Upcoming Events . . .
Latest Pontifications & Thoughts . . .
GRC 20/20’s Effective Policy Management Process Lifecycle
The policy and training management strategy and policy is supported and made operational through the policy and training management architecture. The organization requires complete situational and holistic awareness of policies… Continue reading GRC 20/20’s Effective Policy Management Process Lifecycle
Uncontrolled Spreadsheets, Documents, and Emails, Oh My!
Business is complex. Exponential change in regulations, globalization, distributed operations, processes, competitive velocity, business relationships, and legal matters encumbers organizations of all sizes across industries. Like battling the multi-headed Hydra… Continue reading Uncontrolled Spreadsheets, Documents, and Emails, Oh My!
Developing a Policy Management Strategy
Organizations need a coordinated cross-department strategy for managing policies and training programs across the enterprise. The goal is to develop a common framework and approach so that policies and training… Continue reading Developing a Policy Management Strategy
Policy & Training Management Demands Attention
The Foundational Role of Policies in GRC Strategies Policies are critical to the organization as they establish boundaries of behavior for individuals, processes, relationships, and transactions. Starting at the policy… Continue reading Policy & Training Management Demands Attention
Developing a Vendor Risk Management Strategy – Info/CyberSecurity Perspective
Organizations are porous: the modern organization is not defined by brick and mortar walls but is a complex web of business relationships. These relationships span vendors, suppliers, outsourcers, service providers,… Continue reading Developing a Vendor Risk Management Strategy – Info/CyberSecurity Perspective
Considerations and Lessons Learned from GRC RFPs
The GRC technology market landscape is broad with over 800 solution providers across seventeen segments of GRC (see bottom of this post for a breakout of GRC segments). Approximately seventy… Continue reading Considerations and Lessons Learned from GRC RFPs
Increasing Exposure of Third Party Risks
The Modern Organization is an Interconnected Mess of Relationships Brick and mortar business is a thing of the past: physical buildings and conventional employees no longer define an organization. The… Continue reading Increasing Exposure of Third Party Risks
GRC in Uncertain Times: 2016 and into 2017
In the past month there have been a lot of posts, articles, and discussion on the impact of Trump’s presidency on the GRC market, particularly compliance. Some fear that the need… Continue reading GRC in Uncertain Times: 2016 and into 2017
How to Identify UBOs in an Unpredictable World
Business operates in a world of chaos, where relationship risk is ever present. What’s the secret to understanding and identifying ultimate beneficial owners? The modern organization is an interconnected web… Continue reading How to Identify UBOs in an Unpredictable World
The Role of Technology in Compliance Risk Management
Organizational exposure to compliance risk is rising while the cost of compliance soars. An ad hoc or reactive approach to compliance brings complexity, forcing business to be less agile. Organizations… Continue reading The Role of Technology in Compliance Risk Management
Compliance: An Integral Part of Risk Management
Increased regulatory and ethical pressures are transforming the traditional role of compliance. Compliance departments are taking on broader responsibility for ethics, compliance, corporate culture, and social responsibility. With greater frequency,… Continue reading Compliance: An Integral Part of Risk Management
Compliance and Risk Bear Down on the Organization
Compliance in Dynamic and Distributed Business Compliance is not easy. Organizations across industries have global clients, partners, and business operations. The larger the organization the more complex its operations. Adding… Continue reading Compliance and Risk Bear Down on the Organization
