts about Risk Management and IAD Failures across global corporations?
@PRMIA @GARP_Risk @BIS_org
Quantitative Risk Management when turned into a profession, does not work in reality in most cases, as witnessed now outside the Insurance Sector!
Insurance is different because the profession is led by well-trained quantitative professionals such as Actuaries!
The multiple reasons for the failure of Risk Management and Auditing Departments at firms could be the following =>
Read 19 tweets
Is doing a graduate degree in risk management and insurance worth the money? Why?
@GARP_Risk @actuarynews
#riskmanagement is a broad area which can offer various lucrative roles, especially in the financial sector.
They are a lot of risk management degrees available in the market.
Which one would you like to study?
And where it is being offered?
If the degree will focus more on Insurance Underwriting Management and related Risk Financing Courses, I won't advise you to do such a qualification.

The scope of such a degree won't go beyond Life and P&C Insurance Firms.
Read 15 tweets
How difficult is to move from wholesale banking credit risk modelling (8 yrs of experience) to operational risk?
@GARP_Risk @actuarynews @actuarialpost @TheActuaryMag @jbhearn
Credit risk modelling as per @BIS_org Guidelines (FIRB and AIRB) is different from OR - Operational Risk Modeling because the methodological concepts, logic and applications have contrasting operating characteristics.
Operational risk models generally require a Compound Poisson, Lognormal, Negative Binomial, Binomial, Weibull or any mixture distribution(for e.g. a bi-modal shaped distribution which represents both severity and frequency of internal and external loss data sample sets)
Read 22 tweets
So, because I’m tired of Coronatweets, and I’m stuck on a 3 hour plane and don’t want to do real work, I thought I’d distract you with some general thoughts on this year’s Eurovision songs, in my first #ESC2020 thread of the year
Not all the songs are out so far, but enough now to start forming opinions, and in general, this is going to be an awesomely amazing year. A much better showing all round than 2019, and possibly better than 2018 levels. Videos are here:…
Retro is big this year. From random cassettes and floppies in #GEO 🇬🇪 to pixel art in #ISL 🇮🇸 to... whatever you want to make of #RUS 🇷🇺... Retro has made a comeback
Read 14 tweets
@charliekiss @Tara_Hewitt 1/ You are aware that NHS trust patient databases have, for some time now been required to have fields disclosing transition? Not the central one of all names, addresses, phone numbers, NHI number, & GP, fortunately though. I think I've avoided being so recorded, have you?
@charliekiss @Tara_Hewitt 2/ They did try to get it as required information in all electronic referrals, but we stopped that, but there's a national advisory committee run by all all the royal colleges pushing for it. It is likely the data from Equality Monitoring forms is used to fill gaps in the records
@charliekiss @Tara_Hewitt 3/ As you know, NHS records show current gender; they added a "Sex at Birth" field, which is labelled as "this will normally determine medical treatment". Yes, Really. They got that in without testing, consultation, or notice. I'd love to know what @UKTELI has done about it.
Read 7 tweets
The most stunning revelation of #WNTTDevon came in the excellent chat after the outstanding event itself, although there were plenty of new (to me) and shocking facts from the speakers. I hope you’ll correct me if I have misunderstood.
I’d known that the GRC allowed the applicant to have their birth certificate legally falsified to show their sex as the opposite one to their birth and that the process was sealed so the public weren’t allowed to view the original certificate.
What I learned is that there is, apparently, no central record of the original name and sex of the person who has now stepped clean from the ordure of their past, all sins expunged, no questions asked.
Read 8 tweets
Holy crap. Gemalto's IDPrime.NET cards - the ones they tout being Windows native compatible - are suscept. to factorization.
1) Researchers have found a process to duplicate a PRIVATE key just from the PUBLIC key. This is big.

And cheap, for a 1024bit key.
2) Gemalto are a large mfgr of smartcards. Their IDPrime.Net cards are popular because they work with Windows w/o extra software
Read 12 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!