Risk Management

This paper examines the risk externalities stemming from the size of institutions. The problem of excessive risk taking and their potential external consequences are taken as a case example. Assuming (conservatively) that a firm risk exposure is limited to its capital while its external (and random) losses are unbounded we establish a condition for a firm to be too big to fail. In particular, expected risk externalities' losses conditions for positive first and second derivatives with respect to the firm capital are derived. Examples and analytical results are obtained based on firms' random effects on their external losses (their risk externalities) and policy implications are drawn that assess both the effects of "too big to fail firms" and their regulation.

Cardiovascular risk is poorly managed in women, especially during the menopausal transition when susceptibility to cardiovascular events increases. Clear gender differences exist in the epidemiology, symptoms, diagnosis, progression, prognosis, and management of cardiovascular risk. Key risk factors that need to be controlled in the peri-menopausal woman are hypertension, dyslipidaemia, obesity, and other components of the metabolic syndrome, with the avoidance and careful control of diabetes. Hypertension is a particularly powerful risk factor and lowering of blood pressure is pivotal. Hormone replacement therapy is acknowledged as the gold standard for the alleviation of the distressing vasomotor symptoms of the menopause, but the findings of the Women's Health Initiative (WHI) study generated concern for the detrimental effect on cardiovascular events. Thus, hormone replacement therapy cannot be recommended for the prevention of cardiovascular disease. Whether the findings of WHI in older post-menopausal women can be applied to younger peri-menopausal women is unknown. It is increasingly recognized that hormone therapy is inappropriate for older post-menopausal women no longer displaying menopausal symptoms. Both gynaecologists and cardiovascular physicians have an important role to play in identifying peri-menopausal women at risk of cardiovascular morbidity and mortality and should work as a team to identify and manage risk factors such as hypertension.

This article examines dynamics of financial surveillance and risk-based regulation in the context of ongoing activities to combat money laundering and terrorist financing. Close analysis of the situation in the UK reveals entangled forms of co-regulation and ultimately co-production of surveillance that challenge ‘institutional boundaries’ of the state regarding policing and intelligence practices. It is argued that ongoing transformations in the anti-money laundering field reveal a dual movement that combines forms of indirect administration with a process of ‘neoliberal bureaucratization’.The article aims to show how current policies against ‘dirty money’ still paradoxically work on the basis of heterogeneous goals and misapprehensions between ‘professionals of security’ and ‘professionals of finance’.

Large transportation projects such as highways are expensive, complex, and dynamic in nature. Acquiring large investment capitals for these projects is always a major challenge for every nation. To solve this problem, Vietnamese government has called for the participation of private entities in the form of public-private partnership (PPP). Attracting private investors is a vital and challenging step for implementing PPP transportation projects in Vietnam. This paper examines the similarities and differences of risk perceptions of the public and private sectors for the investment of PPP transportation projects in Vietnam. Questionnaire surveys are used to collect data for assessing the likelihoods of occurrence and impacts of risk factors from 123 experienced professionals from both public and private entities. We found that the two most critical risk factors (CRFs) are land acquisition and compensation, and delay in project approvals and permits. The results from an independent sample t-test indicate the different risk perceptions of the public and private sectors for eight CRFs: (1) corruption, (2) change of project scope, (3) lack of transparency in bidding, (4) inflation, (5) payment issues, (6) inadequate feasibility study, (7) inappropriate allocation of responsibility and risk, and (8) fluctuation of interest rate. These eight CRFs are categorized into three major groups: the tendering process, commercial problems, and payment issues. These results can be used for establishing appropriate public policies to promote private investments in PPP transportation projects. Meanwhile, private investors would also have a better understanding of PPP transportation project development in Vietnam.

The Journal on Information Technology in Healthcare aims to improve the quality and safety of patient care, by encouraging and promoting the use of information technology (IT) in healthcare. The journal acts as a medium for the international exchange of knowledge and experience of the benefits of IT in healthcare. It publishes papers that educate healthcare professionals on the use of IT in clinical practice, and particularly papers that provide objective evidence of the benefits of IT in healthcare.

The purpose of this quantitative data analysis was to examine the relationship between industry type and information security risk-level among businesses in the United States.  This paper took into account collected business related data from 36 industry types.  Pattern recognition, bivariate linear regression analysis, and a one-sample t-test were performed to test the industry type and information security risk-level relationship of the selected business.  Test results indicated that there is a significant predictive relationship between industry type and risk-level rates among United States businesses.  Moreover, the one-sample t-test results indicated that United States businesses classified as a particular industry type are more likely to have a higher information security risk-level than the midpoint level of United States businesses.

