Governance, risk management & compliance (GRC) is something an organization does and not something an organization buys. GRC, done properly, is what is achieved throughout the business and its operations. By definition, GRC is “a capability to reliably achieve objectives [governance] while addressing uncertainty [risk management] and acting with integrity [compliance].” (source: OCEG GRC Capability Model that GRC 20/20 has helped define and […]
For those of you on this list that know me on a personal level, I am a huge Tolkien fan. In fact, I am just a Master’s thesis away from my M.A. in Church History and the thesis is on the influence of Medieval theology, particularly Aquinas, on J.R.R. Tolkien and his works (my particular […]
Modern Organization: Interconnected Maze of Relationships No man is an island, entire of itself; Every man is a piece of the continent, a part of the main.[1] Replace the word ‘man’ with ‘organization’ and the seventeenth-century English poet John Donne is describing the post-modern twenty-first century organization. In other words, “No organization is an island […]
Like battling the multi-headed Hydra in Greek mythology, redundant, manual, and uncoordinated governance, risk management, and compliance (GRC) approaches are ineffective. As the Hydra grows more heads of regulation, legal matters, operational risks, and complexity, scattered departments of GRC responsibilities that do not work together become overwhelmed and exhausted and start losing the battle. This […]
Compliance used to be simpler. An organization was given a set of requirements and it had to check the boxes that it met the requirements and compliance was achieved. The complex nature of business today and the focus on information in the digital economy has driven compliance requirements to a new level of intricacy and […]
The UK Senior Manager’s Regime and Certification Regime (UK SMR/CR) is one of the most significant challenges financial services firms are facing right now. The Financial Conduct Authority (FCA) has recently announced that this regulation is going to be applied to all firms governed by the FCA: over 58,000 organizations. This is the governing regulation […]
The Gartner Integrated Risk Management (IRM) Magic Quadrant has been out a few weeks and I have been buried with inquiries from organizations asking my thoughts on it. While I initially was going to post my thoughts in this article right away, I have spent the past few weeks doing a lot of reflection and […]
Distributed and dynamic business requires the organization to take a strategic approach to issue reporting and case management. Organizations require complete situational and holistic awareness of issues, incidents, investigations, and cases across business operations and processes. This is best approached through structured and accountable processes enabled through an integrated information and technology architecture for issue […]
GRC 20/20 has seen many organizations take an enterprise perspective on aspects of GRC, such as Enterprise Policy Management, Enterprise Third Party Management, and, of course, Enterprise Risk Management. Over the past 18 months, GRC 20/20 has seen a growing demand for Enterprise Case Management which involves issue reporting (e.g., hotlines, management reports, complaints) and case […]
Policy management is a crucial component of a larger corporate governance, risk management, and compliance (GRC) program. Adherence to external regulations and instilling employee accountability starts with well-established organizational policies and procedures. In GRC 20/20’s recent workshop Policy Management by Design (Workiva hosted). Attendees from across industries came together to learn about policy management best […]
