As the years go by, there is increasing focus on the protection of personal identity information around the world. Over time we have seen new regulations such as US HIPAA, US GLBA, Canada’s PIPEDA, the EU Data Protection Directive 95/46/EC, and others around the world. The latest, most comprehensive, and the one that is the front and […]
Business is complex. Exponential growth and change in regulations, globalization, distributed operations, changing processes, competitive velocity, business relationships, disruptive technology, and business data impedes organizations. Keeping complexity and change in sync is a significant challenge for boards, executives, as well as governance, risk management, and compliance (GRC) functions throughout the business. Business is no longer defined […]
I get a lot of inquiries from organizations looking for policy management platforms. Some for a department focused need (e.g., IT security, health and safety, Human Resources), others for a regulatory need (e.g., GDPR, FCPA), but most for an enterprise policy management strategy spanning the organization as it attempts to gain control of a Wild […]
Risk management fails when information is scattered, redundant, non-reliable, and managed as a system of parts that do not integrate and work as a collective whole. The risk management information architecture supports the process architecture and overall risk management strategy. With processes defined and structured the organization can now define the information architecture needed to […]
Organizations often lack a coordinated enterprise strategy for policy development, maintenance, communication, attestation, and training. An ad hoc approach to policy management exposes the organization to significant liability. This liability is intensified by the fact that today’s compliance programs affect every person involved with supporting the business, including internal employees and third parties. To defend […]
There is a broad array of governance, risk management, and compliance (GRC) related solutions available in the market. In fact, GRC 20/20 has catalogued and mapped over 800 technology solutions and over 300 content/intelligence solutions that organizations use to improve GRC processes in an effort to make them more efficient, effective, and agile. Navigating this array […]
The physicist, Fritjof Capra, made an insightful observation on living organisms and ecosystems that also rings true when applied to risk management: “The more we study the major problems of our time, the more we come to realize that they cannot be understood in isolation. They are systemic problems, which means that they are interconnected […]
Past compliance processes were bogged down in documents and technology silos, which led to laborious and costly processes to gather information and report on compliance risk. Compliance departments over-relied on spreadsheets, documents, and email that lacked an audit trail, creating a legal disaster since organizations lack a defensible position when it cannot prove compliance with […]
This is Part Two of a four-part blog series on ERM . . . To maintain the integrity of the organization and execute on strategy, the organization has to be able to see their individual risk (the tree) as well as the interconnectedness of risk (the forest). Risk management in business is non-linear. It is […]
Organizations take risks all the time but fail to monitor and manage risk effectively for the enterprise. A cavalier approach to risk-taking results in disaster, providing case studies for future generations on how poor risk management leads to the demise of corporations — even those with strong brands. Gone are the years of simplicity in […]