Megaprojects are large, they are constantly growing ever larger, and more and more are being built in what has been called the biggest investment boom in history. This chapter serves as an introduction to megaprojects, and to The Oxford Handbook of Megaproject Management. First, megaprojects are defined and the size of the global megaprojects business is estimated. Second, drivers of the megaproject boom are identified, including monumentalism and the technological sublime. Third, ten things you must know about megaprojects are detailed, from their tendency to suffer from uniqueness bias to their overexposure to black-swan events. Fourth, the "iron law of megaprojects" is identified as a main challenge to megaproject management: "Over budget, over time, under benefits, over and over again." Finally, the main structure of the Handbook is set out as covering the what, the why, and the how of megaproject management, in terms of the challenges, causes, and cures that students of megaprojects must decipher to better understand and better manage megaprojects.

Actualmente las organizaciones que buscan permanecer en el futuro, deben hacer planeación estratégica en virtud de los cambio es que ocurren y lo vertiginoso de los mismos, es así que todas las organizaciones, llámense empresas privadas o públicas, instituciones paraestatales, organizaciones de la sociedad civil, centros educativos o fundaciones eclesiásticas, así como los tres órdenes de gobierno requieren de planear su porvenir en el corto, mediano y largo plazo, así como de aprovechar su trayectoria histórica y su legado cultural.

The ambition for this inaugural edition of The Oxford Handbook of Megaproject Management is to become the ultimate source for state-of-the-art scholarship in the emerging field of megaproject management. The book offers a rigorous, research-oriented, up-to-date academic view of the discipline based on high-quality data and strong theory. Until lately, the literature in this new field was scattered over a large number of publications and disciplines making it difficult to obtain an overview of the history, key issues, and core readings. Megaproject Planning and Management: Essential Readings, Vols. I-II (2014) assembled the key historical texts in the field. Now the Oxford Handbook of Megaproject Management has been designed to provide the most important contemporary readings. Taken together, the two books are intended to map out the best of what is worth reading in the megaproject management literature, past and present.

The recent attention to the situatedness and spatiality of finance has consequences for understanding financial risks. The focus on geofinance and financial ecology requires investigation in risk interdependences at all levels (individual, institutional and systemic) and across different countries and cultures. Financial risks relate to financial intermediation, execution of payments, financial protection, supply of financial products and smooth functioning of money. Perception and management of these risks can be distorted by behavioral biases, institutional risk cultures and interconnectedness within global financial networks. Modern financial technologies such as FinTech, RegTech, blockchain and digital currencies pose new challenges for risk management. Key words (5-10): behavioral biases, financial ecology, financialization, formalization of risk management, geofinance, individualisation of risk, systemic risk, radical uncertainty, risk cultures, risk perception Glossar: Behavioural biases: Cognitive distortions that causes people to put disproportionate weight in favour of or against one issue or person. With regard to risk, behavioural biases lead to misperceptions of risk and potentially dangerous decisions. Financializaton: The term describes the historic trend of the disproportionate growth of the importance of the financial sector relative to the real economy. It is characterised by rising share of the financial sector in GDP, increasing usage of financial products and a growing complexity of financial instruments. Formalization of risk management: Process of the increased reliance of risk managers on mathematical tools and compliance rules while neglecting traditional heuristic methods. Though limiting their own discretionary scope, they justify their actions and decisions by resorting to "objective" numbers, models and regulations. Individualization of risk: Individuals increasingly bear the burden of risk and are compelled to make their own financial provisions against a whole host of risks (including unemployment, sickness and retirement). At the same time, individuals struggle to master risky situations due to the growing complexity of modern finance. Radical uncertainty: The decision-making situation characterized by lack of any quantifiable knowledge about some future occurrences. The notion of radical uncertainty is in stark contrast to the term "risk", which assumes that not only possible future outcomes are known in the present but also their probabilities. Risk attitude: The willingness of someone to take risks. Socio-demographic factors play a large role explaining differences in risk attitudes. Risk culture: System of attitudes and behaviours present in an organization that shapes risk decisions made by management and employees. Risk perception: The way a person subjectively estimates and "feels" about risk. It can be heavily distorted by behavioural biases. Systemic risks: Possible disturbances of a financial system that may lead to its entire breakdown. They are endogenous, i.e. result from the interconnectivity of financial actors and institutions and are amplified by feedback mechanism among them. Varieties of capitalism: Framework for analysing the institutional similarities and differences among the developed economies.

