Upcoming Events . . .
Latest Pontifications & Thoughts . . .
-
Efficient and Effective Third-Party GRC Management
Modern Organization: Interconnected Maze of Relationships Traditional brick and mortar business are a thing of the past. Physical buildings and conventional employees no longer define organizations. The modern organization is… Continue reading Efficient and Effective Third-Party GRC Management
-
GDPR: Moving Forward Out of the Doldrums
I love sailing. It has fascinated me since I was in high school, but only recently have I taken up learning to sail. While I have not sailed across an… Continue reading GDPR: Moving Forward Out of the Doldrums
-
Monitoring and Managing Risk Effectively
Organizations take risks all the time but fail to monitor and manage risk effectively. A cavalier approach to risk-taking is a result of a poorly defined risk culture. It results… Continue reading Monitoring and Managing Risk Effectively
-
Understanding & Improving Governance, Risk Management & Compliance
Governance, risk management & compliance (GRC) is something an organization does and not something an organization buys. GRC, done properly, is what is achieved throughout the business and its operations. By… Continue reading Understanding & Improving Governance, Risk Management & Compliance
-
The One Regulation to Rule Them All: UK SMR/CR & Cascading Regulations
For those of you on this list that know me on a personal level, I am a huge Tolkien fan. In fact, I am just a Master’s thesis away from… Continue reading The One Regulation to Rule Them All: UK SMR/CR & Cascading Regulations
-
Managing Risk & Compliance in the Extended Enterprise
Modern Organization: Interconnected Maze of Relationships No man is an island, entire of itself; Every man is a piece of the continent, a part of the main.[1] Replace the word… Continue reading Managing Risk & Compliance in the Extended Enterprise
-
Enabling the 1st Line of Defense with Policy, Training & Issue Reporting
Like battling the multi-headed Hydra in Greek mythology, redundant, manual, and uncoordinated governance, risk management, and compliance (GRC) approaches are ineffective. As the Hydra grows more heads of regulation, legal… Continue reading Enabling the 1st Line of Defense with Policy, Training & Issue Reporting
-
Compliance, Particularly for Privacy, Requires Data Process Mapping & Disposition
Compliance used to be simpler. An organization was given a set of requirements and it had to check the boxes that it met the requirements and compliance was achieved. The… Continue reading Compliance, Particularly for Privacy, Requires Data Process Mapping & Disposition
-
Is SMR & CR, the UK Financial Services biggest challenge for 2018?
The UK Senior Manager’s Regime and Certification Regime (UK SMR/CR) is one of the most significant challenges financial services firms are facing right now. The Financial Conduct Authority (FCA) has… Continue reading Is SMR & CR, the UK Financial Services biggest challenge for 2018?
-
The IRM Emperor (Gartner) Has No Clothes
The Gartner Integrated Risk Management (IRM) Magic Quadrant has been out a few weeks and I have been buried with inquiries from organizations asking my thoughts on it. While I… Continue reading The IRM Emperor (Gartner) Has No Clothes
-
Defining the Issue Reporting & Case Management Process
Distributed and dynamic business requires the organization to take a strategic approach to issue reporting and case management. Organizations require complete situational and holistic awareness of issues, incidents, investigations, and… Continue reading Defining the Issue Reporting & Case Management Process
-
An Enterprise Approach to Issue Reporting & Case Management
GRC 20/20 has seen many organizations take an enterprise perspective on aspects of GRC, such as Enterprise Policy Management, Enterprise Third Party Management, and, of course, Enterprise Risk Management. Over the… Continue reading An Enterprise Approach to Issue Reporting & Case Management
