Archive | The GRC Pundit Blog

CONTROL word cloud, business concept

Internal Control Management by Design

Business is complex. Exponential growth and change in regulations, globalization, distributed operations, changing processes, competitive velocity, business relationships, disruptive technology, and business data impedes organizations. Keeping complexity and change in sync is a significant challenge for boards, executives, as well as governance, risk management, and compliance (GRC) functions throughout the business. Business is no longer defined […]

Continue Reading 0
policy forest

Critical Capabilities & Considerations for Evaluation of Policy & Training Management Platforms

I get a lot of inquiries from organizations looking for policy management platforms. Some for a department focused need (e.g., IT security, health and safety, Human Resources), others for a regulatory need (e.g., GDPR, FCPA), but most for an enterprise policy management strategy spanning the organization as it attempts to gain control of a Wild […]

Continue Reading 0
iStock-How-Technology-Enables-ERM-604x270

How Technology Enables Enterprise Risk Management

Risk management fails when information is scattered, redundant, non-reliable, and managed as a system of parts that do not integrate and work as a collective whole. The risk management information architecture supports the process architecture and overall risk management strategy. With processes defined and structured the organization can now define the information architecture needed to […]

Continue Reading 0
Picture1

How to Purchase Policy & Training Management Platforms

Organizations often lack a coordinated enterprise strategy for policy development, maintenance, communication, attestation, and training. An ad hoc approach to policy management exposes the organization to significant liability. This liability is intensified by the fact that today’s compliance programs affect every person involved with supporting the business, including internal employees and third parties. To defend […]

Continue Reading 1
GRC-RFP

GRC Critical Capabilities and Purchasing Considerations

There is a broad array of governance, risk management, and compliance (GRC) related solutions available in the market. In fact, GRC 20/20 has catalogued and mapped over 800 technology solutions and over 300 content/intelligence solutions that organizations use to improve GRC processes in an effort to make them more efficient, effective, and agile. Navigating this array […]

Continue Reading 0
iStock-874277656-Key-Components-of-an-ERM-Strategy-604x270

Components for Developing an ERM Strategy

The physicist, Fritjof Capra, made an insightful observation on living organisms and ecosystems that also rings true when applied to risk management: “The more we study the major problems of our time, the more we come to realize that they cannot be understood in isolation. They are systemic problems, which means that they are interconnected […]

Continue Reading 0
iStock_000084890037_XXXLarge

Technology Priorities for Compliance & Ethics

Past compliance processes were bogged down in documents and technology silos, which led to laborious and costly processes to gather information and report on compliance risk. Compliance departments over-relied on spreadsheets, documents, and email that lacked an audit trail, creating a legal disaster since organizations lack a defensible position when it cannot prove compliance with […]

Continue Reading 0
iStock-667410224-keyboard-604x270

What Effective Risk Management Looks Like

This is Part Two of a four-part blog series on ERM . . . To maintain the integrity of the organization and execute on strategy, the organization has to be able to see their individual risk (the tree) as well as the interconnectedness of risk (the forest). Risk management in business is non-linear. It is […]

Continue Reading 0
iStock-584210406-1-604x270

Why Enterprise Risk Management (ERM) is Critical to Modern Business

Organizations take risks all the time but fail to monitor and manage risk effectively for the enterprise. A cavalier approach to risk-taking results in disaster, providing case studies for future generations on how poor risk management leads to the demise of corporations — even those with strong brands. Gone are the years of simplicity in […]

Continue Reading 0
The word 'Integrity' highlighted in green with felt tip pen

Compliance in Dynamic and Distributed Business

The hot topic for 2018 is certainly compliance. Compliance is more than adherence to laws and regulations, it is about the integrity of the organization to it’s ethics, values, social responsibility, policies, commitments, contracts, and controls. I have been stating for over a decade that the best executive title for a compliance executive is a […]

Continue Reading 2