Upcoming Events . . .
Latest Pontifications & Thoughts . . .
-
How Mature is Governance, Risk Management & Compliance (GRC) in Your Organization?
GRC maturity has evolved over the past fifteen years since OCEG first published the GRC Capability Model and we have measured these changes along the way. In 2019 we conducted our fifth GRC Maturity Survey to determine how program design and confidence has changed. The survey has hundreds of participants from organizations of all sizes and types……
-
Tale of Two Futures: Blade Runner or Star Trek?
It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness, it was the epoch of belief, it was the epoch of incredulity, it was the season of Light, it was the season of Darkness, it was the spring of hope, it……
-
GRC 4.0 – Agile GRC in a Dynamic & Disrupted Organization
Governance, risk management, and compliance (GRC) is the capability to reliably achieve objectives [GOVERNANCE] while addressing uncertainty [RISK MANAGEMENT] and act with integrity [COMPLIANCE]. The components of GRC provide the three legs of the stool that offer support and stability to the business and its operations. You take one leg away and the stool is……
-
From GRC 1.0 to GRC 5.0: A History of Technology for GRC
Governance, Risk Management and Compliance (GRC) is “a capability to reliably achieve objectives [GOVERNANCE], while addressing uncertainty [RISK MANAGEMENT], and act with integrity [COMPLIANCE].” This is the official definition of GRC as found in the OCEG GRC Capability Model and their focus on Principled Performance that has been in place for the past 15 years.……
-
Is Policy Management Causing More Pain than Gain?
The Policy Management Illustrated Series Frustrated by policy management? Having trouble finding all the policies (both authorized and unauthorized) floating around in your organization? Wasting time and resources that could be well applied elsewhere to help the organization achieve its objectives and stay on track? Realizing something has to change? In our research, we have……
-
Exposing IRM for What it Really is: GRC Light
Gartner, particularly John Wheeler, is hard at work trying to convince the world that their Integrated Risk Management (IRM) is something new to replace Governance, Risk Management & Compliance. You can check out John’s latest post mischaracterizing and misleading organizations in: GRC May Keep You “Out of Trouble” ,But IRM Will Keep You “ In Business” The first……
-
Understanding Third Party GRC Maturity: Agile Stage
A haphazard department- and document-centric approach for third party GRC compounds the problem and does not solve it. It is time for organizations to step back and mature their third-party GRC approaches with a cross-functional and coordinated strategy and team to define and govern third party relationships. Organizations need to mature their third-party governance with……
-
The Intersection of GRC and Policy Management
Policies matter, and policy management matters. Period. Policies are critical governance documents for every organization. They set guardrails and parameters of acceptable and unacceptable behavior for individuals, processes, and transactions. When they are managed and enforced properly, policies guide and define corporate culture. So, why do organizations approach and manage policies so carelessly? Policies set……
-
Understanding Third Party GRC Maturity: Integrated Stage
A haphazard department and document centric approach for third party GRC compounds the problem and does not solve it. It is time for organizations to step back and mature their third party GRC approaches with a cross-functional and coordinated strategy and team to define and govern third party relationships. Organizations need to mature their third……
-
The 3 Lifecycle Stages of Vendor Security Risk Management: Offboarding
How do you say goodbye to a third party? This is the third of a three-part series on vendor risk management through the lifecycle of the relationship. Today, we focus on the offboarding monitoring process. This is the third in a three-part guest blog series looking at risk management throughout the lifecycle of a third……
-
Have You Hugged Your CECO/CCO Today?
Today is the official National Compliance Officer today! This is a very challenging role in organizations and one that is in the midst of a lot of change. Below is a link to my SWOT Analysis of the CECO role on this topic. I am presenting on this next week at Converge19 as well. Chief……
-
5 Reasons to be Happy About UK SMCR
Regulation and oversight – what a burden to business. That is the common expression financial services firms have as they respond to 220 regulatory change events around the world every business day. UK Senior Managers Certification Regime is the uber regulation that puts accountability, teeth, and enforcement to other regulations and risk management practices. But……
