Upcoming Events . . .
Latest Pontifications & Thoughts . . .
Next Generation Policy & Training Management Technology
GRC 20/20 interacts with a lot of organizations as they evaluate solutions for policy and training management. As the only analyst firm that breaks this functionality out as its own… Continue reading Next Generation Policy & Training Management Technology
Step 3: Select the Right Equipment for the 3rd Party GRC Journey
This is the 3rd blog in a 5-part series on developing a strategic plan for Third Party Governance/Management in your organization. Growing up in Northwest Montana I spent a lot… Continue reading Step 3: Select the Right Equipment for the 3rd Party GRC Journey
GRC Behemoth vs Agile GRC
Outside of Governance, Risk Management & Compliance (GRC), my passion and interest is in British medieval history – from the Anglo-Saxon period through the Plantagenets and the War of the… Continue reading GRC Behemoth vs Agile GRC
Step 2: Conditioning is Critical, Make Sure Your Team and Systems are Ready for 3rd Party GRC
This is the 2nd blog in a 5-part series on developing a strategic plan for Third Party Governance/Management in your organization. With an understanding of where you are at and… Continue reading Step 2: Conditioning is Critical, Make Sure Your Team and Systems are Ready for 3rd Party GRC
Step 1: Develop a 3rd Party GRC Strategic Plan
I grew up in the Northwest corner of Montana, a beautiful but wild country. From my earliest years I loved the outdoors. In fact, long before any aspirations to build… Continue reading Step 1: Develop a 3rd Party GRC Strategic Plan
UK SMCR: A Paradigm Shift to GRC Accountability
The UK Senior Manager’s Regime and Certification Regime (UK SMCR) is a paradigm shift in regulation and accountability. In one context, I have used the analogy that it is the… Continue reading UK SMCR: A Paradigm Shift to GRC Accountability
Chief Ethics & Compliance Officer: SWOT Analysis
Last week a Global CECO (manufacturing company operating in more than 60 countries with over 17,000 employees) reached out to me on a research piece I had published back in… Continue reading Chief Ethics & Compliance Officer: SWOT Analysis
Leveraging Data Classification to Enable GDPR/CCDP Data Subject Requests
Regulatory requirements are driving organizations to clearly define processes to manage personal data requests from data subjects [1], which in turn requires clear data classification and disposition controls in the environment.… Continue reading Leveraging Data Classification to Enable GDPR/CCDP Data Subject Requests
Managing Risk Across Third-party Relationships
Organizations are an intricate organism of complex relationships. The modern organization does not operate in isolation, but as part of an ecosystem of interactions with third parties. The physicist, Fritjof… Continue reading Managing Risk Across Third-party Relationships
GRC Take 2: Key Factors in Choosing a New GRC Vendor
Governance, risk management, and compliance (GRC) is something every organization does: it is part of business. Whether the organization calls it GRC, ERM, EHS, or something else…every organization has some… Continue reading GRC Take 2: Key Factors in Choosing a New GRC Vendor
Are Your Policies a Mess? A Maze of Confusion?
Effectively managing policies is easier said than done. Ad hoc or passive approaches mean that policies are outdated, scattered across the organization, and not consistent– resulting in confusion for recipients… Continue reading Are Your Policies a Mess? A Maze of Confusion?
Maintaining Internal Controls in Dynamic and Distributed Business
Organizations operate in a field of risk landmines. The daily headlines reveal companies that fail in risk, compliance, and internal controls. Business today is complex in its operations and corresponding… Continue reading Maintaining Internal Controls in Dynamic and Distributed Business
