Archive | The GRC Pundit Blog

Business Intelligence & GRC

Does the business intelligence (BI) issue fall under the governance, risk and compliance (GRC) domain? Business intelligence (BI) is an essential component to a successful governance, risk and compliance (GRC) strategy: It involves what I refer to as risk and regulatory intelligence. Basically, business has to monitor its internal environment — as well as the […]

Continue Reading 0

2008 GRC Drivers, Trends, & Market Directions

I recently published my”2008 GRC Drivers, Trends, & Market Directions”research illustrating the dynamic and growing nature of GRC adoption within organizations and the direction and size of the overall GRC market for products and services. Below are the summary highlights from this piece of research. . . Organizations Embrace GRC Principles The Governance, Risk, and […]

Continue Reading 0

Spreadsheets are inadequate for risk and compliance assessment questionaires

My two cents – if you are relying on spreadsheets (or for that matter word processing documents) to survey and gather risk and compliance information you have a problem. This in and of itself is a control issue that should be flagged. Spreadsheets are a thorn in the flesh of risk and compliance. I have […]

Continue Reading 0

SAP Delivers on GRC Vision

Last week was an exciting week – three events converged in an action packed week in Orlando: I did a live webcast on Measuring the Ethical Organization with the Institute of Internal Auditors from their headquarters in Florida; Archer Technologies had their User Summit – it has been a pleasure to see Archer grow and […]

Continue Reading 0

What is IT GRC?

Confusion leads to chaos. One area of confusion is IT-GRC. Major analyst firms are in a hubbub trying to get their arms around IT-GRC. IT security vendors are pulling in many directions trying to get IT-GRC to be defined to cover their respective niche. Others are lobbying to define IT-GRC as everything technology that relates […]

Continue Reading 0

Getting It Right

One of my pet peeves in the GRC space is the misuse of words. I frequently have vendors come to me and tell me that they are an enterprise risk management solution – when in fact it is obvious that what they are doing is something specific like IT risk management. My response to these […]

Continue Reading 0

GRC 2.0 – The GRC.EcoSystem

GRC 1.0 – it was a good start. When I originally defined the GRC market, unlike other analysts, I had a holistic view of business processes in mind that needed to participate in a GRC vision and strategy.  The goal was to make sure that GRC was not limited to SOX/finance or IT.  GRC needed […]

Continue Reading 0

GRC Gripes

It has been nearly four years since I originally defined the GRC market for professional services and technology solutions.  While PricewaterhouseCoopers was the first (to my knowledge) to use the acronym GRC, I was the first industry/market analyst to define a market for products and services and call it “GRC.” In fact: I have been […]

Continue Reading 0

Understanding GRC

Governance, Risk, and Compliance can each be confusing to understand in their individual capacities – bring them together as GRC and it can be even more confounding. GRC is more than a catchy acronym used by technology providers and consultants to market their solutions – it is a philosophy of business. This philosophy permeates the […]

Continue Reading 0

Why Integrity?

Integrity is a mirror revealing the truth about an individual or a corporation. It involves walking the talk — not just talking it. On a personal level, integrity is measured by what an individual does and does not do when no one is looking. Do they hold to their values, beliefs, and ethics? Or do […]

Continue Reading 0