I have been advising organizations on strategy, process, and technology related to ESG for over fifteen years. Of course, it has not been called ESG for that long. It was… Continue reading ESG: The Foundation is Built on Policies

The mature risk and resilience program can be measured against critical elements across governance and oversight, people and engagement, process and execution, and information and technology. Risk & Resilience Governance… Continue reading Checklist to Measure & Improve Risk & Resilience Maturity

Getting to the Head of the Risk & Resiliency Class Organizations with risk and resilience processes siloed within departments operate at the Ad Hoc, Fragmented, or Defined stage. At these… Continue reading Advancing Your Organization’s Risk and Resilience Maturity

Mature risk and resilience management is a seamless part of risk governance and operations. It requires a top-down view of risk and resilience, led by the executives and the board,… Continue reading Five Stages of Risk and Resilience Maturity

Firewalls protect us. In buildings, it is a wall intended to shield and confine a fire to an area to protect the rest of the building. In a vehicle, it… Continue reading The Human Firewall: Essential to Organizations

I have been on the road regularly for the past six weeks with a heavy travel schedule through mid-July that brings me across the USA and Europe. Lots of interactions… Continue reading Agile & Cognitive GRC: a New Generation in GRC Solutions

A dynamic business environment requires the capability to actively manage risk intelligence and fluctuating risks impacting the organization and its relationships. The old paradigm of uncoordinated third-party risk management is… Continue reading Delivering 360° Third-Party Risk Situational Awareness

Take advantage of GRC’s structured guidance to deliver on ESG strategy and processes. ESG – Environmental, Social, and Governance – is pressuring organizations from every angle. Investors are making investment… Continue reading How to Operationalize ESG with GRC

The Federal Risk and Authorization Management Program (FedRAMP) has been in place for just over a decade (2011). Its purpose is to provide a “cost-effective, risk-based approach for the adoption… Continue reading Improving FedRAMP: Federal Procurement & Risk Management

Gone are the years of simplicity in business operations. Rapid growth and change in risks, regulations, globalization, distributed operations, competitive velocity, technology, and business data encumbers organizations of all sizes.… Continue reading Operationalize Compliance to Ensure 360° Visibility into Operational Resilience 

Organizations often fail to monitor and manage compliance controls effectively in an environment that demands agility. This results in the inevitable failure of compliance that provides case studies for future… Continue reading How do you add compliance controls in different parts of your business?