Friend, Last week we began our presentation of the GRC Reference Architecture, which is part of my broader GRC EcoSystem (which includes over 1300 technology, professional service, and information… Continue reading GRC Reference Architecture: the GRC Enterprise Application Core

  GRC – Governance, Risk, & Compliance. Whether you use this specific acronym or not the fact is your organization does GRC. There is not a single executive that will… Continue reading GRC Reference Architecture: Enterprise Data Architecture & Framework

  From the SCCE: In the recent Corporate Integrity Agreement between Pfizer and the Office of the Inspector General of the Department of Health and Human Services, Pfizer agreed that… Continue reading Pfizer's Corporate Integrity Agreement & Compliance Officer Positioning Survey

  Success in today’s dynamic business environment requires the organization to integrate, build, and support business process with an enterprise view of risk and compliance.Without a new approach to risk… Continue reading Establishing an Enterprise View of Risk & Compliance

Most GRC software as well as GRC implementations are more like RC (without the G). Or just R or just C. Or perhaps Rc or rC. . . My position… Continue reading Where is performance & strategy in GRC?

For one thing – that would be too much of an acronym CGRCO. The subject actually came up in a corporate governance discussion group I belong to. Michael Corcoran posted… Continue reading We do not need a Chief GRC Officer!

  While GRC is ultimately about collaboration and communication between the business roles and processes responsible for varying risk and compliance functions, there is no doubt that technology has an… Continue reading The GRC Technology EcoSystem – Revised

During my latest OCEG GRC Strategy & Red Book 2 Bootcamp, one attendee stated they had seen the job title of Chief Punishment Officer in China. Any takers? On a… Continue reading Chief Punishment Officer

I am baffled by the ignorant that are happy with their blinders and do not see how governance, risk, and compliance interrelate and support each other to form GRC. Today… Continue reading Defining & Communicating a Culture of Risk

My apologies. Along with my commentary on Forrester’s GRC Ripple (OOOPS . .. I Mean Wave) I had promised to provide my thoughts on Gartner’s EGRC Magic Quadrant once it… Continue reading Gartner's EGRC "Arcane" Magic Quadrant

Values and ethics define an individual – as well as families, societies, and culture in general. Everyone puts a stake in the ground as to what is important to him… Continue reading Who Defines Your Corporation's Values?

The landscape of governance, risk management, and compliance initiatives is broad and littered with a variety of specific standards and frameworks. Each of these specific frameworks may be good at… Continue reading Framework Approach to Governance, Risk Management, & Compliance