Nowadays, access to reliable information has become an essential factor leading to success in business. In this regard, adequate security of information and systems that process it is critical to the operation of all organizations. Therefore organizations must understand and improve the current status of their information security in order to ensure business continuity and increase rate of return on investments. Since, information security has a very important role in supporting the activities of the organization and for this reason; it is needed to have a standard or benchmark which controls governance over information security. Hence, this paper discusses some of Information Security Management System (ISMS) standards in order to determine their strengths and challenges. Then, based on most appropriate standards in the field, a method is proposed to allow information technology-related or based enterprises to implement their ISMS. This method helps identifying critical assets and related threats and vulnerabilities, assessing assets risks and providing necessary risk treatment plans. The proposed method makes it possible and structured to establish information security management system in IT related large-scale enterprises.

This Paper explores and summarises the Director's Duties of the UK Companies Act 2006 with emphasis on "the duty to promote the success of the company.

Tags:
Companies Act 2006 model articles, Companies Act 2006 summary
companies act 2006 pdf
companies act 2006 model articles
companies act 2006 regulations 2013
Companies Act 2006 UK
UK Companies Act 2006

Structural models for pricing credit risk can be used to forecast the spread on risky bonds and for hedging credit risk. This article examines the forecasting accuracy of the Black -Scholes -Merton (BSM) model of risky debt using a data set consisting of weekly bond data for First Interstate Bancorp over the period January 1986-August 1993. In addition, structural model hedge parameters and credit spread options are tested for their effectiveness in hedging the increasing credit risk premium on First Interstate Bancorp debt. Credit spread options in combination with a duration hedge offer the best hedging strategy, reducing the standard deviation of the hedging error by a minimum of 84%. D

Company data became more complicated and vulnerable with the increase in the number of users. In spite of company policies and procedures being implemented, it is still not enough to address the access control gaps stated in ISO 27002 Section 9. The access control gap that will be address in this research is Insider Threat particularly to mitigate Negligent Insider. Security experts identified Negligent Insider as the most prevalent IT security threat. There are different ways on how an employee can be considered as negligent. Gaining access to unauthorized data, data sabotage, and loss of company laptop is among them. As of 2014, there have been more than 4,000 breaches for nearly 1 billion records and these numbers grow daily. If not address properly, this can cost unnecessary expense and possible loss of client trust to an organization. Worst, it can even end up in bankruptcy.

The objective of this research is to address Negligent Insider by creating an Identity and Access Management (IAM) Framework having Risk based approach. This Framework will be aligned with ISO 27002 and will not aim to replace it. Instead, it will serve as supplementation to address Negligent Insider. In creating the output, Identity Framework (ISO/IEC 24760) will be mapped to Risk Management Framework (ISO/IEC 27005). From the mapping, an IAM Framework will then be created to serve as guide in addressing Negligent Insider. Upon the creation of an IAM Framework, the result of this research will be an added contribution in seeking ways on how Negligent Insider can be address in an organization to protect data integrity and provide cost efficient measures to the organization.

Most of the tension resides between

1) Embedded, complexity-minded, multiscale/fractal localism (politics as an ecology/complex adaptive system),
and
2)  Abstract one-dimensional universalists and monoculturalism (politics as a top-down engineering project).

We go beyond the verbalism; we rely on information theory,  complexity theory, uncertainty approaches (say fragility), and probabilistic rigor to look at politics with the same eyes as we examine highly dimensional interactive elements such as nature, biological systems, internet networks, and medical issues.

Background. Business Continuity Management (BCM) is a response of management practitioners to the risk appearing in a turbulent environment. Recent publications consider BCM in pragmatic categories often deprived of its embedding in management science.
Research aims. The paper enters into a discussion of the essence and status of Business Continuity Management (BCM) in management sciences. It includes considerations of the following constituent subjects: the notion of BCM, Evolution of BCM, formal status of BCM in perspective of management science, directions of current BCM research.
Method. The argumentation presented in this paper is based on the critical analysis of the literature and synthesis. 
Key findings. It is recommended to base the attempt of defining BCM on elements indicating identity of the management domain. Currently, BCM orientation is holistic and its meaning is global and its formal status in management sciences can be specified from the point of view of the content and from the point of view of relations. Due to its crossfunctional character BCM maintains relations with several domains of management.

