Upcoming Events . . .

Latest Pontifications & Thoughts . . .

  • Policy Management Technology: Separating the Simple from the Advanced

    Policy Management Technology: Separating the Simple from the Advanced

    Most organizations are waking up to find their policies in a complete disarray. Over the years policy portals have sprung up across the organization. HR has their portal, IT has… Continue reading Policy Management Technology: Separating the Simple from the Advanced

  • Michael Rasmussen on GRC value & creating your GRC RFP template

    Michael Rasmussen on GRC value & creating your GRC RFP template

    What do you need to include in a GRC RFP? We asked one of the experts in this interview. Enterprise governance, risk, and compliance (GRC) strategies can help organizations across… Continue reading Michael Rasmussen on GRC value & creating your GRC RFP template

  • From Ad Hoc to Agile: Set Your Course for Third-Party GRC Maturity

    From Ad Hoc to Agile: Set Your Course for Third-Party GRC Maturity

    This post is an excerpt from GRC 20/20’s most recent research piece, Third Party GRC Maturity Model: A New Paradigm in Governing Third Party Relationships, and upcoming webinar From Ad… Continue reading From Ad Hoc to Agile: Set Your Course for Third-Party GRC Maturity

  • Defining a Risk Culture: Critical Elements of an Enterprise Risk Management Policy

    Defining a Risk Culture: Critical Elements of an Enterprise Risk Management Policy

    I am amazed at the number of risk management programs I encounter that lack an organized structure and approach. So often what we know as ERM (enterprise risk management) is… Continue reading Defining a Risk Culture: Critical Elements of an Enterprise Risk Management Policy

  • Challenges in Risk Management

    Challenges in Risk Management

    Providing 360° Contextual Awareness of Risk The physicist, Fritjof Capra, made an insightful observation on living organisms and ecosystems that also rings true when applied to risk management:  The more… Continue reading Challenges in Risk Management

  • How Analytics is Influencing Governance, Risk Management & Compliance (GRC)

    How Analytics is Influencing Governance, Risk Management & Compliance (GRC)

    Humans excel at analytics; it is the way our brains are wired. We are constantly taking in information, processing, analyzing, and making decisions. Whether it is crossing a street, reading… Continue reading How Analytics is Influencing Governance, Risk Management & Compliance (GRC)

  • Next Generation Policy & Training Management Technology

    Next Generation Policy & Training Management Technology

    GRC 20/20 interacts with a lot of organizations as they evaluate solutions for policy and training management. As the only analyst firm that breaks this functionality out as its own… Continue reading Next Generation Policy & Training Management Technology

  • Step 3: Select the Right Equipment for the 3rd Party GRC Journey

    Step 3: Select the Right Equipment for the 3rd Party GRC Journey

    This is the 3rd blog in a 5-part series on developing a strategic plan for Third Party Governance/Management in your organization. Growing up in Northwest Montana I spent a lot… Continue reading Step 3: Select the Right Equipment for the 3rd Party GRC Journey

  • GRC Behemoth vs Agile GRC

    GRC Behemoth vs Agile GRC

    Outside of Governance, Risk Management & Compliance (GRC), my passion and interest is in British medieval history – from the Anglo-Saxon period through the Plantagenets and the War of the… Continue reading GRC Behemoth vs Agile GRC

  • Step 2: Conditioning is Critical, Make Sure Your Team and Systems are Ready for 3rd Party GRC

    Step 2: Conditioning is Critical, Make Sure Your Team and Systems are Ready for 3rd Party GRC

    This is the 2nd blog in a 5-part series on developing a strategic plan for Third Party Governance/Management in your organization. With an understanding of where you are at and… Continue reading Step 2: Conditioning is Critical, Make Sure Your Team and Systems are Ready for 3rd Party GRC

  • Step 1: Develop a 3rd Party GRC Strategic Plan

    Step 1: Develop a 3rd Party GRC Strategic Plan

    I grew up in the Northwest corner of Montana, a beautiful but wild country. From my earliest years I loved the outdoors. In fact, long before any aspirations to build… Continue reading Step 1: Develop a 3rd Party GRC Strategic Plan

  • UK SMCR: A Paradigm Shift to GRC Accountability

    UK SMCR: A Paradigm Shift to GRC Accountability

    The UK Senior Manager’s Regime and Certification Regime (UK SMCR) is a paradigm shift in regulation and accountability. In one context, I have used the analogy that it is the… Continue reading UK SMCR: A Paradigm Shift to GRC Accountability