Author Archive | The GRC Pundit

Leveraging Data Classification to Enable GDPR/CCDP Data Subject Requests

Regulatory requirements are driving organizations to clearly define processes to manage personal data requests from data subjects [1], which in turn requires clear data classification and disposition controls in the environment. Chief among these regulations is the EU Global Data Protection Regulation (GDPR) but following suit later this year is the California Consumer Privacy Act (CCPA). A […]

Continue Reading 0

Managing Risk Across Third-party Relationships

Organizations are an intricate organism of complex relationships. The modern organization does not operate in isolation, but as part of an ecosystem of interactions with third parties. The physicist, Fritjof Capra, made an insightful observation on living organisms and ecosystems that also rings true when applied to third-party risk management: “The more we study the […]

Continue Reading 0

Are Your Policies a Mess? A Maze of Confusion?

Effectively managing policies is easier said than done. Ad hoc or passive approaches mean that policies are outdated, scattered across the organization, and not consistent– resulting in confusion for recipients and a nightmare to manage. Organizations often lack a complete inventory of policies as so many departments have gone in different policy directions. Further, there […]

Continue Reading 0

Maintaining Internal Controls in Dynamic and Distributed Business

Organizations operate in a field of risk landmines. The daily headlines reveal companies that fail in risk, compliance, and internal controls. Business today is complex in its operations and corresponding internal control obligations. Adding to the complexity of global business, today’s organization is dynamic and constantly changing. The modern organization changes by the minute. The […]

Continue Reading 0

2019 GRC User Experience Award Nominations

GRC 20/20 is accepting nominations for the 2019 GRC User Experience Awards! Governance, risk management and compliance (GRC) is a part of everyone’s job. Too often we shovel GRC into the bowels of the organization thinking it is the responsibility of the obscure and behind-the-scenes individuals in the back office of GRC in the organization. […]

Continue Reading 0

Operational Resiliency: Connected Management of Operational Risk

I am sitting in a pub in London having a pint after an intense week of interactions with organizations. My mind is laser focused on the burning issue of the day: operational resiliency. The FCA, PRA, and Bank of England have recently released a discussion paper focused on the need to build greater operational resilience in organizations. This challenge […]

Continue Reading 1

Follow by Email