Archive | The GRC Pundit Blog

The word 'Integrity' highlighted in green with felt tip pen

GRC Archetypes: Compliance & Ethics Management

Compliance and ethics has become a significant challenge for organizations across industries, geographies, and business boundaries. It is inundated with challenges such as anti-bribery and corruption, market conduct, conflict of interests, third party (e.g., vendor/supplier) compliance, code of conduct, and more. Organizations are struggling to deal with the pace of regulatory change. Not only from […]

Continue Reading 0

GRC Archetypes: Policy Management

Policy management is the capability to establish, manage, monitor, and enforce policies to reliably achieve objectives, while addressing uncertainty, and act with integrity across the organization (adapted from the OCEG GRC definition). Policies are critical to the organization to establish boundaries of behavior for individuals, processes, relationships, and transactions. Starting at the policy of all policies – […]

Continue Reading 0
3rd party word cloud

GRC Archetypes: Third Party Management

Third party management is the capability to reliably achieve objectives, while addressing uncertainty, and act with integrity in and across the organizations third party relationships/extended enterprise (adapted from the OCEG GRC definition). Brick and mortar business is a thing of the past: physical buildings and conventional employees no longer define an organization. The modern organization […]

Continue Reading 0

Diary of a Wimpy GRC Solution

I understand what it is like to be the underdog. In grade school and junior high I was the target to be picked on. The scrawny emotional kid that was an easy target. Things changed. In high school my Viking Danish DNA caught up and I became a more forbidding obstacle to be a target […]

Continue Reading 0
Carcassone, France - July 26, 2012: Medieval citadel of Carcassonne. Carcassonne is in the Aude department and chief town of the Languedoc-Roussillon region in the south-west France. Its historic center consists of a walled medieval citadel protected by UNESCO since 1997.

Three Lines of Defense: Enabling High Performing Organizations

Like battling the multi-headed Hydra in Greek mythology, redundant, manual, and uncoordinated governance, risk management, and compliance (GRC) approaches are ineffective. As the Hydra grows more heads of regulation, legal matters, operational risks, and complexity, scattered departments of GRC responsibilities that do not work together become overwhelmed and exhausted and start losing the battle. This […]

Continue Reading 0
risk management

Role of Technology in Risk Management Maturity

To maintain the integrity of the organization and execute on strategy, the organization has to be able to see their individual risk (the tree) as well as the interconnectedness of risk (the forest). Risk management in business is non-linear. It is not a simple equation of 1 + 1 = 2. It is a mesh […]

Continue Reading 0
Artboard 2-100

Do You Know Your Third-Party Risks?

Increasing Exposure to Third-Party Risks The Modern Organization is an Interconnected Mesh of Relationships Brick and mortar business is a thing of the past: physical buildings and conventional employees no longer define an organization. The modern organization is an interconnected mesh of relationships and interactions that span traditional business boundaries. Over half of an organization’s […]

Continue Reading 0

Pitfalls in GRC Software Selection and RFPs

There is a broad array of governance, risk management, and compliance (GRC) related solutions available in the market. In fact, GRC 20/20 has catalogued and mapped over 800 technology solutions and over 300 content/intelligence solutions that organizations use to improve GRC processes in an effort to make them more efficient, effective, and agile. Navigating this array […]

Continue Reading 0
Overwhelmed businessman concept.  Please see my portfolio for other concept images.

Increased Pressure to Control Spreadsheets and Documents

Pervasiveness of End User Computing Brings Risk Use of end user computing applications such as spreadsheets, emails, and other document types has revolutionized how technology creates value for organizations. However, this brings a significant challenge to govern and control information and technology in a distributed and dynamic environment. Organizations are facing increased pressures from regulators […]

Continue Reading 0

Gartner: Missing the Risk & Compliance (GRC) Target

Gartner, in context of governance, risk management, and compliance (GRC) related research, is ignorant and harmful to organizations that rely on their research publications and advice. In full disclosure, Gartner is my competitor. I have been an analyst for seventeen of my twenty-four years as a GRC professional. I spent seven years at Forrester Research, […]

Continue Reading 0