Upcoming Events . . .

Latest Pontifications & Thoughts . . .

  • Chief Ethics & Compliance Officer: SWOT Analysis

    Chief Ethics & Compliance Officer: SWOT Analysis

    Last week a Global CECO (manufacturing company operating in more than 60 countries with over 17,000 employees) reached out to me on a research piece I had published back in… Continue reading Chief Ethics & Compliance Officer: SWOT Analysis

  • Leveraging Data Classification to Enable GDPR/CCDP Data Subject Requests

    Leveraging Data Classification to Enable GDPR/CCDP Data Subject Requests

    Regulatory requirements are driving organizations to clearly define processes to manage personal data requests from data subjects [1], which in turn requires clear data classification and disposition controls in the environment.… Continue reading Leveraging Data Classification to Enable GDPR/CCDP Data Subject Requests

  • Managing Risk Across Third-party Relationships

    Managing Risk Across Third-party Relationships

    Organizations are an intricate organism of complex relationships. The modern organization does not operate in isolation, but as part of an ecosystem of interactions with third parties. The physicist, Fritjof… Continue reading Managing Risk Across Third-party Relationships

  • GRC Take 2: Key Factors in Choosing a New GRC Vendor

    GRC Take 2: Key Factors in Choosing a New GRC Vendor

    Governance, risk management, and compliance (GRC) is something every organization does: it is part of business. Whether the organization calls it GRC, ERM, EHS, or something else…every organization has some… Continue reading GRC Take 2: Key Factors in Choosing a New GRC Vendor

  • Are Your Policies a Mess? A Maze of Confusion?

    Are Your Policies a Mess? A Maze of Confusion?

    Effectively managing policies is easier said than done. Ad hoc or passive approaches mean that policies are outdated, scattered across the organization, and not consistent– resulting in confusion for recipients… Continue reading Are Your Policies a Mess? A Maze of Confusion?

  • Maintaining Internal Controls in Dynamic and Distributed Business

    Maintaining Internal Controls in Dynamic and Distributed Business

    Organizations operate in a field of risk landmines. The daily headlines reveal companies that fail in risk, compliance, and internal controls. Business today is complex in its operations and corresponding… Continue reading Maintaining Internal Controls in Dynamic and Distributed Business

  • 2019 GRC User Experience Award Nominations

    2019 GRC User Experience Award Nominations

    GRC 20/20 is accepting nominations for the 2019 GRC User Experience Awards! Governance, risk management and compliance (GRC) is a part of everyone’s job. Too often we shovel GRC into… Continue reading 2019 GRC User Experience Award Nominations

  • Operational Resiliency: Connected Management of Operational Risk

    Operational Resiliency: Connected Management of Operational Risk

    I am sitting in a pub in London having a pint after an intense week of interactions with organizations. My mind is laser focused on the burning issue of the day: operational… Continue reading Operational Resiliency: Connected Management of Operational Risk

  • Manage Your Privacy Journey: GDPR, CCPA & Beyond

    Manage Your Privacy Journey: GDPR, CCPA & Beyond

    I love adventures! Whether in a city or out in nature, it is exciting to go out and do things. Simple adventures do not require a lot of planning, but… Continue reading Manage Your Privacy Journey: GDPR, CCPA & Beyond

  • Efficient and Effective Third-Party GRC Management

    Efficient and Effective Third-Party GRC Management

    Modern Organization: Interconnected Maze of Relationships Traditional brick and mortar business are a thing of the past. Physical buildings and conventional employees no longer define organizations. The modern organization is… Continue reading Efficient and Effective Third-Party GRC Management

  • GDPR: Moving Forward Out of the Doldrums

    GDPR: Moving Forward Out of the Doldrums

    I love sailing. It has fascinated me since I was in high school, but only recently have I taken up learning to sail. While I have not sailed across an… Continue reading GDPR: Moving Forward Out of the Doldrums

  • Monitoring and Managing Risk Effectively

    Monitoring and Managing Risk Effectively

    Organizations take risks all the time but fail to monitor and manage risk effectively. A cavalier approach to risk-taking is a result of a poorly defined risk culture. It results… Continue reading Monitoring and Managing Risk Effectively