This Handbook / Guidance Note has been prepared to identify and flag issues a prudent underwriter ought to consider and evaluate relating to the steel industry risk selection, determination and calculation of loss estimates when deciding whether to accept a risk and, if so, on what terms.

This book explores the political process behind the construction of cyber-threats as one of the quintessential security threats of modern times in the US.

Myriam Dunn Cavelty posits that cyber-threats are definable by their unsubstantiated nature. Despite this, they have been propelled to the forefront of the political agenda. Using an innovative theoretical approach, this book examines how, under what conditions, by whom, for what reasons, and with what impact cyber-threats have been moved on to the political agenda. In particular, it analyses how governments have used threat frames, specific interpretive schemata about what counts as a threat or risk and how to respond to this threat. By approaching this subject from a security studies angle, this book closes a gap between practical and theoretical academic approaches. It also contributes to the more general debate about changing practices of national security and their implications for the international community.

Puji syukur kami penjatkan kehadirat Allah SWT, yang atas rahmat-Nya sehingga kami dapat menyelesaikan penyusunan makalah yang berjudul "Pengendalian Kualitas Sebagai Strategi Menghadapi Risiko Operasional ". Penulisan makalah ini merupakan salah satu tugas yang diberikan dalam mata kuliah Manajemen Risiko di Sekolah Tinggi Ilmu Ekonomi Indonesia Surabaya (STIESIA).

This paper discusses business continuity management (BCM) and its role in contemporary financial institutions. BCM is a nascent disaster preparedness and recovery strategy that seeks to protect vital business operations from disruptions. The paper traces contemporary BCM back to Cold War continuity of government planning, and shows how BCM came to understand security as continuity of processes rather than integrity of goods. BCM is prominent in finance because it promises to mitigate operational risks, and it focuses on risks stemming from interdependencies in financial infrastructures. By engaging with two events that triggered continuity management in banks, Hurricane Sandy in New York City and the 'Blockupy' demonstrations in Frankfurt, the paper highlights how BCM is challenged by large-scale disasters as well as acts of public criticism.

The construction project management is about quality, timely, and costly managing construction inputs and outputs. However, its achievement continues to present a major challenge to most large construction projects all over the world due to the high degrees of complexity and variability. For instance, delivery of construction projects has been adversely influenced by several drastic risks. A major and critical concern in the time scheduling process is the accurate determination of activities durations. This calls for a continuous improvement in the conventional techniques of estimating activity duration and in utilizing the deterministic scheduling.
This thesis presents a comprehensive analysis of activities duration of construction projects in the Middle East countries. The analysis was carried out on twenty construction projects including more than 125,000 activities with a total budget of about fifteen billions Egyptian Pounds (EGP) and comprising all engineering, procurement and construction (EPC) activities. The thesis seeks to bridge the gap between theory and application and to utilize      a probabilistic scheduling approach that yields reliable estimations of activity duration. The focus is to evaluate the actual behaviour of activities exposed to different types of risk and uncertainty and to derive regression models predicting activities’ durations categorized according to country, type of work, and to the Construction Specifications Institute (CSI) divisions.
First, previous research on the causes of delay and the probabilistic analysis of activities in developing and developed countries has been compiled and critically reviewed. This review indicated that there is no generally accepted Probability Density Function (PDF) to represent the activity duration through the simulation process. However, Beta and Triangular distributions were the mostly used PDF’s.
Then, activity and project durations of different projects such as hospitals, hotels, stadiums, highways, malls, and high rise buildings in Egypt, Kuwait, Saudi Arabia, UAE, Qatar and Oman were analysed. The analysis considered the estimated durations, the actual durations, and the budgets of the EPC activities. It also included the quantitative analysis of causes of delay on the performance of seven repetitive construction activities in a housing project that is composed of 1271 similar houses in Kuwait. Besides, statistical analysis and curve fitting of the estimated versus the actual durations of activities were conducted. In addition, the study developed predictive regression models to estimate the statistics of activities durations. Finally, a special program that uses the concluded PDF and regression models to predict the project’s overall durations at different levels of confidence was developed.
It is found that the three most influencing risks on the time performance of construction activities in Kuwait are: (1) inadequate planning and time scheduling; (2) slow financial and payment procedures; and (3) fluctuation of productivity levels. In addition, it is found that the best PDF to represent activities in construction projects is the lognormal distribution, while the second best PDF is the gamma distribution. Besides, it is shown that the normal distribution has the lowest level of confidence. Furthermore, it is found that as the estimated duration decreases, the relative duration slippage increases. The ratio of the highest, actual activity duration to the corresponding mean duration is always more than 4 for projects in the Middle East, which differs from that suggested in previous studies (1.25). As a general rule, the forecasted project’s overall duration- based on the proposed regression models and utilizing lognormal distribution- tends to be greater than that calculated using conventionally estimated activities. Nevertheless, validation tests showed that the forecasted projects’ durations are good estimates of the real ones. Consequently, these forecasted projects’ durations could oblige contractors to implement different methodologies and alternative plans to reduce the project’s duration.

