Author Archive | The GRC Pundit

Policy Management Requires Attention

Policies: A Foundation in GRC Strategies Policies are critical to organizations as they establish boundaries of behavior for individuals, processes, relationships, and transactions. An organization must establish policy it is willing to enforce – but it also must clearly train and communicate the policy to ensure that individuals understand what is expected of them. GRC, […]

Continue Reading 0

GDPR in Third Party Relationships Stretches Resources

As the years go by, there is increasing focus on the protection of personal identity information around the world. Over time we have seen new regulations such as US HIPAA, US GLBA, Canada’s PIPEDA, the EU Data Protection Directive 95/46/EC, and others around the world. The latest, most comprehensive, and the one that is the front and […]

Continue Reading 0

Internal Control Management by Design

Business is complex. Exponential growth and change in regulations, globalization, distributed operations, changing processes, competitive velocity, business relationships, disruptive technology, and business data impedes organizations. Keeping complexity and change in sync is a significant challenge for boards, executives, as well as governance, risk management, and compliance (GRC) functions throughout the business. Business is no longer defined […]

Continue Reading 0

Critical Capabilities & Considerations for Evaluation of Policy & Training Management Platforms

I get a lot of inquiries from organizations looking for policy management platforms. Some for a department focused need (e.g., IT security, health and safety, Human Resources), others for a regulatory need (e.g., GDPR, FCPA), but most for an enterprise policy management strategy spanning the organization as it attempts to gain control of a Wild […]

Continue Reading 0

How Technology Enables Enterprise Risk Management

Risk management fails when information is scattered, redundant, non-reliable, and managed as a system of parts that do not integrate and work as a collective whole. The risk management information architecture supports the process architecture and overall risk management strategy. With processes defined and structured the organization can now define the information architecture needed to […]

Continue Reading 0

How to Purchase Policy & Training Management Platforms

Organizations often lack a coordinated enterprise strategy for policy development, maintenance, communication, attestation, and training. An ad hoc approach to policy management exposes the organization to significant liability. This liability is intensified by the fact that today’s compliance programs affect every person involved with supporting the business, including internal employees and third parties. To defend […]

Continue Reading 1

GRC Critical Capabilities and Purchasing Considerations

There is a broad array of governance, risk management, and compliance (GRC) related solutions available in the market. In fact, GRC 20/20 has catalogued and mapped over 800 technology solutions and over 300 content/intelligence solutions that organizations use to improve GRC processes in an effort to make them more efficient, effective, and agile. Navigating this array […]

Continue Reading 0

Components for Developing an ERM Strategy

The physicist, Fritjof Capra, made an insightful observation on living organisms and ecosystems that also rings true when applied to risk management: “The more we study the major problems of our time, the more we come to realize that they cannot be understood in isolation. They are systemic problems, which means that they are interconnected […]

Continue Reading 0

Technology Priorities for Compliance & Ethics

Past compliance processes were bogged down in documents and technology silos, which led to laborious and costly processes to gather information and report on compliance risk. Compliance departments over-relied on spreadsheets, documents, and email that lacked an audit trail, creating a legal disaster since organizations lack a defensible position when it cannot prove compliance with […]

Continue Reading 0

LinkedIn
Twitter
RSS
Follow by Email
Google+