Archive | The GRC Pundit Blog

Doubt-and-fear

GRC in Uncertain Times: 2016 and into 2017

In the past month there have been a lot of posts, articles, and discussion on the impact of Trump’s presidency on the GRC market, particularly compliance. Some fear that the need for compliance management within organizations is not going to be as strong as a Trump administration looks to deregulate. My perspective is that compliance management will […]

Continue Reading 0
how-to-identify-ubos-in-an-unpredictable-world-infographic

How to Identify UBOs in an Unpredictable World

Business operates in a world of chaos, where relationship risk is ever present. What’s the secret to understanding and identifying ultimate beneficial owners? The modern organization is an interconnected web of relationships and interactions that span traditional business boundaries. Complexity grows as these interconnected relationships and transactions layer themselves in intricacy. In this context, organizations struggle […]

Continue Reading 0
not_getting_what_you_need_from_vendor_risk_assessment_tips

The Role of Technology in Compliance Risk Management

Organizational exposure to compliance risk is rising while the cost of compliance soars. An ad hoc or reactive approach to compliance brings complexity, forcing business to be less agile. Organizations in the past have addressed compliance as singular obligations, resulting in multiple redundant initiatives working in isolation to respond to each obligation. These isolated compliance […]

Continue Reading 0
compliance-regulations

Compliance: An Integral Part of Risk Management

Increased regulatory and ethical pressures are transforming the traditional role of compliance. Compliance departments are taking on broader responsibility for ethics, compliance, corporate culture, and social responsibility. With greater frequency, they are moving out from under the legal department into a direct reporting relationship to the CEO and/or Board, particularly in highly regulated industries. Some […]

Continue Reading 1
iStock_000084890037_XXXLarge

Compliance and Risk Bear Down on the Organization 

Compliance in Dynamic and Distributed Business Compliance is not easy. Organizations across industries have global clients, partners, and business operations. The larger the organization the more complex its operations. Adding to the complexity of global business, today’s organization is dynamic and constantly changing. The modern organization changes by the minute. New employees come, others leave, […]

Continue Reading 0
itgrcbd

Complexities of IT GRC Hinders Organizations 

Organizations operate in a complex environment of risk, compliance requirements, and vulnerabilities that interweave through departments, functions, processes, technologies, roles, and relationships. What may seem as an insignificant IT risk in one area can have profound impact on other risks and cause compliance issues. Understanding and managing IT governance, risk management, and compliance (IT GRC) […]

Continue Reading 0
picture1

Policy Management Demands Attention

The Foundational Role of Policies in GRC Strategies Policies are critical to the organization as they establish boundaries of behavior for individuals, processes, relationships, and transactions. Starting at the policy of all policies – the code of conduct – they filter down to govern the enterprise, divisions/regions, business units, and processes. GRC, by definition, is […]

Continue Reading 0
Male GRC management professional presenting a virtual planning matrix in form of a jigsaw puzzle in his left palm of hand. Business concept for corporate governance, risk management and compliance.

Information Security in Context: The CISO as a Transformational Role in Risk Management

Information Security at the Center of Risk Chaos Inevitable Failure: Managing Information Risk in a Silo Organizations are complex. Exponential growth and change in technology, vulnerabilities, regulations, globalization, distributed operations, changing processes, competitive velocity, business relationships, legacy technology, and business data exposes organizations of all sizes. Keeping this complexity and change in sync is a […]

Continue Reading 0
iStock_000019711840XXXLarge

The GRC Economy

I am often asked, “What do you do?” My simple answer, that I do not like, is to say that I am a consultant. This does not always help as the next question is “What type of consultant?”, or “What do I consult on?” I end up having to explain that what I actually am […]

Continue Reading 0
itgrcbd

IT GRC Management by Design, New York

Organizations are complex. Exponential growth and change in technology, vulnerabilities, regulations, globalization, distributed operations, changing processes, competitive velocity, business relationships, legacy technology, and business data exposes organizations of all sizes. Keeping this complexity and change in sync is a significant challenge for information security professionals. Executives are constantly reacting to risk appearing around them and […]

Continue Reading 0