Upcoming Events . . .

View Calendar

Latest Pontifications & Thoughts . . .

  • From Ad Hoc to Agile: Set Your Course for Third-Party GRC Maturity

    From Ad Hoc to Agile: Set Your Course for Third-Party GRC Maturity

    Michael Rasmussen

    This post is an excerpt from GRC 20/20’s most recent research piece, Third Party GRC Maturity Model: A New Paradigm in Governing Third Party Relationships, and upcoming webinar From Ad Hoc to Agile: Set Your Course for Third-Party GRC Maturity. Traditional brick-and-mortar business is a thing of the past: physical buildings and conventional employees no……

  • Defining a Risk Culture: Critical Elements of an Enterprise Risk Management Policy

    Defining a Risk Culture: Critical Elements of an Enterprise Risk Management Policy

    Michael Rasmussen

    I am amazed at the number of risk management programs I encounter that lack an organized structure and approach. So often what we know as ERM (enterprise risk management) is a hodge-podge of processes and assessments that somebody tagged the ERM label on without much thought for what they were doing. In fact, most of……

  • Challenges in Risk Management

    Challenges in Risk Management

    Michael Rasmussen

    Providing 360° Contextual Awareness of Risk The physicist, Fritjof Capra, made an insightful observation on living organisms and ecosystems that also rings true when applied to risk management:  The more we study the major problems of our time, the more we come to realize that they cannot be understood in isolation. They are systemic problems,……

  • How Analytics is Influencing Governance, Risk Management & Compliance (GRC)

    How Analytics is Influencing Governance, Risk Management & Compliance (GRC)

    Michael Rasmussen

    Humans excel at analytics; it is the way our brains are wired. We are constantly taking in information, processing, analyzing, and making decisions. Whether it is crossing a street, reading a book, watching a show, being a spectator or a participant at a sporting event . . . we are constantly analyzing everything around us.……

  • Next Generation Policy & Training Management Technology

    Next Generation Policy & Training Management Technology

    Michael Rasmussen

    GRC 20/20 interacts with a lot of organizations as they evaluate solutions for policy and training management. As the only analyst firm that breaks this functionality out as its own segment of the broad Governance, Risk Management, and Compliance market, we have identified over 100 solutions that do policy and training management. Many of these……

  • Step 3: Select the Right Equipment for the 3rd Party GRC Journey

    Step 3: Select the Right Equipment for the 3rd Party GRC Journey

    Michael Rasmussen

    This is the 3rd blog in a 5-part series on developing a strategic plan for Third Party Governance/Management in your organization. Growing up in Northwest Montana I spent a lot of time in the outdoors. This led into a passion for rock climbing when I was in high school (a hobby I put aside for……

  • GRC Behemoth vs Agile GRC

    GRC Behemoth vs Agile GRC

    Michael Rasmussen

    Outside of Governance, Risk Management & Compliance (GRC), my passion and interest is in British medieval history – from the Anglo-Saxon period through the Plantagenets and the War of the Roses. Nothing quite inspires like a good Anglo Saxon epic, particularly Beowulf. One of my favorite moments is when Beowulf goes up against the vicious……

  • Step 2: Conditioning is Critical, Make Sure Your Team and Systems are Ready for 3rd Party GRC

    Step 2: Conditioning is Critical, Make Sure Your Team and Systems are Ready for 3rd Party GRC

    Michael Rasmussen

    This is the 2nd blog in a 5-part series on developing a strategic plan for Third Party Governance/Management in your organization. With an understanding of where you are at and where you want to go with 3rd Party Governance, the next step is to make sure your team and systems are ready for the journey.……

  • Step 1: Develop a 3rd Party GRC Strategic Plan

    Step 1: Develop a 3rd Party GRC Strategic Plan

    Michael Rasmussen

    I grew up in the Northwest corner of Montana, a beautiful but wild country. From my earliest years I loved the outdoors. In fact, long before any aspirations to build a career in Governance, Risk Management & Compliance (GRC), I wanted to be a backcountry ranger in Glacier National Park. To spend time in the……

  • UK SMCR: A Paradigm Shift to GRC Accountability

    UK SMCR: A Paradigm Shift to GRC Accountability

    Michael Rasmussen

    The UK Senior Manager’s Regime and Certification Regime (UK SMCR) is a paradigm shift in regulation and accountability. In one context, I have used the analogy that it is the “One Ring” in Tolkien’s Lord of the Rings. Instead of a ring, it is the: One [REGULATION] to rule them all, One [REGULATION] to find……

  • Chief Ethics & Compliance Officer: SWOT Analysis

    Chief Ethics & Compliance Officer: SWOT Analysis

    Michael Rasmussen

    Last week a Global CECO (manufacturing company operating in more than 60 countries with over 17,000 employees) reached out to me on a research piece I had published back in 2012 (a report I wrote for OCEG). It was a SWOT Analysis of the CECO role. This CECO asked me if I had updated this……

  • Leveraging Data Classification to Enable GDPR/CCDP Data Subject Requests

    Leveraging Data Classification to Enable GDPR/CCDP Data Subject Requests

    Michael Rasmussen

    Regulatory requirements are driving organizations to clearly define processes to manage personal data requests from data subjects [1], which in turn requires clear data classification and disposition controls in the environment. Chief among these regulations is the EU Global Data Protection Regulation (GDPR) but following suit later this year is the California Consumer Privacy Act (CCPA). A……