
Upcoming Events . . .
Latest Pontifications & Thoughts . . .
Enabling the 1st Line of Defense with Policy, Training & Issue Reporting
Like battling the multi-headed Hydra in Greek mythology, redundant, manual, and uncoordinated governance, risk management, and compliance (GRC) approaches are ineffective. As the Hydra grows more heads of regulation, legal… Continue reading Enabling the 1st Line of Defense with Policy, Training & Issue Reporting
Compliance, Particularly for Privacy, Requires Data Process Mapping & Disposition
Compliance used to be simpler. An organization was given a set of requirements and it had to check the boxes that it met the requirements and compliance was achieved. The… Continue reading Compliance, Particularly for Privacy, Requires Data Process Mapping & Disposition
Is SMR & CR, the UK Financial Services biggest challenge for 2018?
The UK Senior Manager’s Regime and Certification Regime (UK SMR/CR) is one of the most significant challenges financial services firms are facing right now. The Financial Conduct Authority (FCA) has… Continue reading Is SMR & CR, the UK Financial Services biggest challenge for 2018?
The IRM Emperor (Gartner) Has No Clothes
The Gartner Integrated Risk Management (IRM) Magic Quadrant has been out a few weeks and I have been buried with inquiries from organizations asking my thoughts on it. While I… Continue reading The IRM Emperor (Gartner) Has No Clothes
Defining the Issue Reporting & Case Management Process
Distributed and dynamic business requires the organization to take a strategic approach to issue reporting and case management. Organizations require complete situational and holistic awareness of issues, incidents, investigations, and… Continue reading Defining the Issue Reporting & Case Management Process
An Enterprise Approach to Issue Reporting & Case Management
GRC 20/20 has seen many organizations take an enterprise perspective on aspects of GRC, such as Enterprise Policy Management, Enterprise Third Party Management, and, of course, Enterprise Risk Management. Over the… Continue reading An Enterprise Approach to Issue Reporting & Case Management
3 Key Findings from the Policy Management by Design Workshop
Policy management is a crucial component of a larger corporate governance, risk management, and compliance (GRC) program. Adherence to external regulations and instilling employee accountability starts with well-established organizational policies… Continue reading 3 Key Findings from the Policy Management by Design Workshop
2019 GRC User Experience Award Nominations
GRC 20/20 is accepting nominations for the 2019 GRC User Experience Awards! Governance, risk management and compliance (GRC) is a part of everyone’s job. Too often we shovel GRC into… Continue reading 2019 GRC User Experience Award Nominations
Improving Policies Through Metrics
It is unfortunate that many policies are written and then left to slowly rot over time. What was a good policy five years ago may not be the right policy… Continue reading Improving Policies Through Metrics
Policy Management Requires Attention
Policies: A Foundation in GRC Strategies Policies are critical to organizations as they establish boundaries of behavior for individuals, processes, relationships, and transactions. An organization must establish policy it is… Continue reading Policy Management Requires Attention
Why it Makes Sense to Manage Retention with Privacy and GDPR
There is increasing focus on the protection of personal identity information around the world. Over the past two decades, we have seen increasing regulations such as US HIPAA, US GLBA,… Continue reading Why it Makes Sense to Manage Retention with Privacy and GDPR
GDPR in Third Party Relationships Stretches Resources
As the years go by, there is increasing focus on the protection of personal identity information around the world. Over time we have seen new regulations such as US HIPAA, US GLBA,… Continue reading GDPR in Third Party Relationships Stretches Resources