Archive | The GRC Pundit Blog

Legal – the last (OK, perhaps I should state latest) technology frontier – to boldly go where no one has embraced technology before. So it would appear to an observer of the average corporate legal department. Corporate attorneys have been technology agnostics not willing to give up their legal pads and pens in exchange for […]

There certainly is a lot of activity in the GRC – governance, risk, and compliance – software market. This is due to companies coming out of budget freezes imposed on them in October as a result of the plunging economy. Buyer interest and buying has also started to recover as organizations begin to position themselves […]

  SAP continues to show thought leadership and growth in the GRC space as revealed in the GRC Insider conference last week. The conference itself is a combination of GRC, Financials, and Human Resources tracks put together for SAP users. The overall conference had over 2000 individuals in attendance with significant growth in GRC’s presence […]

Friend, Frédéric Bastiat in the 19th century could have been talking (see quote above) about the complexity of managing risk and compliance across business in the 21st century.  So often organizations look at the surface of a relationship and fail to see the significance and exposure that can cascade across the organizations causing severe damage to […]

The Titanic is a study in operational risk management. Unfortunately, many organizations are in the same state – they do not see a complete picture of the risks they face and therefore are ignorant of the significance of the aggregate of a lot of islands of operational risk. And when things did go wrong there […]

A respected friend, Charles Le Grand, recently posted this on a mailing list we belong to . . .    It is a fundamental problem between risk takers and those who would constrain risk to a prudent level.  For example, many young people take stupid risks with their money, lives, and health and say “See. […]

  The global economy is driving many organizations to develop enterprise risk management strategies.  Unfortunately for many they often interpret this as SOX on steroids and fail to deliver a true enterprise view of risk.  ERM often is trapped in an internal control view of risk that fails to comprehend and interpret the complexities of […]

  Chalres Dickens might as well have been speaking about the risk and compliance market (GRC market) when he stated “It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness.”  What was considered foolish a few years back – basically conservatively […]

INQUIRY: Among the companies you speak with, which organizational departments (finance, operations, legal, HR, etc.) appear to have the most to gain from GRC automation?   RESPONSE: GRC is about collaboration across these roles – so all have a lot to gain from GRC technology enablement and automation.  However I would state that business operations […]

 INQUIRY:  What are the 3 most critical areas for further GRC automation in 2009 – and why?   RESPONSE: The top of my list is what I am calling “Next Generation Policy & Procedure Management.”  This may not be on everyone’s radar – but it is a significant area to drive efficiency, consistency, as well […]