After you define your Third-Party GRC Strategic Plan, and define your Third-Party GRC Processes, next comes the defining and deploying your information and architecture to enable third-party GRC/risk management .… Continue reading Information & Technology Enables Third-Party GRC

Are you scared of shadows? You should be, as they can cause serious legal, operational, compliance, risk, brand/reputation, and integrity liability.  For the past several years organizations have been battling… Continue reading Shadow Policies: Increasing Legal Exposure & Liability

Policies, and in that context the management of policies, has become critical to define and guide culture and behavior in today’s distributed, dynamic, and disrupted business environment. Today’s organization can… Continue reading Becoming a Policy Management Pro with a New Online Resource

After you define your Third-Party GRC Strategic Plan, next comes the process of defining your third-party GRC process lifecycle . . . The third-party GRC management strategy and policy is… Continue reading Understanding the Third-Party GRC Process Lifecycle

ESG – Environmental, Social, Governance – remains front-page business news. Organizations around the world and across industries are challenged to define, implement, and report on ESG. The pressures are coming… Continue reading ES-G-RC – The Role of GRC in Delivering ESG

A sustainable third-party GRC strategy means looking to the future and mitigating risk instead of putting out fires. Organizations need to be intelligent about what processes, risk intelligence data/services, and… Continue reading Critical Elements of a Third-Party GRC Strategic Plan

Fans of the story, Alice in Wonderland, will remember how the Cheshire Cat answered Alice when she asked him which way to go. He answered, “If you don’t know where you… Continue reading Vendor Performance & SLA Management: A Quick Guide

Dissociated data, systems, processes, and a myopic risk vision leaves the organization with fragments of the truth that fail to see the big picture of third-party performance, risk, and compliance… Continue reading Defining Third-Party GRC Management

The Modern Organization is an Interconnected Web of Relationships No man is an island, entire of itself;Every man is a piece of the continent, a part of the main. John… Continue reading The Extended Enterprise Demands Attention

Below is Michael Rasmussen’s article found in the Summer 2021 issue of Enterprise Risk, published by the Institute of Risk Management (The IRM). Before last year, risk managers knew they were living in… Continue reading Relationship Trouble: The Pandemic’s Web of Interconnected Risks

In my previous post, The Board’s Role in Leading and Enabling GRC, I emphasized the board’s critical role in delivering on the G in GRC, governance. This post discusses how to… Continue reading Integrating a Top-Down Board View of GRC With a Bottom-Up Operational View of GRC

COVID-19 is not the only pandemic; it has sprung a chain of pandemics and increased risk exposure in areas. One such pandemic plaguing organizations in response to COVID-19 is the… Continue reading The Second Wave of the Policy Management Pandemic