Upcoming Events . . .
Latest Pontifications & Thoughts . . .
Policy Management Technology: Separating the Simple from the Advanced
Most organizations are waking up to find their policies in a complete disarray. Over the years policy portals have sprung up across the organization. HR has their portal, IT has… Continue reading Policy Management Technology: Separating the Simple from the Advanced
Michael Rasmussen on GRC value & creating your GRC RFP template
What do you need to include in a GRC RFP? We asked one of the experts in this interview. Enterprise governance, risk, and compliance (GRC) strategies can help organizations across… Continue reading Michael Rasmussen on GRC value & creating your GRC RFP template
From Ad Hoc to Agile: Set Your Course for Third-Party GRC Maturity
This post is an excerpt from GRC 20/20’s most recent research piece, Third Party GRC Maturity Model: A New Paradigm in Governing Third Party Relationships, and upcoming webinar From Ad… Continue reading From Ad Hoc to Agile: Set Your Course for Third-Party GRC Maturity
Defining a Risk Culture: Critical Elements of an Enterprise Risk Management Policy
I am amazed at the number of risk management programs I encounter that lack an organized structure and approach. So often what we know as ERM (enterprise risk management) is… Continue reading Defining a Risk Culture: Critical Elements of an Enterprise Risk Management Policy
Challenges in Risk Management
Providing 360° Contextual Awareness of Risk The physicist, Fritjof Capra, made an insightful observation on living organisms and ecosystems that also rings true when applied to risk management: The more… Continue reading Challenges in Risk Management
How Analytics is Influencing Governance, Risk Management & Compliance (GRC)
Humans excel at analytics; it is the way our brains are wired. We are constantly taking in information, processing, analyzing, and making decisions. Whether it is crossing a street, reading… Continue reading How Analytics is Influencing Governance, Risk Management & Compliance (GRC)
Next Generation Policy & Training Management Technology
GRC 20/20 interacts with a lot of organizations as they evaluate solutions for policy and training management. As the only analyst firm that breaks this functionality out as its own… Continue reading Next Generation Policy & Training Management Technology
Step 3: Select the Right Equipment for the 3rd Party GRC Journey
This is the 3rd blog in a 5-part series on developing a strategic plan for Third Party Governance/Management in your organization. Growing up in Northwest Montana I spent a lot… Continue reading Step 3: Select the Right Equipment for the 3rd Party GRC Journey
GRC Behemoth vs Agile GRC
Outside of Governance, Risk Management & Compliance (GRC), my passion and interest is in British medieval history – from the Anglo-Saxon period through the Plantagenets and the War of the… Continue reading GRC Behemoth vs Agile GRC
Step 2: Conditioning is Critical, Make Sure Your Team and Systems are Ready for 3rd Party GRC
This is the 2nd blog in a 5-part series on developing a strategic plan for Third Party Governance/Management in your organization. With an understanding of where you are at and… Continue reading Step 2: Conditioning is Critical, Make Sure Your Team and Systems are Ready for 3rd Party GRC
Step 1: Develop a 3rd Party GRC Strategic Plan
I grew up in the Northwest corner of Montana, a beautiful but wild country. From my earliest years I loved the outdoors. In fact, long before any aspirations to build… Continue reading Step 1: Develop a 3rd Party GRC Strategic Plan
UK SMCR: A Paradigm Shift to GRC Accountability
The UK Senior Manager’s Regime and Certification Regime (UK SMCR) is a paradigm shift in regulation and accountability. In one context, I have used the analogy that it is the… Continue reading UK SMCR: A Paradigm Shift to GRC Accountability