The ART of Risk Management Nicht erst seit dem 11. September haben Lösungen des alternativen Risikotransfers /der alternativen Risikofinanzierung stark an Bedeutung gewonnen. Wir sprachen mit Chris Fischer Hirs von Allianz Risk Transfer und Rüdiger Seitz von Allianz Global Risks über die aktuellen Entwicklungen in diesem Bereich.

Honolulu is susceptible to coastal flooding hazards. Like other coastal cities, Honolulu&s long-term economic viability and sustainability depends on how well it can adapt to changes in the natural and built environment. While there is a disagreement over the magnitude and extent of localized impacts associated with climate change, it is widely accepted that by 2100 there will be at least a meter in sea level rise (SLR) and an increase in extreme weather events. Increased exposure and vulnerabilities associated with urbanization and location of human activities in coastal areas warrants serious consideration by planners and policy makers. This article has three objectives. First, flooding due to the combined effects of SLR and episodic hydro-meteorological and geophysical events in Honolulu are investigated and the risks to the community are quantified. Second, the risks and vulnerabilities of critical infrastructure and the surface transportation system are described. Third, using ...

In this article we discuss the medical diagnoses underlying the most common lawsuits involving pediatricians in the United States. Where applicable, specific and general risk-management techniques are noted as a means of increasing patient safety and reducing the risk of medical malpractice exposure.

In 1950 Markowitz first formalized the portfolio optimization problem in terms of mean return and variance. Since then, the mean-variance model has played a crucial role in single-period portfolio optimization theory and practice. In this paper we study the optimal portfolio selection problem in a multi-period framework, by considering fixed and proportional transaction costs and evaluating how much they affect a re-investment strategy. Specifically, we modify the single-period portfolio optimization model, based on the Conditional Value at Risk (CVaR) as measure of risk, to introduce portfolio rebalancing. The aim is to provide investors and financial institutions with an effective tool to better exploit new information made available by the market. We then suggest a procedure to use the proposed optimization model in a multi-period framework. Extensive computational results based on different historical data sets from German Stock Exchange Market (XETRA) are presented.

Abstract: In the context of the crisis of industrial modernity, adaptive capacity to new climatic and social-economic risks depends on the study of the perceptions and understan- ding that the involved actors have of those risks. Through interviews with family farmers from Argentina, Brazil and Uruguay, this paper describes how they perceive and respond to social-economic and climatic risks. Results confirm that social and perceptive barriers limit the understanding of climatic risks, which are experienced gradually and in the long term. Accordingly, farmers are not farseeing (“clarividente”) actors, and are thus unable to accurately foresee future climatic scenarios. On the other hand, beef producers from the South American Pampas do perceive family, economic and institutional risks threatening their productive activities and their livelihoods in a more direct, short-term manner, and do act to face them. This study confirms that the passage from risky situations to an effective  p...

Purpose-The purpose of this paper is to understand whether firms evolve towards more comprehensive postures of CSR and what strategic factors drive the change. Design/methodology/approach-The approach is deductive-inductive research based on six critical case studies and supported by extensive review of related literature. The paper provides historical analysis of six firms leaders in their industry (Nike, Shell, General Electric, 3M, CEMEX and IBM) combining primary and secondary data. Findings-Firms evolve over time towards more complex CSR postures. This evolution is driven by some key strategic factors. The article sets out a three-stage framework connecting CSR evolution and the strategic change factors. Practical implications-The paper provides managers with a framework to promote strategic CSR change in their organizations. Originality/value-The paper is a joint research study on the evolution of CSR and strategic drivers of change.

