Archive | The GRC Pundit Blog

Maintaining Internal Controls in Dynamic and Distributed Business

Organizations operate in a field of risk landmines. The daily headlines reveal companies that fail in risk, compliance, and internal controls. Business today is complex in its operations and corresponding internal control obligations. Adding to the complexity of global business, today’s organization is dynamic and constantly changing. The modern organization changes by the minute. The […]

Continue Reading 0

Operational Resiliency: Connected Management of Operational Risk

I am sitting in a pub in London having a pint after an intense week of interactions with organizations. My mind is laser focused on the burning issue of the day: operational resiliency. The FCA, PRA, and Bank of England have recently released a discussion paper focused on the need to build greater operational resilience in organizations. This challenge […]

Continue Reading 1

Manage Your Privacy Journey: GDPR, CCPA & Beyond

I love adventures! Whether in a city or out in nature, it is exciting to go out and do things. Simple adventures do not require a lot of planning, but you still need to be prepared for the day. More complex adventures require a lot of planning, coordination and execution. In organizations, complex adventures also […]

Continue Reading 0

Efficient and Effective Third-Party GRC Management

Modern Organization: Interconnected Maze of Relationships Traditional brick and mortar business are a thing of the past. Physical buildings and conventional employees no longer define organizations. The modern organization is an interconnected maze of relationships and interactions that span traditional business boundaries. Layers of relationships go beyond traditional employees to include suppliers, vendors, outsourcers, service […]

Continue Reading 0

GDPR: Moving Forward Out of the Doldrums

I love sailing. It has fascinated me since I was in high school, but only recently have I taken up learning to sail. While I have not sailed across an ocean, I have read many accounts of sailors getting stuck in the doldrums. The area in both the Atlantic and Pacific Ocean near the equator […]

Continue Reading 0

Monitoring and Managing Risk Effectively

Organizations take risks all the time but fail to monitor and manage risk effectively. A cavalier approach to risk-taking is a result of a poorly defined risk culture. It results in disaster, providing case studies for future generations on how poor risk management leads to the demise of corporations — even those with strong brands. […]

Continue Reading 0

Understanding & Improving Governance, Risk Management & Compliance

Governance, risk management & compliance (GRC) is something an organization does and not something an organization buys. GRC, done properly, is what is achieved throughout the business and its operations. By definition, GRC is “a capability to reliably achieve objectives [governance] while addressing uncertainty [risk management] and acting with integrity [compliance].” (source: OCEG GRC Capability Model that GRC 20/20 has helped define and […]

Continue Reading 0

The One Regulation to Rule Them All: UK SMR/CR & Cascading Regulations

For those of you on this list that know me on a personal level, I am a huge Tolkien fan. In fact, I am just a Master’s thesis away from my M.A. in Church History and the thesis is on the influence of Medieval theology, particularly Aquinas, on J.R.R. Tolkien and his works (my particular […]

Continue Reading 0

Managing Risk & Compliance in the Extended Enterprise

Modern Organization: Interconnected Maze of Relationships No man is an island, entire of itself; Every man is a piece of the continent, a part of the main.[1] Replace the word ‘man’ with ‘organization’ and the seventeenth-century English poet John Donne is describing the post-modern twenty-first century organization. In other words, “No organization is an island […]

Continue Reading 0

Enabling the 1st Line of Defense with Policy, Training & Issue Reporting

Like battling the multi-headed Hydra in Greek mythology, redundant, manual, and uncoordinated governance, risk management, and compliance (GRC) approaches are ineffective. As the Hydra grows more heads of regulation, legal matters, operational risks, and complexity, scattered departments of GRC responsibilities that do not work together become overwhelmed and exhausted and start losing the battle. This […]

Continue Reading 0

Follow by Email