Upcoming Events . . .
Latest Pontifications & Thoughts . . .
How to Purchase Policy Management Solutions
A well-conceived technology architecture for policy and training management can enable a common policy and training framework across multiple departments, or just one department as appropriate. Organizations need a policy management platform that is context-driven and adaptable to a dynamic and changing environment. Compared to the ad hoc method in use in most organizations today,…
Demand & Market for GRC Content & Intelligence Offerings
The role of content in GRC strategies, solutions, and architecture is becoming significant. Organizations find that they need access to risk and compliance intelligence updates, regulatory changes, risk libraries, audit templates, sanction and watch lists, sample policies, and more. GRC solutions are often differentiating themselves by their ability to provide and integrate a range of…
A Strategic Approach to Third Party Management, Part 2: Designing an Integrated Architecture to Support Your Strategy
Third party management processes are used to manage and monitor the ever-changing relationship, risk, and regulatory environments in extended business relationships. While third party processes can vary by organization and industry, the common components are . . .
Now Accepting 2015 GRC Innovation Award Nominations
It has been stated that: Any intelligent fool can make things bigger, more complex and more violent. It takes a touch of genius – and a lot of courage to move in the opposite direction. A primary directive of innovation is to provide experience that is simple yet complete. Like Apple with its innovative technologies,…
Considerations When Purchasing Policy Management Solutions
With today’s complex business operations, global expansion, and the ever changing legal, regulatory and compliance environments, a well-defined policy management program is vital to enable an organization to effectively develop and maintain the policies needed to reliably achieve objectives while addressing uncertainty and act with integrity. This is why organizations are aggressively looking at policy…
A Strategic Approach to Third Party Management, Part 1: Defining Your Strategy
Designing a third party management program starts with defining the third party strategy. The strategy connects key business functions with a common third party governance framework and policy. The strategic plan is the foundation that enables third party transparency, discipline, and control of the ecosystem of third parties across the extended enterprise.
Considerations When Purchasing GRC Solutions
Over the next few months I will be doing a regular series of posts on buying considerations in different areas of GRC. However, before getting into specific areas, I want to share considerations organizations should have when looking at any type of GRC related solution. The guidance provided below is applicable whether you are looking…
Best Practice in Model Risk Management: Modeling Your Models
Over time models have grown in variety, complexity, and use within organizations. They have moved from tactical pieces of input to a strategic pillar that provides the infrastructure and backbone for strategy and decisions at all levels of the organization. Time and evolution of models left uncontrolled bring forth loss and potential disaster. Unfortunately, many…
The Agile Organization: GRC as a Transformational Process
Business is complex; gone are the years of simplicity in business operations. Exponential growth, globalization, distributed operations, changing processes, competitive velocity, complex business relationships, disruptive technology, multiplying regulations, and explosion of business data encumbers organizations of all sizes. Keeping complexity and change in sync is a significant challenge for boards and executives, as well as…
Regulatory Change Management Maturity Model: From Ad Hoc to Agile
Mature regulatory change management requires the organization to align on regulatory risk. It also involves participation across the organization at all levels to identify and monitor uncertainty and the impact of regulatory change. GRC 20/20 has developed the Regulatory Change Management Maturity Model to determine an organization’s maturity in regulatory change management processes as well…
GRC Architecture to Manage Regulatory Change
This is part 4 on the topic of regulatory change management. In the previous posts we explored: Pressure organizations are under in context of regulatory change Broken processes they struggle with to… Continue reading GRC Architecture to Manage Regulatory Change
