Archive | The GRC Pundit Blog

Managing Risk Across Third-party Relationships

Organizations are an intricate organism of complex relationships. The modern organization does not operate in isolation, but as part of an ecosystem of interactions with third parties. The physicist, Fritjof Capra, made an insightful observation on living organisms and ecosystems that also rings true when applied to third-party risk management: “The more we study the […]

Continue Reading 0

GRC Take 2: Key Factors in Choosing a New GRC Vendor

Governance, risk management, and compliance (GRC) is something every organization does: it is part of business. Whether the organization calls it GRC, ERM, EHS, or something else…every organization has some approach to GRC. It can be completely manual, broken, and reactive or it can be optimized, aligned, and integrated. The key question is how can […]

Continue Reading 0

Are Your Policies a Mess? A Maze of Confusion?

Effectively managing policies is easier said than done. Ad hoc or passive approaches mean that policies are outdated, scattered across the organization, and not consistent– resulting in confusion for recipients and a nightmare to manage. Organizations often lack a complete inventory of policies as so many departments have gone in different policy directions. Further, there […]

Continue Reading 0

Maintaining Internal Controls in Dynamic and Distributed Business

Organizations operate in a field of risk landmines. The daily headlines reveal companies that fail in risk, compliance, and internal controls. Business today is complex in its operations and corresponding internal control obligations. Adding to the complexity of global business, today’s organization is dynamic and constantly changing. The modern organization changes by the minute. The […]

Continue Reading 0

Operational Resiliency: Connected Management of Operational Risk

I am sitting in a pub in London having a pint after an intense week of interactions with organizations. My mind is laser focused on the burning issue of the day: operational resiliency. The FCA, PRA, and Bank of England have recently released a discussion paper focused on the need to build greater operational resilience in organizations. This challenge […]

Continue Reading 1

Manage Your Privacy Journey: GDPR, CCPA & Beyond

I love adventures! Whether in a city or out in nature, it is exciting to go out and do things. Simple adventures do not require a lot of planning, but you still need to be prepared for the day. More complex adventures require a lot of planning, coordination and execution. In organizations, complex adventures also […]

Continue Reading 0

Efficient and Effective Third-Party GRC Management

Modern Organization: Interconnected Maze of Relationships Traditional brick and mortar business are a thing of the past. Physical buildings and conventional employees no longer define organizations. The modern organization is an interconnected maze of relationships and interactions that span traditional business boundaries. Layers of relationships go beyond traditional employees to include suppliers, vendors, outsourcers, service […]

Continue Reading 0

GDPR: Moving Forward Out of the Doldrums

I love sailing. It has fascinated me since I was in high school, but only recently have I taken up learning to sail. While I have not sailed across an ocean, I have read many accounts of sailors getting stuck in the doldrums. The area in both the Atlantic and Pacific Ocean near the equator […]

Continue Reading 0

Monitoring and Managing Risk Effectively

Organizations take risks all the time but fail to monitor and manage risk effectively. A cavalier approach to risk-taking is a result of a poorly defined risk culture. It results in disaster, providing case studies for future generations on how poor risk management leads to the demise of corporations — even those with strong brands. […]

Continue Reading 0

Understanding & Improving Governance, Risk Management & Compliance

Governance, risk management & compliance (GRC) is something an organization does and not something an organization buys. GRC, done properly, is what is achieved throughout the business and its operations. By definition, GRC is “a capability to reliably achieve objectives [governance] while addressing uncertainty [risk management] and acting with integrity [compliance].” (source: OCEG GRC Capability Model that GRC 20/20 has helped define and […]

Continue Reading 0

Follow by Email