Upcoming Events . . .
Latest Pontifications & Thoughts . . .
The Agile Organization: GRC in Context of Regulatory Change
Change is an intricate machine of chaotic gears and movements and is the single greatest challenge for organizations in the context of governance, risk management, and compliance (GRC). The challenge… Continue reading The Agile Organization: GRC in Context of Regulatory Change
IT GRC > IT Security
If you have been following my research over the course of the past 15 years you will know that I have often been frustrated when IT GRC has been understood to be confined to IT security management. In fact, you can find some of my Forrester reports (2001 to 2007) that often challenge the captivity…
Now Accepting 2015 GRC Value Award Nominations
GRC 20/20 is accepting nominations for the 2015 GRC Value Awards! Successful governance, risk management, and compliance (GRC) delivers the ability to effectively mitigate risk, meet requirements, satisfy auditors, achieve human… Continue reading Now Accepting 2015 GRC Value Award Nominations
Quick Start to a GRC RFP
The GRC market is a broad market with a variety of segments. It is not all about Enterprise GRC Platforms. In fact, only about 25% of the inquiries GRC 20/20 gets from organizations are for Enterprise GRC strategies and platforms. A good 75% of the market is aimed at solving department and specific regulatory or…
How to Purchase Policy Management Solutions
A well-conceived technology architecture for policy and training management can enable a common policy and training framework across multiple departments, or just one department as appropriate. Organizations need a policy management platform that is context-driven and adaptable to a dynamic and changing environment. Compared to the ad hoc method in use in most organizations today,…
Demand & Market for GRC Content & Intelligence Offerings
The role of content in GRC strategies, solutions, and architecture is becoming significant. Organizations find that they need access to risk and compliance intelligence updates, regulatory changes, risk libraries, audit templates, sanction and watch lists, sample policies, and more. GRC solutions are often differentiating themselves by their ability to provide and integrate a range of…
A Strategic Approach to Third Party Management, Part 2: Designing an Integrated Architecture to Support Your Strategy
Third party management processes are used to manage and monitor the ever-changing relationship, risk, and regulatory environments in extended business relationships. While third party processes can vary by organization and industry, the common components are . . .
Now Accepting 2015 GRC Innovation Award Nominations
It has been stated that: Any intelligent fool can make things bigger, more complex and more violent. It takes a touch of genius – and a lot of courage to move in the opposite direction. A primary directive of innovation is to provide experience that is simple yet complete. Like Apple with its innovative technologies,…
Considerations When Purchasing Policy Management Solutions
With today’s complex business operations, global expansion, and the ever changing legal, regulatory and compliance environments, a well-defined policy management program is vital to enable an organization to effectively develop and maintain the policies needed to reliably achieve objectives while addressing uncertainty and act with integrity. This is why organizations are aggressively looking at policy…
A Strategic Approach to Third Party Management, Part 1: Defining Your Strategy
Designing a third party management program starts with defining the third party strategy. The strategy connects key business functions with a common third party governance framework and policy. The strategic plan is the foundation that enables third party transparency, discipline, and control of the ecosystem of third parties across the extended enterprise.
Considerations When Purchasing GRC Solutions
Over the next few months I will be doing a regular series of posts on buying considerations in different areas of GRC. However, before getting into specific areas, I want to share considerations organizations should have when looking at any type of GRC related solution. The guidance provided below is applicable whether you are looking…
Best Practice in Model Risk Management: Modeling Your Models
Over time models have grown in variety, complexity, and use within organizations. They have moved from tactical pieces of input to a strategic pillar that provides the infrastructure and backbone for strategy and decisions at all levels of the organization. Time and evolution of models left uncontrolled bring forth loss and potential disaster. Unfortunately, many…
