Managing and keeping up with change is one of the greatest challenges for organizations in the context of governance, risk management, and compliance (GRC). Managing the dynamic and interconnected nature of change and how it impacts the organization is driving strategies to mature and improve regulatory change management as a defined process. The goal is……

After you define your Third-Party GRC Strategic Plan, and define your Third-Party GRC Processes, next comes the defining and deploying your information and architecture to enable third-party GRC/risk management . . . The primary directive of a mature third-party governance program is to deliver effectiveness, efficiency, and agility to the business in managing the breadth……

Are you scared of shadows? You should be, as they can cause serious legal, operational, compliance, risk, brand/reputation, and integrity liability.  For the past several years organizations have been battling shadow IT. This is the use of information technology applications, devices, software, technology, and services within departments and bypassing IT and without their approval. Shadow……

Policies, and in that context the management of policies, has become critical to define and guide culture and behavior in today’s distributed, dynamic, and disrupted business environment. Today’s organization can no longer take a haphazard approach to policies and the management thereof. When an organization fails to establish strong policies, the organization quickly becomes something……

After you define your Third-Party GRC Strategic Plan, next comes the process of defining your third-party GRC process lifecycle . . . The third-party GRC management strategy and policy is supported and made operational through a third-party GRC management architecture. The organization requires complete situational and holistic awareness of third-party relationships across operations, processes, transactions,……

ESG – Environmental, Social, Governance – remains front-page business news. Organizations around the world and across industries are challenged to define, implement, and report on ESG. The pressures are coming from all directions: investors, customers, employees, regulators, and activists. The reality is that ESG has teeth, and organizations have to do something about it. Previous……

A sustainable third-party GRC strategy means looking to the future and mitigating risk instead of putting out fires. Organizations need to be intelligent about what processes, risk intelligence data/services, and technologies they deploy. With increased exposure to regulations and scrutiny of third-party relationships, how does an organization respond? It requires that the following third-party GRC……

Fans of the story, Alice in Wonderland, will remember how the Cheshire Cat answered Alice when she asked him which way to go. He answered, “If you don’t know where you are going, any road will get you there.” What the Cheshire Cat meant was if you lack an objective, then you have no destination in……

Dissociated data, systems, processes, and a myopic risk vision leaves the organization with fragments of the truth that fail to see the big picture of third-party performance, risk, and compliance across the enterprise and how it supports its strategy and objectives. The organization needs to have holistic visibility and situational awareness into third-party relationships across……

The Modern Organization is an Interconnected Web of Relationships No man is an island, entire of itself;Every man is a piece of the continent, a part of the main. John Donne Replace the word ‘man’ with ‘organization’, and the seventeenth-century English poet John Donne is describing the modern organization. In other words, “No organization is……

Below is Michael Rasmussen’s article found in the Summer 2021 issue of Enterprise Risk, published by the Institute of Risk Management (The IRM). Before last year, risk managers knew they were living in an interconnected world. The pandemic showed them what disruption to that web of connections really meant. It is time to learn the lessons. Martin Luther……

In my previous post, The Board’s Role in Leading and Enabling GRC, I emphasized the board’s critical role in delivering on the G in GRC, governance. This post discusses how to bring together a top-down board view of GRC and a bottom-up operational view of GRC. I find civil engineering amazing, particularly with tunnels. Consider the……