However, such differences between countries may be due more to differences in the medical systems rather than differences in the quality of patient care. The United States has a very different medical environment, partly because of the highly litigious nature of US culture. 2 The fear of being sued may reduce the incidence of hindsight bias3 in US studies, since physicians may order more tests than are strictly necessary, which makes it more difficult for researchers such as Baker and associates to second-guess their decisions.

As modern information systems become increasingly business-and safety-critical, it is extremely important to improve both the trust that a user places in a system and their understanding of the risks associated with making a decision. This paper presents the STRAPP framework, a generic framework that supports both of these goals through the use of personalised provenance reasoning engines and state-of-art risk assessment techniques. We present the high-level architecture of the framework, and describe the process of systematically modelling system provenance with the W3C PROV provenance data model. We discuss the business drivers behind the concept of personalizing provenance information, and describe the STRAPP approach to enabling this through a user-adaptive system style. We discuss using data provenance for risk management and treatment in order to evaluate risk levels, and discuss the use of CORAS to develop a risk reasoning engine representing core classes and relationships. Finally, we demonstrate the initial implementation of our personalised provenance system in the context of the Rolls-Royce Equipment Health Management, and discuss its operation, the lessons we have learnt through our research and implementation (both technical and in business), and our future plans for this project.

Groundwater resources are traditionally overexploited in arid and drought-prone regions with profitable irrigated agriculture, and the depletion of this groundwater results from a combination of the physical scarcity of surface sources and the lack of effective control of use rights on the part of water authorities. This is the case in the Segura River Basin of southern Spain. As a result, drought risks and structural deficits have steadily increased over the last 50 years. The Drought Management Plan recently approved by the Segura River Basin Authority aims to enforce more stringent water supply restrictions from surface sources, but the plan does not include any explicit policy to handle illegal groundwater abstraction. By using a stochastic risk assessment model, this paper shows that the implementation of the drought plan will increase the expected irrigation deficits of surface water and can, paradoxically, lead to higher drought and aquifer depletion risks than the traditional rules that the new plan replaces.

As the power business is moving into new territory with market deregulation, there is a need for expressing a view on financial and physical risks. By means of an example published earlier in this magazine, we discuss what could be appropriate measures of risk for a producer. In the article by M.V.F. Pereira, et al. "Managing Risk in the New

Managing risks in construction projects has been recognised as a very important management process in order to achieve the project objectives in terms of time, cost, quality, safety and environmental sustainability. However, until now most research has focused on some aspects of construction risk management rather than using a systematic and holistic approach to identify risks and analyse the likelihood of occurrence and impacts of these risks. This paper aims to identify and analyse the risks associated with the development of construction projects from project stakeholder and life cycle perspectives. Postal questionnaire surveys were used to collect data. Based on a comprehensive assessment of the likelihood of occurrence and their impacts on the project objectives, this paper identifies twenty major risk factors. This research found that these risks are mainly related to (in ranking) contractors, clients and designers, with few related to government bodies, subcontractors/suppliers and external issue s. Among them, "tight project schedule " is recognised to influence all project objectives maximally, whereas "design variations ", "excessive approval procedures in administrative government departments", "high performance/quality expectation", "unsuitable construction program planning", as well as "variations of construction program" are deemed to impact at least four aspects of project objectives. This research also found that these risks spread through the whole project life cycle and many risks occur at more than one phase, with the construction stage as the most risky phase, followed by the feasibility stage. It is concluded that clients, designers and government bodies must work cooperatively from the feasibility phase onwards to address potential risks in time, and contractors and subcontractors with robust construction and management knowledge must be employed early to make sound preparation for carrying out safe, efficient and quality construction activities.

The concept of covert channels has been visited frequently by academia in a quest to analyse their occurrence and prevention in trusted systems. This has lead to a wide variety of approaches being developed to prevent and identify such channels and implement applicable countermeasures. However, little of this research has actually trickled down into the field of operational security management and risk analysis. Quite recently a number of covert channels and enabling tools have appeared that did have a significant impact on the operational security of organizations. This paper identifies a number of those channels and shows the relative ease with which new ones can be devised. It identifies how risk management processes do not take this upcoming threat into account and suggests where improvements would be helpful.