Understanding & Improving Governance, Risk Management & Compliance

Written by The GRC Pundit

Published on2018-10-10DiscussionLeave a Comment on Understanding & Improving Governance, Risk Management & Compliance

Governance, risk management & compliance (GRC) is something an organization does and not something an organization buys. GRC, done properly, is what is achieved throughout the business and its operations. By definition, GRC is “a capability to reliably achieve objectives [governance] while addressing uncertainty [risk management] and acting with integrity [compliance].” (source: OCEG GRC Capability Model that GRC 20/20 has helped define and contribute to) This requires that GRC needs to be understood in the context of enterprise strategy, objectives, architecture and processes.

Designing mature GRC processes that align with the organization requires an understanding of what the organization is about, how it operates, how it should be monitored and controlled. This is done through defining the right GRC process, information and technology architecture. GRC by Design requires an enterprise/organization architecture approach to the organization and how it operates.

GRC 20/20 is a research and analyst organization aimed at understanding what is keeping organizations up at night and how they address this with strategy, process, and technology to make GRC related processes efficient, effective, and agile. We are a research and analyst firm, not a consulting firm.

In this context, GRC 20/20 does regular training By Design workshops to share our research and experience with organizations looking to improve their GRC related strategies. These workshops are key part of our research as they are workshops and not lectures. Attendees interact and share their challenges and approaches and learn from each other as much as they learn from GRC 20/20. These are amazing facilitated sessions that engage attendees on the deep subjects of GRC in a way that is practical and enriching. There is no cost to attend these workshops and attendees use the time for continuing education credits for certifications. However, they are only open for organizations working on their own internal GRC related strategies and processes. Solution providers and professional service firms are not allowed to register for these workshops.

Third Party Management by Design Workshops

• Third Party Management by Design Workshop, Dallas, October 16

Enterprise GRC Management by Design Workshops

• Enterprise GRC by Design, New York City, October 19
• Enterprise GRC by Design, Chicago, October 22
• Enterprise GRC by Design, London, November 11
• Enterprise GRC by Design, San Francisco, December 4

IT GRC/Security Management

• IT GRC Management by Design, Phoenix, November 5

By Design workshop aims to provide a blueprint for attendees on effective enterprise GRC strategies in a dynamic business, regulatory, and risk environment. Attendees will learn enterprise GRC strategies and techniques that can be applied across the organization. Learning is done through lectures, collaboration with peers, and workshop tasks.

GRC 20/20 also offers complimentary inquiry to organizations looking to improve GRC related processes and identify the right technology solutions and what differentiates them to solve those problems. Our research is objective and there are over 800 solutions we have mapped into the many segments of the broad GRC market. If you have a question on GRC strategy, process, and technology . . . simply ask us an inquiry and can have a call or email exchange.