Over the past few weeks we have looked at both theinformation model and the enterprise application core of Corporate Integrity’s GRC Reference Architecture. The GRC Reference Architecture provides the… Continue reading GRC Reference Architecture: Role/Process Specific Applications

We interrupt this broadcast . . . yes, I know many of you have been waiting in eager participation for my next installment of the GRC Reference Architecture which is… Continue reading Good Risk Management Guidance – Here At Last in ISO 31000

  Friend, Last week we began our presentation of the GRC Reference Architecture, which is part of my broader GRC EcoSystem (which includes over 1300 technology, professional service, and information… Continue reading GRC Reference Architecture: the GRC Enterprise Application Core

  GRC – Governance, Risk, & Compliance. Whether you use this specific acronym or not the fact is your organization does GRC. There is not a single executive that will… Continue reading GRC Reference Architecture: Enterprise Data Architecture & Framework

  From the SCCE: In the recent Corporate Integrity Agreement between Pfizer and the Office of the Inspector General of the Department of Health and Human Services, Pfizer agreed that… Continue reading Pfizer's Corporate Integrity Agreement & Compliance Officer Positioning Survey

  Success in today’s dynamic business environment requires the organization to integrate, build, and support business process with an enterprise view of risk and compliance.Without a new approach to risk… Continue reading Establishing an Enterprise View of Risk & Compliance

Most GRC software as well as GRC implementations are more like RC (without the G). Or just R or just C. Or perhaps Rc or rC. . . My position… Continue reading Where is performance & strategy in GRC?

For one thing – that would be too much of an acronym CGRCO. The subject actually came up in a corporate governance discussion group I belong to. Michael Corcoran posted… Continue reading We do not need a Chief GRC Officer!

  While GRC is ultimately about collaboration and communication between the business roles and processes responsible for varying risk and compliance functions, there is no doubt that technology has an… Continue reading The GRC Technology EcoSystem – Revised

During my latest OCEG GRC Strategy & Red Book 2 Bootcamp, one attendee stated they had seen the job title of Chief Punishment Officer in China. Any takers? On a… Continue reading Chief Punishment Officer

I am baffled by the ignorant that are happy with their blinders and do not see how governance, risk, and compliance interrelate and support each other to form GRC. Today… Continue reading Defining & Communicating a Culture of Risk

My apologies. Along with my commentary on Forrester’s GRC Ripple (OOOPS . .. I Mean Wave) I had promised to provide my thoughts on Gartner’s EGRC Magic Quadrant once it… Continue reading Gartner's EGRC "Arcane" Magic Quadrant