Upcoming Events . . .

View Calendar

Latest Pontifications & Thoughts . . .

  • GDPR Compliance Requires a Strategy Supported by Process, Information and Technology

    GDPR Compliance Requires a Strategy Supported by Process, Information and Technology

    Michael Rasmussen

    As the years go by, there is increasing focus on the protection of personal information around the world. Over time we have seen US HIPAA, US GLBA, Canada’s PIPEDA, the EU Data… Continue reading GDPR Compliance Requires a Strategy Supported by Process, Information and Technology

  • Risk Management by Design

    Risk Management by Design

    Michael Rasmussen

    The physicist, Fritjof Capra, made an insightful observation on living organisms and ecosystems that also rings true when applied to risk management: “The more we study the major problems of… Continue reading Risk Management by Design

  • Monitoring and Managing Risk Effectively

    Monitoring and Managing Risk Effectively

    Michael Rasmussen

    Challenge to Boards, Executives, and Risk Management Professionals Organizations take risks all the time but fail to monitor and manage risk effectively. Further, risk management is too often seen as… Continue reading Monitoring and Managing Risk Effectively

  • Benefits of a Policy & Training Management Strategy and Architecture

    Benefits of a Policy & Training Management Strategy and Architecture

    Michael Rasmussen

    The organization requires a policy and training management architecture that is context-driven and adaptable to a dynamic and changing environment. Compared to the ad hoc method in use in most… Continue reading Benefits of a Policy & Training Management Strategy and Architecture

  • Policy Management Information & Technology Architecture

    Policy Management Information & Technology Architecture

    Michael Rasmussen

    Policy & Training Management Information Architecture The policy and training management information architecture supports the process architecture and overall policy and training management strategy. With processes defined and structured in the… Continue reading Policy Management Information & Technology Architecture

  • Compliance Automation: The Role of Technology in Today’s Dynamic Organization

    Compliance Automation: The Role of Technology in Today’s Dynamic Organization

    Michael Rasmussen

    Compliance is not easy. Organizations across industries have global clients, partners, and business operations. Adding to the complexity of global business, today’s organization is dynamic and constantly changing. The modern… Continue reading Compliance Automation: The Role of Technology in Today’s Dynamic Organization

  • GRC 20/20’s Effective Policy Management Process Lifecycle

    GRC 20/20’s Effective Policy Management Process Lifecycle

    Michael Rasmussen

    The policy and training management strategy and policy is supported and made operational through the policy and training management architecture.  The organization requires complete situational and holistic awareness of policies… Continue reading GRC 20/20’s Effective Policy Management Process Lifecycle

  • Uncontrolled Spreadsheets, Documents, and Emails, Oh My!

    Uncontrolled Spreadsheets, Documents, and Emails, Oh My!

    Michael Rasmussen

    Business is complex. Exponential change in regulations, globalization, distributed operations, processes, competitive velocity, business relationships, and legal matters encumbers organizations of all sizes across industries. Like battling the multi-headed Hydra… Continue reading Uncontrolled Spreadsheets, Documents, and Emails, Oh My!

  • Developing a Policy Management Strategy

    Developing a Policy Management Strategy

    Michael Rasmussen

    Organizations need a coordinated cross-department strategy for managing policies and training programs across the enterprise.  The goal is to develop a common framework and approach so that policies and training… Continue reading Developing a Policy Management Strategy

  • Policy & Training Management Demands Attention

    Policy & Training Management Demands Attention

    Michael Rasmussen

    The Foundational Role of Policies in GRC Strategies Policies are critical to the organization as they establish boundaries of behavior for individuals, processes, relationships, and transactions. Starting at the policy… Continue reading Policy & Training Management Demands Attention

  • Developing a Vendor Risk Management Strategy – Info/CyberSecurity Perspective

    Developing a Vendor Risk Management Strategy – Info/CyberSecurity Perspective

    Michael Rasmussen

    Organizations are porous: the modern organization is not defined by brick and mortar walls but is a complex web of business relationships. These relationships span vendors, suppliers, outsourcers, service providers,… Continue reading Developing a Vendor Risk Management Strategy – Info/CyberSecurity Perspective

  • Considerations and Lessons Learned from GRC RFPs

    Considerations and Lessons Learned from GRC RFPs

    Michael Rasmussen

    The GRC technology market landscape is broad with over 800 solution providers across seventeen segments of GRC (see bottom of this post for a breakout of GRC segments). Approximately seventy… Continue reading Considerations and Lessons Learned from GRC RFPs