ABSTRACT
Introduction e twenty-first-century view of risk management is of an industry that has blossomed worldwide with standards and certification organizations supported by national regulations, conferences (in the best of locations), and supporting consulting and audit enterprises. e message is heard far and wide of the importance of efficient risk management, and more critically, the price to be paid for poor or absent risk management. e appropriate term is governance, which broadly addresses establishing, managing, and monitoring business processes towards the organizational goals [1]. Virtually every executive at and above “C-level” understands the significance and has been exposed to risk management governance frameworks and implementation schemes. In this century, which began with the post-year 2000 (Y2K)/post-September 11, 2001 (9-11)/post-modern-internet decade (all rolled into one!!), the recognition that information is an organization’s second most important asset-its human resource is first!!—began to dawn on those executives and leaders. Many had assumed that the worst was over after correcting dates because of Y2K-or really over after the response to the assaults on our nation on 9-11-or really and truly over after HIPAA privacy and/or Sarbanes/Oxley requirements had been checked off, only to find out that all vital records had been stolen/altered/destroyed and posted for sale or ransom on an untracked foreign website [2].
