Archive | The GRC Pundit Blog

Ethics & Integrity In Volatile Times

News . . . the roller-coaster of information pouring into us about the tumultuous times we live in can be overwhelming.  The current focus on the economy in the wake of an ongoing shake-up in Wall Street has many living on the edge of their seats – uncertain about the future.   There definitely is a need […]

Continue Reading 0

Reflecting on summer . . .

Summer is over.  Schedules change, kids are in school, fall is arriving.   As many of you noticed – I took a break from blogging this summer. However, this was not a break from GRC 20/20 work.  I have been working hard at delivering value to clients facing risk and compliance issues as well as […]

Continue Reading 0

Corporate Compliance & Ethics Week 2008

It is the end of the week – but still a good chance for that final reminder that it is Corporate Compliance and Ethics Week – which happens the last week of May every year. I would encourage you to send out that email to your employees and partners reminding them that compliance is about […]

Continue Reading 0

Business Intelligence & GRC

Does the business intelligence (BI) issue fall under the governance, risk and compliance (GRC) domain? Business intelligence (BI) is an essential component to a successful governance, risk and compliance (GRC) strategy: It involves what I refer to as risk and regulatory intelligence. Basically, business has to monitor its internal environment — as well as the […]

Continue Reading 0

2008 GRC Drivers, Trends, & Market Directions

I recently published my”2008 GRC Drivers, Trends, & Market Directions”research illustrating the dynamic and growing nature of GRC adoption within organizations and the direction and size of the overall GRC market for products and services. Below are the summary highlights from this piece of research. . . Organizations Embrace GRC Principles The Governance, Risk, and […]

Continue Reading 0

Spreadsheets are inadequate for risk and compliance assessment questionaires

My two cents – if you are relying on spreadsheets (or for that matter word processing documents) to survey and gather risk and compliance information you have a problem. This in and of itself is a control issue that should be flagged. Spreadsheets are a thorn in the flesh of risk and compliance. I have […]

Continue Reading 0

SAP Delivers on GRC Vision

Last week was an exciting week – three events converged in an action packed week in Orlando: I did a live webcast on Measuring the Ethical Organization with the Institute of Internal Auditors from their headquarters in Florida; Archer Technologies had their User Summit – it has been a pleasure to see Archer grow and […]

Continue Reading 0

What is IT GRC?

Confusion leads to chaos. One area of confusion is IT-GRC. Major analyst firms are in a hubbub trying to get their arms around IT-GRC. IT security vendors are pulling in many directions trying to get IT-GRC to be defined to cover their respective niche. Others are lobbying to define IT-GRC as everything technology that relates […]

Continue Reading 0

Getting It Right

One of my pet peeves in the GRC space is the misuse of words. I frequently have vendors come to me and tell me that they are an enterprise risk management solution – when in fact it is obvious that what they are doing is something specific like IT risk management. My response to these […]

Continue Reading 0

GRC 2.0 – The GRC.EcoSystem

GRC 1.0 – it was a good start. When I originally defined the GRC market, unlike other analysts, I had a holistic view of business processes in mind that needed to participate in a GRC vision and strategy.  The goal was to make sure that GRC was not limited to SOX/finance or IT.  GRC needed […]

Continue Reading 0