Upcoming Events . . .
Latest Pontifications & Thoughts . . .
-
Navigating Chaos
Below is Michael Rasmussen’s article found in the Autumn 2019 issue of Enterprise Risk, published by the Institute of Risk Management (The IRM). The physicist Fritjof Capra once said, “The more we study the major problems of our time, the more we come to realize that they cannot be understood in isolation. They are systemic……
-
The 3 Lifecycle Stages of Vendor Security Risk Management: Ongoing Monitoring
This is the second of a three-part series on vendor risk management through the lifecycle of the relationship. Today, we focus on the ongoing monitoring process. Too often organizations conduct security due diligence when onboarding a third party (e.g., vendor, supplier, outsourced, service provider, consultant) and fail to monitor security throughout the lifecycle of the……
-
The 3 Lifecycle Stages of Vendor Security Risk Management: Onboarding
This is the first of a three-part series on vendor risk management through the lifecycle of the relationship. Today, we focus on steps to achieve a proper and friction-free onboarding process. The Vendor Relationship: Stages in the Lifecycle Traditional brick and mortar business is a thing of the past: physical buildings and conventional employees no……
-
Compliance Disclosure Solutions: Separating the Simple from the Advanced
GRC 20/20 is seeing a growing demand for compliance management technologies from the Corporate Compliance and Ethics department (e.g., Chief Ethics and Compliance Officer, Chief Compliance Officer). This demand spans from a broad compliance management platform to manage the range of compliance tasks and activities, to focused solutions in areas such as policy management, third……
-
Understanding Third Party GRC Maturity: Defined Stage
A haphazard department and document centric approach for third party GRC compounds the problem and does not solve it. It is time for organizations to step back and mature their third party GRC approaches with a cross-functional and coordinated strategy and team to define and govern third party relationships. Organizations need to mature their third……
-
Policy & Training Engagement in a Millennial Generation
As the only analyst covering the range of policy and training management solutions as its own segment of the Governance, Risk Management, and Compliance (GRC) market, I am asked several times a month on who is providing the next generation portal that integrated into one portal both policy communication and training related to the policy.……
-
The Rhythm of Risk: Managing Risk Throughout the Context of Business
Writing about risk management is like trying to have an intelligent conversation today about religion or politics. Individuals in the risk management community have polarized views and if someone does not agree with you 100% you end up in the crosshairs of an attack. It is sad. Instead of intelligent discussion where we can come……
-
Understanding Third Party GRC Maturity: Fragmented Stage
A haphazard department and document centric approach for third party GRC compounds the problem and does not solve it. It is time for organizations to step back and mature their third party GRC approaches with a cross-functional and coordinated strategy and team to define and govern third party relationships. Organizations need to mature their third……
-
Policy Management Tips for Companies in Asia
On 30th July, ClauseMatch hosted a Policy Management Workshop with Governance, Risk & Compliance (GRC) expert Michael Rasmussen in Singapore, the first in our global series that aim to provide a blueprint for attendees on effective policy management in today’s dynamic business, regulatory and risk environment. We caught up with Michael after the workshop to hear his summary of……
-
Understanding Third Party GRC Maturity: Ad Hoc Stage
A haphazard department and document centric approach for third party GRC compounds the problem and does not solve it. It is time for organizations to step back and mature their third party GRC approaches with a cross-functional and coordinated strategy and team to define and govern third party relationships. Organizations need to mature their third……
-
Policy Management Technology: Separating the Simple from the Advanced
Most organizations are waking up to find their policies in a complete disarray. Over the years policy portals have sprung up across the organization. HR has their portal, IT has one, Finance/Accounting has another, Legal/Compliance still another, and it goes on through other departments. Policies look different on each portal, sometimes they conflict with each……
-
Michael Rasmussen on GRC value & creating your GRC RFP template
What do you need to include in a GRC RFP? We asked one of the experts in this interview. Enterprise governance, risk, and compliance (GRC) strategies can help organizations across the board become more efficient and agile in navigating the ever-changing regulatory and risk environment. However, in order to maximize efficiency, effectiveness, and agility, organizations……
