

Upcoming Events . . .
Latest Pontifications & Thoughts . . .
-
Developing a Vendor Risk Management Strategy – Info/CyberSecurity Perspective
Organizations are porous: the modern organization is not defined by brick and mortar walls but is a complex web of business relationships. These relationships span vendors, suppliers, outsourcers, service providers,… Continue reading Developing a Vendor Risk Management Strategy – Info/CyberSecurity Perspective
-
Considerations and Lessons Learned from GRC RFPs
The GRC technology market landscape is broad with over 800 solution providers across seventeen segments of GRC (see bottom of this post for a breakout of GRC segments). Approximately seventy… Continue reading Considerations and Lessons Learned from GRC RFPs
-
Increasing Exposure of Third Party Risks
The Modern Organization is an Interconnected Mess of Relationships Brick and mortar business is a thing of the past: physical buildings and conventional employees no longer define an organization. The… Continue reading Increasing Exposure of Third Party Risks
-
GRC in Uncertain Times: 2016 and into 2017
In the past month there have been a lot of posts, articles, and discussion on the impact of Trump’s presidency on the GRC market, particularly compliance. Some fear that the need… Continue reading GRC in Uncertain Times: 2016 and into 2017
-
How to Identify UBOs in an Unpredictable World
Business operates in a world of chaos, where relationship risk is ever present. What’s the secret to understanding and identifying ultimate beneficial owners? The modern organization is an interconnected web… Continue reading How to Identify UBOs in an Unpredictable World
-
The Role of Technology in Compliance Risk Management
Organizational exposure to compliance risk is rising while the cost of compliance soars. An ad hoc or reactive approach to compliance brings complexity, forcing business to be less agile. Organizations… Continue reading The Role of Technology in Compliance Risk Management
-
Compliance: An Integral Part of Risk Management
Increased regulatory and ethical pressures are transforming the traditional role of compliance. Compliance departments are taking on broader responsibility for ethics, compliance, corporate culture, and social responsibility. With greater frequency,… Continue reading Compliance: An Integral Part of Risk Management
-
Compliance and Risk Bear Down on the Organization
Compliance in Dynamic and Distributed Business Compliance is not easy. Organizations across industries have global clients, partners, and business operations. The larger the organization the more complex its operations. Adding… Continue reading Compliance and Risk Bear Down on the Organization
-
Complexities of IT GRC Hinders Organizations
Organizations operate in a complex environment of risk, compliance requirements, and vulnerabilities that interweave through departments, functions, processes, technologies, roles, and relationships. What may seem as an insignificant IT risk… Continue reading Complexities of IT GRC Hinders Organizations
-
Policy Management Demands Attention
The Foundational Role of Policies in GRC Strategies Policies are critical to the organization as they establish boundaries of behavior for individuals, processes, relationships, and transactions. Starting at the policy… Continue reading Policy Management Demands Attention
-
Information Security in Context: The CISO as a Transformational Role in Risk Management
Information Security at the Center of Risk Chaos Inevitable Failure: Managing Information Risk in a Silo Organizations are complex. Exponential growth and change in technology, vulnerabilities, regulations, globalization, distributed operations,… Continue reading Information Security in Context: The CISO as a Transformational Role in Risk Management
-
The GRC Economy
I am often asked, “What do you do?” My simple answer, that I do not like, is to say that I am a consultant. This does not always help as… Continue reading The GRC Economy