At its core, GRC is the capability to reliably achieve objectives [GOVERNANCE], address uncertainty [RISK MANAGEMENT], and act with integrity [COMPLIANCE]. GRC is something organizations do, not something they purchase.… Continue reading Operationalizing GRC in Context of Legal & Privacy: the Last Mile of GRC

Compliance disclosures are a critical element of an organization’s compliance and ethics management program. The organization requires structured approaches to managing disclosures such as conflicts of interest, and a way… Continue reading Disclosure Management: Comparing Compliance Solutions

One of the greatest challenges to organizations today is managing the extended enterprise; the web of third-party relationships that support the business and its operations. The integrity of the organization… Continue reading A Business Case for Integrated Third-Party GRC Across the Extended Enterprise

Organizational exposure to compliance risk is rising while the cost of compliance soars. Organizations operate in a field of ethical, regulatory, and legal landmines. The daily headlines reveal companies that… Continue reading Delivering on Agile Compliance in Dynamic Business

Accountability is More Than Responsibility There is a difference between accountability and responsibility. An individual or organization can outsource or delegate responsibilities, but one cannot do so with accountability. To… Continue reading Efficiency & Agility in Accountability Compliance – SMCR, BEAR, SEAR, MIC, GIAC

Information governance has become a critical objective for organizations. In the context of the pervasive use of information throughout the enterprise, operational reliance on information, and increased regulation and liability… Continue reading A New Framework for Defining and Approaching Information Governance

It is finally here! For the past year, I have been working hard with OCEG on the Policy Management Illustrated eBook. I have spent countless hours behind Adobe Illustrator working… Continue reading Why Policies, and Policy Management, Matters

The world has changed, business has changed. A worldwide pandemic has caused restructuring of processes, employees, and activities. It has forced organizations to look for agile ways to manage a… Continue reading Policy Engagement In A COVID & Post-COVID World

The value of a third-party risk management strategy Traditional brick and mortar business is a thing of the past: physical buildings and conventional employees no longer define your organization. The… Continue reading Ensuring Integrity in the Extended Enterprise

Risk management is a hot topic and focus within organizations. We are surrounded with acronyms of GRC (governance, risk management, and compliance), ERM (enterprise risk management), ORM (operational risk management),… Continue reading Rethinking Risk Management RFP Requirements

It has been stated that: Any intelligent fool can make things bigger, more complex and more violent. It takes a touch of genius – and a lot of courage to… Continue reading ENGAGING GRC TO THE FRONT-OFFICE, AND NOT JUST BACK-OFFICE FUNCTIONS