Archive | The GRC Pundit Blog

Spreadsheets are inadequate for risk and compliance assessment questionaires

My two cents – if you are relying on spreadsheets (or for that matter word processing documents) to survey and gather risk and compliance information you have a problem. This in and of itself is a control issue that should be flagged. Spreadsheets are a thorn in the flesh of risk and compliance. I have […]

Continue Reading 0

SAP Delivers on GRC Vision

Last week was an exciting week – three events converged in an action packed week in Orlando: I did a live webcast on Measuring the Ethical Organization with the Institute of Internal Auditors from their headquarters in Florida; Archer Technologies had their User Summit – it has been a pleasure to see Archer grow and […]

Continue Reading 0

What is IT GRC?

Confusion leads to chaos. One area of confusion is IT-GRC. Major analyst firms are in a hubbub trying to get their arms around IT-GRC. IT security vendors are pulling in many directions trying to get IT-GRC to be defined to cover their respective niche. Others are lobbying to define IT-GRC as everything technology that relates […]

Continue Reading 0

Getting It Right

One of my pet peeves in the GRC space is the misuse of words. I frequently have vendors come to me and tell me that they are an enterprise risk management solution – when in fact it is obvious that what they are doing is something specific like IT risk management. My response to these […]

Continue Reading 0

GRC 2.0 – The GRC.EcoSystem

GRC 1.0 – it was a good start. When I originally defined the GRC market, unlike other analysts, I had a holistic view of business processes in mind that needed to participate in a GRC vision and strategy.  The goal was to make sure that GRC was not limited to SOX/finance or IT.  GRC needed […]

Continue Reading 0

GRC Gripes

It has been nearly four years since I originally defined the GRC market for professional services and technology solutions.  While PricewaterhouseCoopers was the first (to my knowledge) to use the acronym GRC, I was the first industry/market analyst to define a market for products and services and call it “GRC.” In fact: I have been […]

Continue Reading 0

Understanding GRC

Governance, Risk, and Compliance can each be confusing to understand in their individual capacities – bring them together as GRC and it can be even more confounding. GRC is more than a catchy acronym used by technology providers and consultants to market their solutions – it is a philosophy of business. This philosophy permeates the […]

Continue Reading 0

Why Integrity?

Integrity is a mirror revealing the truth about an individual or a corporation. It involves walking the talk — not just talking it. On a personal level, integrity is measured by what an individual does and does not do when no one is looking. Do they hold to their values, beliefs, and ethics? Or do […]

Continue Reading 0