Select Page
Posted by The GRC Pundit | Mar 25, 2008 | The GRC Pundit Blog |
My two cents – if you are relying on spreadsheets (or for that matter word processing documents) to survey and gather risk and compliance information you have a problem. This in and of itself is a control issue that should...
Read MorePosted by The GRC Pundit | Mar 18, 2008 | The GRC Pundit Blog |
Last week was an exciting week – three events converged in an action packed week in Orlando: I did a live webcast on Measuring the Ethical Organization with the Institute of Internal Auditors from their headquarters in...
Read MorePosted by The GRC Pundit | Mar 12, 2008 | The GRC Pundit Blog |
Confusion leads to chaos. One area of confusion is IT-GRC. Major analyst firms are in a hubbub trying to get their arms around IT-GRC. IT security vendors are pulling in many directions trying to get IT-GRC to be defined to...
Read MorePosted by The GRC Pundit | Mar 11, 2008 | The GRC Pundit Blog |
One of my pet peeves in the GRC space is the misuse of words. I frequently have vendors come to me and tell me that they are an enterprise risk management solution – when in fact it is obvious that what they are doing is...
Read MorePosted by The GRC Pundit | Jan 23, 2008 | The GRC Pundit Blog |
GRC 1.0 – it was a good start. When I originally defined the GRC market, unlike other analysts, I had a holistic view of business processes in mind that needed to participate in a GRC vision and strategy. The goal was to...
Read More