Archive | The GRC Pundit Blog

GDPR

GDPR Compliance Requires a Strategy Supported by Process, Information and Technology

As the years go by, there is increasing focus on the protection of personal information around the world. Over time we have seen US HIPAA, US GLBA, Canada’s PIPEDA, the EU Data Protection Directive 95/46/EC, and others around the world. The latest, most comprehensive, and the one that is the front and center of concern to organizations […]

Continue Reading 0
risk-fire

Risk Management by Design

The physicist, Fritjof Capra, made an insightful observation on living organisms and ecosystems that also rings true when applied to risk management: “The more we study the major problems of our time, the more we come to realize that they cannot be understood in isolation. They are systemic problems, which means that they are interconnected […]

Continue Reading 0
titanic

Monitoring and Managing Risk Effectively

Challenge to Boards, Executives, and Risk Management Professionals Organizations take risks all the time but fail to monitor and manage risk effectively. Further, risk management is too often seen as a compliance exercies and not truly integrated with decision making and objectives of the organization. A cavalier approach to risk-taking is a result of a […]

Continue Reading 0
Hand sketching Effort-Results graph with black marker. Minimum effort, maximum results.

Benefits of a Policy & Training Management Strategy and Architecture

The organization requires a policy and training management architecture that is context-driven and adaptable to a dynamic and changing environment. Compared to the ad hoc method in use in most organizations today, a policy and training management architecture enables better performance, less expense, and more flexibility.  Core technology capabilities to consider a policy management program […]

Continue Reading 0
Policy Capabilities

Policy Management Information & Technology Architecture

Policy & Training Management Information Architecture The policy and training management information architecture supports the process architecture and overall policy and training management strategy. With processes defined and structured in the process architecture, the organization can now get into the specifics of the information architecture needed to support policy and training processes. The policy and training […]

Continue Reading 0
Compliance2

Compliance Automation: The Role of Technology in Today’s Dynamic Organization

Compliance is not easy. Organizations across industries have global clients, partners, and business operations. Adding to the complexity of global business, today’s organization is dynamic and constantly changing. The modern organization changes by the minute. The dynamic and global nature of business is particularly challenging to compliance management. As organizations expand operations and business relationships […]

Continue Reading 0
Effective Policy Mgmt Lifecycle

GRC 20/20’s Effective Policy Management Process Lifecycle

The policy and training management strategy and policy is supported and made operational through the policy and training management architecture.  The organization requires complete situational and holistic awareness of policies and related training across operations, processes, employees, and third party relationships to see the big picture of policy and training performance and risk. Distributed, dynamic, […]

Continue Reading 0
hydra and policies

Uncontrolled Spreadsheets, Documents, and Emails, Oh My!

Business is complex. Exponential change in regulations, globalization, distributed operations, processes, competitive velocity, business relationships, and legal matters encumbers organizations of all sizes across industries. Like battling the multi-headed Hydra in Greek mythology, redundant, manual, and document-centric internal control management approaches are ineffective. As the Hydra grows more heads of regulation, legal matters, operational risks, […]

Continue Reading 0
Picture1

Developing a Policy Management Strategy

Organizations need a coordinated cross-department strategy for managing policies and training programs across the enterprise.  The goal is to develop a common framework and approach so that policies and training are understood and managed as an integrated whole rather than a dissociated collection of parts. Policies and training programs that are managed as dissociated documents, […]

Continue Reading 0
hydra and policies

Policy & Training Management Demands Attention

The Foundational Role of Policies in GRC Strategies Policies are critical to the organization as they establish boundaries of behavior for individuals, processes, relationships, and transactions. Starting at the policy of all policies – the code of conduct – they filter down to govern the enterprise, divisions/regions, business units, and processes. GRC, by definition (www.OCEG.org), […]

Continue Reading 0