Archive | The GRC Pundit Blog

What are the questions the Board of Directors of any publicly traded company should be asking regarding the status of GRC enabling technology in their organization?   My experience is that the Board of Directors is not really focused on the technology enablement of GRC – for that part they probably know very little about […]

The writing is on the wall – we are entering a new era of corporate governance, risk management, and compliance. The shake up on Wall Street is just the current example of a trend towards greater oversight of business in a volatile world. With this comes a renewed focus on integrity, ethics and values. Organizations […]

News . . . the roller-coaster of information pouring into us about the tumultuous times we live in can be overwhelming.  The current focus on the economy in the wake of an ongoing shake-up in Wall Street has many living on the edge of their seats – uncertain about the future.   There definitely is a need […]

Summer is over.  Schedules change, kids are in school, fall is arriving.   As many of you noticed – I took a break from blogging this summer. However, this was not a break from GRC 20/20 work.  I have been working hard at delivering value to clients facing risk and compliance issues as well as […]

It is the end of the week – but still a good chance for that final reminder that it is Corporate Compliance and Ethics Week – which happens the last week of May every year. I would encourage you to send out that email to your employees and partners reminding them that compliance is about […]

Does the business intelligence (BI) issue fall under the governance, risk and compliance (GRC) domain? Business intelligence (BI) is an essential component to a successful governance, risk and compliance (GRC) strategy: It involves what I refer to as risk and regulatory intelligence. Basically, business has to monitor its internal environment — as well as the […]

I recently published my”2008 GRC Drivers, Trends, & Market Directions”research illustrating the dynamic and growing nature of GRC adoption within organizations and the direction and size of the overall GRC market for products and services. Below are the summary highlights from this piece of research. . . Organizations Embrace GRC Principles The Governance, Risk, and […]

My two cents – if you are relying on spreadsheets (or for that matter word processing documents) to survey and gather risk and compliance information you have a problem. This in and of itself is a control issue that should be flagged. Spreadsheets are a thorn in the flesh of risk and compliance. I have […]

Last week was an exciting week – three events converged in an action packed week in Orlando: I did a live webcast on Measuring the Ethical Organization with the Institute of Internal Auditors from their headquarters in Florida; Archer Technologies had their User Summit – it has been a pleasure to see Archer grow and […]

Confusion leads to chaos. One area of confusion is IT-GRC. Major analyst firms are in a hubbub trying to get their arms around IT-GRC. IT security vendors are pulling in many directions trying to get IT-GRC to be defined to cover their respective niche. Others are lobbying to define IT-GRC as everything technology that relates […]