Upcoming Events . . .
Latest Pontifications & Thoughts . . .
-
Role of Technology in Risk Management Maturity
To maintain the integrity of the organization and execute on strategy, the organization has to be able to see their individual risk (the tree) as well as the interconnectedness of risk (the forest). Risk management in business is non-linear. It is not a simple equation of 1 + 1 = 2. It is a mesh……
-
Do You Know Your Third-Party Risks?
Increasing Exposure to Third-Party Risks The Modern Organization is an Interconnected Mesh of Relationships Brick and mortar business is a thing of the past: physical buildings and conventional employees no longer define an organization. The modern organization is an interconnected mesh of relationships and interactions that span traditional business boundaries. Over half of an organization’s……
-
Pitfalls in GRC Software Selection and RFPs
There is a broad array of governance, risk management, and compliance (GRC) related solutions available in the market. In fact, GRC 20/20 has catalogued and mapped over 800 technology solutions and over 300 content/intelligence solutions that organizations use to improve GRC processes in an effort to make them more efficient, effective, and agile. Navigating this array……
-
Increased Pressure to Control Spreadsheets and Documents
Pervasiveness of End User Computing Brings Risk Use of end user computing applications such as spreadsheets, emails, and other document types has revolutionized how technology creates value for organizations. However, this brings a significant challenge to govern and control information and technology in a distributed and dynamic environment. Organizations are facing increased pressures from regulators……
-
Gartner: Missing the Risk & Compliance (GRC) Target
Gartner, in context of governance, risk management, and compliance (GRC) related research, is ignorant and harmful to organizations that rely on their research publications and advice. In full disclosure, Gartner is my competitor. I have been an analyst for seventeen of my twenty-four years as a GRC professional. I spent seven years at Forrester Research,……
-
Understanding Risk Management Process & Architecture
The risk management strategy and policy is supported and operationalized through a risk management architecture. Organizations require complete situational and holistic awareness of risks across operations, processes, transactions, and data to see the big picture of risk in context of organizational performance and strategy. Distributed, dynamic, and disrupted business requires the organization to take a……
-
Third Party Risk: Gaining Certainty in Global Relationships
One of the greatest governance, risk management and compliance challenges before organizations is managing the web of third party business relationships. Brick and mortar business is a thing of the past: physical buildings and conventional employees no longer define an organization. The modern organization is an interconnected mess of relationships and interactions that span traditional business……
-
GDPR Compliance Requires a Strategy Supported by Process, Information and Technology
As the years go by, there is increasing focus on the protection of personal information around the world. Over time we have seen US HIPAA, US GLBA, Canada’s PIPEDA, the EU Data Protection Directive 95/46/EC, and others around the world. The latest, most comprehensive, and the one that is the front and center of concern to organizations……
-
Risk Management by Design
The physicist, Fritjof Capra, made an insightful observation on living organisms and ecosystems that also rings true when applied to risk management: “The more we study the major problems of our time, the more we come to realize that they cannot be understood in isolation. They are systemic problems, which means that they are interconnected……
-
Monitoring and Managing Risk Effectively
Challenge to Boards, Executives, and Risk Management Professionals Organizations take risks all the time but fail to monitor and manage risk effectively. Further, risk management is too often seen as a compliance exercies and not truly integrated with decision making and objectives of the organization. A cavalier approach to risk-taking is a result of a……
-
Benefits of a Policy & Training Management Strategy and Architecture
The organization requires a policy and training management architecture that is context-driven and adaptable to a dynamic and changing environment. Compared to the ad hoc method in use in most organizations today, a policy and training management architecture enables better performance, less expense, and more flexibility. Core technology capabilities to consider a policy management program……
-
Policy Management Information & Technology Architecture
Policy & Training Management Information Architecture The policy and training management information architecture supports the process architecture and overall policy and training management strategy. With processes defined and structured in the process architecture, the organization can now get into the specifics of the information architecture needed to support policy and training processes. The policy and training……
