Upcoming Events . . .

Latest Pontifications & Thoughts . . .

  • UK SMCR: Trekking Up the Mountain

    UK SMCR: Trekking Up the Mountain

    The importance of stages Climbing a mountain like Mount Everest is not done haphazardly. It takes careful planning and an organized route. It also involves breaking the trek up the… Continue reading UK SMCR: Trekking Up the Mountain

  • Third Party GRC vs Third Party Risk Management

    Third Party GRC vs Third Party Risk Management

    Business is No Longer Brick & Mortar Walls I was recently talking to a global manufacturer about the challenges they face in defining their organization. The challenge is that there… Continue reading Third Party GRC vs Third Party Risk Management

  • How Mature is Governance, Risk Management & Compliance (GRC) in Your Organization?

    GRC maturity has evolved over the past fifteen years since OCEG first published the GRC Capability Model and we have measured these changes along the way. In 2019 we conducted… Continue reading How Mature is Governance, Risk Management & Compliance (GRC) in Your Organization?

  • Tale of Two Futures: Blade Runner or Star Trek?

    Tale of Two Futures: Blade Runner or Star Trek?

    It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness, it was the epoch of belief,… Continue reading Tale of Two Futures: Blade Runner or Star Trek?

  • GRC 4.0 – Agile GRC in a Dynamic & Disrupted Organization

    GRC 4.0 – Agile GRC in a Dynamic & Disrupted Organization

    Governance, risk management, and compliance (GRC) is the capability to reliably achieve objectives [GOVERNANCE] while addressing uncertainty [RISK MANAGEMENT] and act with integrity [COMPLIANCE]. The components of GRC provide the… Continue reading GRC 4.0 – Agile GRC in a Dynamic & Disrupted Organization

  • From GRC 1.0 to GRC 5.0: A History of Technology for GRC

    From GRC 1.0 to GRC 5.0: A History of Technology for GRC

    Governance, Risk Management and Compliance (GRC) is “a capability to reliably achieve objectives [GOVERNANCE], while addressing uncertainty [RISK MANAGEMENT], and act with integrity [COMPLIANCE].” This is the official definition of… Continue reading From GRC 1.0 to GRC 5.0: A History of Technology for GRC

  • Is Policy Management Causing More Pain than Gain?

    Is Policy Management Causing More Pain than Gain?

    The Policy Management Illustrated Series Frustrated by policy management? Having trouble finding all the policies (both authorized and unauthorized) floating around in your organization? Wasting time and resources that could… Continue reading Is Policy Management Causing More Pain than Gain?

  • Exposing IRM for What it Really is: GRC Light

    Exposing IRM for What it Really is: GRC Light

    Gartner, particularly John Wheeler, is hard at work trying to convince the world that their Integrated Risk Management (IRM) is something new to replace Governance, Risk Management & Compliance. You… Continue reading Exposing IRM for What it Really is: GRC Light

  • Understanding Third Party GRC Maturity: Agile Stage

    Understanding Third Party GRC Maturity: Agile Stage

    A haphazard department- and document-centric approach for third party GRC compounds the problem and does not solve it. It is time for organizations to step back and mature their third-party… Continue reading Understanding Third Party GRC Maturity: Agile Stage

  • The Intersection of GRC and Policy Management

    The Intersection of GRC and Policy Management

    Policies matter, and policy management matters. Period. Policies are critical governance documents for every organization. They set guardrails and parameters of acceptable and unacceptable behavior for individuals, processes, and transactions.… Continue reading The Intersection of GRC and Policy Management

  • Understanding Third Party GRC Maturity: Integrated Stage

    Understanding Third Party GRC Maturity: Integrated Stage

    A haphazard department and document centric approach for third party GRC compounds the problem and does not solve it. It is time for organizations to step back and mature their… Continue reading Understanding Third Party GRC Maturity: Integrated Stage

  • The 3 Lifecycle Stages of Vendor Security Risk Management: Offboarding

    The 3 Lifecycle Stages of Vendor Security Risk Management: Offboarding

    How do you say goodbye to a third party? This is the third of a three-part series on vendor risk management through the lifecycle of the relationship. Today, we focus… Continue reading The 3 Lifecycle Stages of Vendor Security Risk Management: Offboarding