

Upcoming Events . . .
Latest Pontifications & Thoughts . . .
-
Inevitability of Failure: Flawed Use of Spreadsheets in GRC
Spreadsheets, and their associates documents and emails, are the most prevalent GRC tool used by organizations. Their use comes at a significant cost if not controlled, monitored, and used properly.… Continue reading Inevitability of Failure: Flawed Use of Spreadsheets in GRC
-
Making Sense of GRC Related Technology & Solutions
Every organization does GRC (governance, risk management, and compliance), but it does not mean that every organization does GRC well. Complicating this is a maze of GRC technologies. Some are… Continue reading Making Sense of GRC Related Technology & Solutions
-
Mistakes & Challenges in Risk Management Technologies and Strategies
Risk management is pervasive throughout organizations. There are many departments that manage risk with a variety of approaches, models, needs, and views into risk. This makes enterprise and operational risk management… Continue reading Mistakes & Challenges in Risk Management Technologies and Strategies
-
Manage Third Party Risk Exposure in an Interconnected World
Realize that everything connects to everything else. Leonardo da Vinci The world is flat, risk is pervasive, and organizations have no boundaries. We operate in a global and interconnected world.… Continue reading Manage Third Party Risk Exposure in an Interconnected World
-
FCPA: Change is in the Air
The past few months have seen some interesting developments in context of the U.S. Foreign Corrupt Practices Act (FCPA). I get more questions on anti-bribery and corruption than any other… Continue reading FCPA: Change is in the Air
-
From Backcountry Ranger to GRC Pundit
It is the Thanksgiving holiday here in the United States, so I thought I would make this post a little more personal. I am grateful for all of my clients,… Continue reading From Backcountry Ranger to GRC Pundit
-
The Agile Organization: GRC in Context of Regulatory Change
Change is an intricate machine of chaotic gears and movements and is the single greatest challenge for organizations in the context of governance, risk management, and compliance (GRC). The challenge… Continue reading The Agile Organization: GRC in Context of Regulatory Change
-
IT GRC > IT Security
If you have been following my research over the course of the past 15 years you will know that I have often been frustrated when IT GRC has been understood to be confined to IT security management. In fact, you can find some of my Forrester reports (2001 to 2007) that often challenge the captivity…
-
Now Accepting 2015 GRC Value Award Nominations
GRC 20/20 is accepting nominations for the 2015 GRC Value Awards! Successful governance, risk management, and compliance (GRC) delivers the ability to effectively mitigate risk, meet requirements, satisfy auditors, achieve human… Continue reading Now Accepting 2015 GRC Value Award Nominations
-
Quick Start to a GRC RFP
The GRC market is a broad market with a variety of segments. It is not all about Enterprise GRC Platforms. In fact, only about 25% of the inquiries GRC 20/20 gets from organizations are for Enterprise GRC strategies and platforms. A good 75% of the market is aimed at solving department and specific regulatory or…
-
How to Purchase Policy Management Solutions
A well-conceived technology architecture for policy and training management can enable a common policy and training framework across multiple departments, or just one department as appropriate. Organizations need a policy management platform that is context-driven and adaptable to a dynamic and changing environment. Compared to the ad hoc method in use in most organizations today,…
-
Demand & Market for GRC Content & Intelligence Offerings
The role of content in GRC strategies, solutions, and architecture is becoming significant. Organizations find that they need access to risk and compliance intelligence updates, regulatory changes, risk libraries, audit templates, sanction and watch lists, sample policies, and more. GRC solutions are often differentiating themselves by their ability to provide and integrate a range of…