In my experience, policy management processes are in disarray when operating autonomously, introducing risk in today’s complex, dynamic, and distributed business environment. The typical organization lacks a structured means of… Continue reading Accountability and Consistency in Policy Development

2012 marks the 10th anniversary since I first modeled a market for technology, content, and professional services and labeled it GRC. It all started with a vendor briefing with a… Continue reading Rethinking GRC

In the time it takes you to read this article your business has changed. The economic environment has changed, your employees have changed, and there are constant changes to technology,… Continue reading Tracking Change that Impacts Policy

From time to time, to my surprise, I still hear people asking why policies matter. After all, they argue, aren’t the laws and regulations we have to follow enough guidance?… Continue reading Effective Policy Management

The dynamic and global nature of business is challenging organizations to effectively and efficiently implement processes for governance, risk management, and compliance (GRC). As organizations expand operations, processes, locations, and… Continue reading GRC Flexibility and Efficiency through Mobile Audits and Assessments

Business is global, distributed and dynamic. Organizations of all sizes and industries have global client, partner, vendor and supply-chain relationships. Adding to this complexity is the dynamic nature of business… Continue reading Mitigating Risk in the Era of the Corporate Bounty Hunter

Lacking an integrated view of GRC results in business processes, partners, employees and systems that behave like leaves blowing in the wind. Modern business requires a new paradigm for tackling… Continue reading GRC Maturity: Measuring a New Paradigm for Risk and Compliance

Success in today’s dynamic business environment requires the organization to integrate, build, and support business process with an enterprise view of governance, risk management, and compliance (GRC).  Without an integrated… Continue reading Inevitability of Failure: Managing GRC in Silos

GRC technology innovation is alive and well! As I mentioned in last week’s posting, the GRC market is now 10 years old. It was in February 2002 that I first… Continue reading 2012 GRC Technology Innovation Awards

2012: The Chinese Year of the Dragon to Mayan Doomsday prophesies – this year certainly proves to be interesting (note: I myself do not hold to these views; feel free… Continue reading State of the GRC Market, Q1-2012

Organization exposure to compliance risk is rising at the same time the cost of compliance soars. An ad hoc or reactive approach to compliance brings complexity, forcing business to be… Continue reading Process Framework for Managing Compliance Risk

The GRC software space is vast with numerous vendors.  In fact, in my market models there are over 400 GRC software providers that span 28 primary categories (with numerous sub-categories)… Continue reading How to Buy GRC (Risk & Compliance) Software