The world around us is in a state of alarm. Hurricane after hurricane hits the Gulf of Mexico and Caribbean. Devastating earthquakes have hit Mexico. Geo-poltical tensions are playing themselves out in the United Nations and the news. A massive data security and privacy breach at Equifax. My home state of Montana (yes, I live in Wisconsin but was raised in Montana) has had one of its worst years of forest fires with nearly one million acres burned.
This all has leads organizations to rethink their approach to GRC, in particular the components of business continuity, environmental, health and safety, operational risk management, and even third party management as organizations look at continuity and security of supply chains and vendors. What is disappointing to me is how many organizations fail to take an integrated approach to these areas. It boggles my mind the number of business continuity programs that operate completely separate from an operational risk management program. Logic would only dictate that business continuity should be a critical part of an operational risk management strategy . . . yet organizations approach these as disconnected functions.
The greatest insight and awards of risk and control comes from an integrated information architecture that can see 360° contextual intelligence. That is the only way to connect the dots and see the big picture of interconnectedness and relationships of risk, control, and continuity.
GRC is an integrated capability to reliably achieve objectives [governance] while addressing uncertainty [risk management] and act with integrity [compliance] (definition from the OCEG GRC Capability Model). Organizations should carefully think through their overall strategy to Governance, Risk Management, and Compliance across the organization and look for ways to make it more efficient, effective, and agile in a dynamic, distributed, and disrupted environment.
As part of GRC 20/20’s research, we offer organizations looking for GRC solutions complimentary inquiry (email or phone) to navigate the hundreds of solutions in the market that GRC 20/20 has mapped and differentiates in capabilities. This is part of our research as we interact with organizations to help learn how GRC and it’s components. can be efficient, effective, and agile.
GRC areas for inquiries include:
Blueprint for an Effective, Efficient & Agile IT GRC Management Program REGISTER Workshop Abstract: Organizations are complex. Exponential growth and change in technology, vulnerabilities, regulations, globalization, distributed operations, changing processes, competitive velocity, business relationships, legacy technology, and business data exposes organizations of all sizes. Keeping this complexity and change in sync is a significant challenge for information security professionals. Executives are constantly reacting to risk appearing around them and fail to actively manage and understand the interrelationship of risk across the…
Analysis & Details on GRC Buying Trends & Needs 2017 has been the busiest year to date in the GRC market. GRC 20/20 has seen a record number of inquiries and RFPs across GRC domains in 2017 and forecasts increased activity into 2018. This research briefing provides a breakdown of GRC solution drivers, trends, and forecasting by geography, industry, type of GRC technology, and buyer persona. A detailed analysis of RFP trends and inquiries that GRC 20/20 has worked on…