Upcoming Events . . .
Latest Pontifications & Thoughts . . .
UK SMCR: Trekking Up the Mountain
The importance of stages Climbing a mountain like Mount Everest is not done haphazardly. It takes careful planning and an organized route. It also involves breaking the trek up the… Continue reading UK SMCR: Trekking Up the Mountain
Third Party GRC vs Third Party Risk Management
Business is No Longer Brick & Mortar Walls I was recently talking to a global manufacturer about the challenges they face in defining their organization. The challenge is that there… Continue reading Third Party GRC vs Third Party Risk Management
How Mature is Governance, Risk Management & Compliance (GRC) in Your Organization?
GRC maturity has evolved over the past fifteen years since OCEG first published the GRC Capability Model and we have measured these changes along the way. In 2019 we conducted… Continue reading How Mature is Governance, Risk Management & Compliance (GRC) in Your Organization?
Tale of Two Futures: Blade Runner or Star Trek?
It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness, it was the epoch of belief,… Continue reading Tale of Two Futures: Blade Runner or Star Trek?
GRC 4.0 – Agile GRC in a Dynamic & Disrupted Organization
Governance, risk management, and compliance (GRC) is the capability to reliably achieve objectives [GOVERNANCE] while addressing uncertainty [RISK MANAGEMENT] and act with integrity [COMPLIANCE]. The components of GRC provide the… Continue reading GRC 4.0 – Agile GRC in a Dynamic & Disrupted Organization
From GRC 1.0 to GRC 5.0: A History of Technology for GRC
Governance, Risk Management and Compliance (GRC) is “a capability to reliably achieve objectives [GOVERNANCE], while addressing uncertainty [RISK MANAGEMENT], and act with integrity [COMPLIANCE].” This is the official definition of… Continue reading From GRC 1.0 to GRC 5.0: A History of Technology for GRC
Is Policy Management Causing More Pain than Gain?
The Policy Management Illustrated Series Frustrated by policy management? Having trouble finding all the policies (both authorized and unauthorized) floating around in your organization? Wasting time and resources that could… Continue reading Is Policy Management Causing More Pain than Gain?
Exposing IRM for What it Really is: GRC Light
Gartner, particularly John Wheeler, is hard at work trying to convince the world that their Integrated Risk Management (IRM) is something new to replace Governance, Risk Management & Compliance. You… Continue reading Exposing IRM for What it Really is: GRC Light
Understanding Third Party GRC Maturity: Agile Stage
A haphazard department- and document-centric approach for third party GRC compounds the problem and does not solve it. It is time for organizations to step back and mature their third-party… Continue reading Understanding Third Party GRC Maturity: Agile Stage
The Intersection of GRC and Policy Management
Policies matter, and policy management matters. Period. Policies are critical governance documents for every organization. They set guardrails and parameters of acceptable and unacceptable behavior for individuals, processes, and transactions.… Continue reading The Intersection of GRC and Policy Management
Understanding Third Party GRC Maturity: Integrated Stage
A haphazard department and document centric approach for third party GRC compounds the problem and does not solve it. It is time for organizations to step back and mature their… Continue reading Understanding Third Party GRC Maturity: Integrated Stage
The 3 Lifecycle Stages of Vendor Security Risk Management: Offboarding
How do you say goodbye to a third party? This is the third of a three-part series on vendor risk management through the lifecycle of the relationship. Today, we focus… Continue reading The 3 Lifecycle Stages of Vendor Security Risk Management: Offboarding