Organizations need to be organizations of integrity. What we communicate to the world about our policies, compliance and ethics practices, values, code of conduct, regulatory commitments, and now ESG statements is a reality in the organization and not fiction. The Chief Ethics and Compliance Officer (CECO) has become the Chief Integrity Officer of the organization.……

IRM – Surprise! But it its not what you think. I have not changed my stance on Gartner’s misaligned Integrated Risk Management. This is the Institute of Risk Management, the real IRM in which I am a Global Ambassador of Risk Management as well as an Honorary Life Member. They published a great report on……

Organizations take legal risks all the time but often fail to integrate these risks effectively in an environment that is continuously changing and requires agility. Too often legal is seen as a siloed exercise and not truly integrated with the organization’s strategy, decision-making, objectives, and overall enterprise risk management strategy. This results in inevitable exposures in legal……

Gone are the days of simplicity in business operations. The challenges that are thrown by ever-changing regulations, distributed operations, highly competitive business landscape, evolving technologies, and huge volumes of business data encumber organizations of all sizes. Risk management has become a challenge for CXOs, as well as managers throughout all levels of the organization. The……

Lacking an integrated view of risk and resilience results in business processes, services, employees, and systems that behave like leaves blowing in the wind. Organizations need to develop, nurture, and mature a risk and resilience management capability aligned with strategy, performance, and objectives that operate as a risk and resilience central nervous system. Consider the……

Shadows haunt the organization. Today’s organization is encumbered by things like shadow processes and shadow IT. These are rogue processes and technology that get implemented in the depths of the organization without thought or conformity to a top-down integrated strategy. The components of GRC – governance, risk management, and compliance – are in every organization. My……

Here are some thoughts on how to mature a policy management strategy from the recent GRC 20/20 research report, Risk & Resiliency Management Maturity Model: A New Paradigm on Risk, Resiliency & Continuity Integration Dynamic, Disrupted & Distributed Business is Difficult to Control The complexity of business – combined with the intricacy and interconnectedness of……

Looking for a path to environmental, social and governance (ESG) insights in a forest of GRC data The last two years have shone a light on GRC – governance, risk management, compliance – processes and shifted many attitudes towards risk. Yet many organizations are left with many questions: What are the best practices to identify,……

ESG – Environmental, Social, Governance – is a dominant focus in organizations right now getting board-level scrutiny and attention. Organizations around the world and across industries are challenged to define, implement, and report on ESG. These pressures are coming from all directions: investors, customers, employees, regulators, and activists. The reality is that ESG has teeth,……

In GRC 20/20’s upcoming 2022 State of the GRC Market Research Briefing, one of the changes I am doing to my market models is the integration of the former Business Continuity Management segment into the Risk Management segment to become Risk & Resiliency Management. This is further referenced in the recent GRC 20/20 Research paper……

Here are some thoughts on how to mature a policy management strategy from the recent GRC 20/20 research report, Strategy Perspective: Policy Management Maturity Model. Mature policy management is a seamless part of governance and operations. It requires a top-down view of policies starting with the code of conduct and filtering down into division, department,……

We are at a critical point in history, a point that can lead to two very different outcomes. The decisions organizations make today and how they manage environmental, health and safety risks set all of us on a path for our world in the future. In my keynotes and presentations, I ask the question: What is……