My two cents – if you are relying on spreadsheets (or for that matter word processing documents) to survey and gather risk and compliance information you have a problem. This… Continue reading Spreadsheets are inadequate for risk and compliance assessment questionaires

Last week was an exciting week – three events converged in an action packed week in Orlando: I did a live webcast on Measuring the Ethical Organization with the Institute… Continue reading SAP Delivers on GRC Vision

Confusion leads to chaos. One area of confusion is IT-GRC. Major analyst firms are in a hubbub trying to get their arms around IT-GRC. IT security vendors are pulling in… Continue reading What is IT GRC?

One of my pet peeves in the GRC space is the misuse of words. I frequently have vendors come to me and tell me that they are an enterprise risk… Continue reading Getting It Right

GRC 1.0 – it was a good start. When I originally defined the GRC market, unlike other analysts, I had a holistic view of business processes in mind that needed… Continue reading GRC 2.0 – The GRC.EcoSystem

Governance, Risk, and Compliance can each be confusing to understand in their individual capacities – bring them together as GRC and it can be even more confounding. GRC is more… Continue reading Understanding GRC

Integrity is a mirror revealing the truth about an individual or a corporation. It involves walking the talk — not just talking it. On a personal level, integrity is measured… Continue reading Why Integrity?