Upcoming Events . . .

Latest Pontifications & Thoughts . . .

  • Policy Management Requires Attention

    Policy Management Requires Attention

    Policies: A Foundation in GRC Strategies Policies are critical to organizations as they establish boundaries of behavior for individuals, processes, relationships, and transactions. An organization must establish policy it is… Continue reading Policy Management Requires Attention

  • Why it Makes Sense to Manage Retention with Privacy and GDPR

    Why it Makes Sense to Manage Retention with Privacy and GDPR

    There is increasing focus on the protection of personal identity information around the world. Over the past two decades, we have seen increasing regulations such as US HIPAA, US GLBA,… Continue reading Why it Makes Sense to Manage Retention with Privacy and GDPR

  • GDPR in Third Party Relationships Stretches Resources

    GDPR in Third Party Relationships Stretches Resources

    As the years go by, there is increasing focus on the protection of personal identity information around the world. Over time we have seen new regulations such as US HIPAA, US GLBA,… Continue reading GDPR in Third Party Relationships Stretches Resources

  • Internal Control Management by Design

    Internal Control Management by Design

    Business is complex. Exponential growth and change in regulations, globalization, distributed operations, changing processes, competitive velocity, business relationships, disruptive technology, and business data impedes organizations. Keeping complexity and change in… Continue reading Internal Control Management by Design

  • Critical Capabilities & Considerations for Evaluation of Policy & Training Management Platforms

    Critical Capabilities & Considerations for Evaluation of Policy & Training Management Platforms

    I get a lot of inquiries from organizations looking for policy management platforms. Some for a department focused need (e.g., IT security, health and safety, Human Resources), others for a… Continue reading Critical Capabilities & Considerations for Evaluation of Policy & Training Management Platforms

  • How Technology Enables Enterprise Risk Management

    How Technology Enables Enterprise Risk Management

    Risk management fails when information is scattered, redundant, non-reliable, and managed as a system of parts that do not integrate and work as a collective whole. The risk management information… Continue reading How Technology Enables Enterprise Risk Management

  • How to Purchase Policy & Training Management Platforms

    How to Purchase Policy & Training Management Platforms

    Organizations often lack a coordinated enterprise strategy for policy development, maintenance, communication, attestation, and training. An ad hoc approach to policy management exposes the organization to significant liability. This liability… Continue reading How to Purchase Policy & Training Management Platforms

  • GRC Critical Capabilities and Purchasing Considerations

    GRC Critical Capabilities and Purchasing Considerations

    There is a broad array of governance, risk management, and compliance (GRC) related solutions available in the market. In fact, GRC 20/20 has catalogued and mapped over 800 technology solutions and… Continue reading GRC Critical Capabilities and Purchasing Considerations

  • Components for Developing an ERM Strategy

    Components for Developing an ERM Strategy

    The physicist, Fritjof Capra, made an insightful observation on living organisms and ecosystems that also rings true when applied to risk management: “The more we study the major problems of… Continue reading Components for Developing an ERM Strategy

  • Technology Priorities for Compliance & Ethics

    Technology Priorities for Compliance & Ethics

    Past compliance processes were bogged down in documents and technology silos, which led to laborious and costly processes to gather information and report on compliance risk. Compliance departments over-relied on… Continue reading Technology Priorities for Compliance & Ethics

  • What Effective Risk Management Looks Like

    What Effective Risk Management Looks Like

    This is Part Two of a four-part blog series on ERM . . . To maintain the integrity of the organization and execute on strategy, the organization has to be… Continue reading What Effective Risk Management Looks Like

  • Why Enterprise Risk Management (ERM) is Critical to Modern Business

    Why Enterprise Risk Management (ERM) is Critical to Modern Business

    Organizations take risks all the time but fail to monitor and manage risk effectively for the enterprise. A cavalier approach to risk-taking results in disaster, providing case studies for future… Continue reading Why Enterprise Risk Management (ERM) is Critical to Modern Business