I have been advising organizations on strategy, process, and technology related to ESG for over fifteen years. Of course, it has not been called ESG for that long. It was CSR (corporate social responsibility), social accountability, sustainability . . . now it is ESG. ESG has a lot more focus and momentum than its previous……

The mature risk and resilience program can be measured against critical elements across governance and oversight, people and engagement, process and execution, and information and technology. Risk & Resilience Governance & Oversight The governance model is agreed upon at the board level and effectively communicated and supported across the organization  Policies and procedures for risk……

Getting to the Head of the Risk & Resiliency Class Organizations with risk and resilience processes siloed within departments operate at the Ad Hoc, Fragmented, or Defined stage. At these stages, risk and resilience management programs manage risk and continuity at the departmental level, and lack an integrated view, with no gain in efficiencies from……

Mature risk and resilience management is a seamless part of risk governance and operations. It requires a top-down view of risk and resilience, led by the executives and the board, where risk and resilience management are part of the fabric of business operations and processes – not an unattached layer of oversight. It also means……

Firewalls protect us. In buildings, it is a wall intended to shield and confine a fire to an area to protect the rest of the building. In a vehicle, it is a metal shield protecting passengers from heat and potential fire in the engine. In network security, it is the logical ingress and egress points……

I have been on the road regularly for the past six weeks with a heavy travel schedule through mid-July that brings me across the USA and Europe. Lots of interactions with people face-to-face and the conversations center on: How do we engage the front-line/office of the organization on GRC? How do we make GRC intuitive?……

A dynamic business environment requires the capability to actively manage risk intelligence and fluctuating risks impacting the organization and its relationships. The old paradigm of uncoordinated third-party risk management is inadequate given the volume of risk information, the pace of change, and the broader operational impact on today’s business environment and operations. Organizations need to……

Take advantage of GRC’s structured guidance to deliver on ESG strategy and processes. ESG – Environmental, Social, and Governance – is pressuring organizations from every angle. Investors are making investment decisions based on the ESG practices of companies. Individual directors on boards are being voted out based on ESG metrics. Employees are making decisions on……

The Federal Risk and Authorization Management Program (FedRAMP) has been in place for just over a decade (2011). Its purpose is to provide a “cost-effective, risk-based approach for the adoption and use of cloud services” by the federal government. This is to equip and enable federal agencies to utilize cloud technologies in a way that……

Gone are the years of simplicity in business operations. Rapid growth and change in risks, regulations, globalization, distributed operations, competitive velocity, technology, and business data encumbers organizations of all sizes. Keeping business strategy, compliance, uncertainty, complexity, and change in sync is a significant challenge for boards and executives and management professionals throughout all levels of……

Organizations often fail to monitor and manage compliance controls effectively in an environment that demands agility. This results in the inevitable failure of compliance that provides case studies for future generations on how poor internal control management leads to the demise of organizations: even those with strong brands. Today’s business environment is complex. Exponential growth……