Conference Presentations


  • ISACA Ireland 2017 Annual Conference

    ISACA Ireland 2017 Conference logoAnother great year at the ISACA Ireland national conference in Dublin. Built on Basics, Running on Trust is an excellent theme for this year’s annual conference. All too often we forget about risk management fundamentals (Built on Basics) and trust that what we are doing is the right thing to do (Running on Trust). My session entitled Asset-oriented Risk Management explores a case study where placing blind faith in the enterprise risk management (ERM) process led to catastrophic results. We  explore an organization that had by all accounts a highly mature world-class ERM program. However, the organization had a minor flaw in their ERM process that nearly destroyed the organization. As risk practitioners, we must constantly challenge the status quo and ask ourselves;
    • Are we doing enough?
    • Are we doing the RIGHT things?
    • Just because we have always done it this way, is this the right thing to do?”
    • Are we running on trust (and being lucky) or are we really protected?

  • Joseph Mayo Presenting at ISACA Ireland 2015

    Joseph Mayo's presentation "Is Protecting the Balance Sheet Enough?" explores how organizational culture affects Enterprise Risk Management (ERM). Check back for updates on ISACA Ireland 2015 and to learn more about ERM and organizational culture.

  • Joseph Mayo presenting at RIMS2016

    Joseph Mayo's presentation "Is Protecting the Balance Sheet Really Enough?" explores the affect organizational culture on an organization's ability to manage Enterprise risk. The presentation analyzes a series of high profile Enterprise Risk Management (ERM) failures including product recalls, data breaches, and environmental disasters. The presentation offers ways for ERM to address safety risks and reputation risks while still protecting the balance sheet.

  • RIMS 2015 Conference Presentation

    Here is my RIMS 2015 presentation about the role of risk policy in Enterprise Risk Management (ERM).  Effective enterprise risk management (ERM) requires a policy that clearly establishes your organization’s risk tolerance. Organizational risk tolerance drives all aspects of ERM including risk governance, treatment strategies, prioritization, reserve budgets and risk management processes. This presentation explores specific tools and techniques that can be used to objectively quantify risk tolerance which, in turn, drives further elaboration of organizational risk policy.

  • Risk Scenarios

    risksyntax smallRisk scenario is an analysis technique consisting of five components that help people visualize and understand risks. The five components of a risk scenario are: actor, threat type, risk event, assets or resources, and time.  The actor is who or what generates the risk.  Actors can include internal staff, competitors, regulators, nature, and the market. Threat type describes the nature of the threat and can include malicious events, accidental events, natural disasters, equipment or process failures, and external requirements. The event is what causes project or organizational objectives to be impacted.  Events can include disclosure (e.g. confidential information), interruption (of services or production capability), theft, destruction, ineffective design, ineffective execution of processes, compliance or regulatory changes, and inappropriate use. Assets or resources are objects of value that can be affected by the event and lead to impact to project or organizational objectives.  Assets and resources include the organization, personnel, process assets, infrastructure (e.g. facilities, networks, equipment, communications), and information. There are two dimensions to the time component: duration of the event and timing of when the event occurs.