Upcoming Events . . .
Latest Pontifications & Thoughts . . .
-
Compliance Automation: The Role of Technology in Today’s Dynamic Organization
Compliance is not easy. Organizations across industries have global clients, partners, and business operations. Adding to the complexity of global business, today’s organization is dynamic and constantly changing. The modern organization changes by the minute. The dynamic and global nature of business is particularly challenging to compliance management. As organizations expand operations and business relationships……
-
GRC 20/20’s Effective Policy Management Process Lifecycle
The policy and training management strategy and policy is supported and made operational through the policy and training management architecture. The organization requires complete situational and holistic awareness of policies and related training across operations, processes, employees, and third party relationships to see the big picture of policy and training performance and risk. Distributed, dynamic,……
-
Uncontrolled Spreadsheets, Documents, and Emails, Oh My!
Business is complex. Exponential change in regulations, globalization, distributed operations, processes, competitive velocity, business relationships, and legal matters encumbers organizations of all sizes across industries. Like battling the multi-headed Hydra in Greek mythology, redundant, manual, and document-centric internal control management approaches are ineffective. As the Hydra grows more heads of regulation, legal matters, operational risks,……
-
Developing a Policy Management Strategy
Organizations need a coordinated cross-department strategy for managing policies and training programs across the enterprise. The goal is to develop a common framework and approach so that policies and training are understood and managed as an integrated whole rather than a dissociated collection of parts. Policies and training programs that are managed as dissociated documents,……
-
Policy & Training Management Demands Attention
The Foundational Role of Policies in GRC Strategies Policies are critical to the organization as they establish boundaries of behavior for individuals, processes, relationships, and transactions. Starting at the policy of all policies – the code of conduct – they filter down to govern the enterprise, divisions/regions, business units, and processes. GRC, by definition (www.OCEG.org),……
-
Developing a Vendor Risk Management Strategy – Info/CyberSecurity Perspective
Organizations are porous: the modern organization is not defined by brick and mortar walls but is a complex web of business relationships. These relationships span vendors, suppliers, outsourcers, service providers, contractors, consultants, temporary workers, agents, brokers, dealers, intermediaries. It grows even more complex as there are nested relationships in subcontractors and supply chains. Approximately half……
-
Considerations and Lessons Learned from GRC RFPs
The GRC technology market landscape is broad with over 800 solution providers across seventeen segments of GRC (see bottom of this post for a breakout of GRC segments). Approximately seventy solutions can be characterized as Enterprise GRC platforms while hundreds of solutions focus on specific areas/segments of GRC with focused solutions. In 2016, GRC 20/20……
-
Increasing Exposure of Third Party Risks
The Modern Organization is an Interconnected Mess of Relationships Brick and mortar business is a thing of the past: physical buildings and conventional employees no longer define an organization. The modern organization is an interconnected mess of relationships and interactions that span traditional business boundaries. Over half of the organization’s ‘insiders’ are no longer traditional……
-
GRC in Uncertain Times: 2016 and into 2017
In the past month there have been a lot of posts, articles, and discussion on the impact of Trump’s presidency on the GRC market, particularly compliance. Some fear that the need for compliance management within organizations is not going to be as strong as a Trump administration looks to deregulate. My perspective is that compliance management will……
-
How to Identify UBOs in an Unpredictable World
Business operates in a world of chaos, where relationship risk is ever present. What’s the secret to understanding and identifying ultimate beneficial owners? The modern organization is an interconnected web of relationships and interactions that span traditional business boundaries. Complexity grows as these interconnected relationships and transactions layer themselves in intricacy. In this context, organizations struggle……
-
The Role of Technology in Compliance Risk Management
Organizational exposure to compliance risk is rising while the cost of compliance soars. An ad hoc or reactive approach to compliance brings complexity, forcing business to be less agile. Organizations in the past have addressed compliance as singular obligations, resulting in multiple redundant initiatives working in isolation to respond to each obligation. These isolated compliance……
-
Compliance: An Integral Part of Risk Management
Increased regulatory and ethical pressures are transforming the traditional role of compliance. Compliance departments are taking on broader responsibility for ethics, compliance, corporate culture, and social responsibility. With greater frequency, they are moving out from under the legal department into a direct reporting relationship to the CEO and/or Board, particularly in highly regulated industries. Some……
