Upcoming Events . . .
Latest Pontifications & Thoughts . . .
-
Compliance and Risk Bear Down on the Organization
Compliance in Dynamic and Distributed Business Compliance is not easy. Organizations across industries have global clients, partners, and business operations. The larger the organization the more complex its operations. Adding to the complexity of global business, today’s organization is dynamic and constantly changing. The modern organization changes by the minute. New employees come, others leave,……
-
Complexities of IT GRC Hinders Organizations
Organizations operate in a complex environment of risk, compliance requirements, and vulnerabilities that interweave through departments, functions, processes, technologies, roles, and relationships. What may seem as an insignificant IT risk in one area can have profound impact on other risks and cause compliance issues. Understanding and managing IT governance, risk management, and compliance (IT GRC)……
-
Policy Management Demands Attention
The Foundational Role of Policies in GRC Strategies Policies are critical to the organization as they establish boundaries of behavior for individuals, processes, relationships, and transactions. Starting at the policy of all policies – the code of conduct – they filter down to govern the enterprise, divisions/regions, business units, and processes. GRC, by definition, is……
-
Information Security in Context: The CISO as a Transformational Role in Risk Management
Information Security at the Center of Risk Chaos Inevitable Failure: Managing Information Risk in a Silo Organizations are complex. Exponential growth and change in technology, vulnerabilities, regulations, globalization, distributed operations, changing processes, competitive velocity, business relationships, legacy technology, and business data exposes organizations of all sizes. Keeping this complexity and change in sync is a……
-
The GRC Economy
I am often asked, “What do you do?” My simple answer, that I do not like, is to say that I am a consultant. This does not always help as the next question is “What type of consultant?”, or “What do I consult on?” I end up having to explain that what I actually am……
-
IT GRC Management by Design, New York
Organizations are complex. Exponential growth and change in technology, vulnerabilities, regulations, globalization, distributed operations, changing processes, competitive velocity, business relationships, legacy technology, and business data exposes organizations of all sizes. Keeping this complexity and change in sync is a significant challenge for information security professionals. Executives are constantly reacting to risk appearing around them and……
-
The Critical Foundation of Third Party Management is Technology
In previous posts we looked at the following: How to Develop a Third Party Management Strategy How to Define a Third Party Management Process Lifecycle Now we turn our attention to the foundation of information and technology that supports and enables a third party management strategy and process . . . Third party management fails……
-
How to Define a Third Party Management Process Lifecycle
The third party management strategy and policy is supported and made operational through a third party management architecture. The organization requires complete situational and holistic awareness of third party relationships across operations, processes, transactions, and data to see the big picture of third party performance and risk in context of organizational performance and strategy. Distributed,……
-
Understanding the Variety of GRC Intelligence & Content Solutions
There are lots of GRC solutions available in the market, most of which do not even call themselves GRC as they are laser focused in specific GRC areas. In fact, I have mapped 843 GRC technology solution providers into and across 17 primary segments of the GRC market (and may sub-segments). Competition in RFPs, RFI,……
-
How to Develop a Third Party Management Strategy
Managing third party activities in disconnected silos leads the organization to inevitable failure. Without a coordinated third party management strategy the organization and its various departments never see the big picture and fail to put third party management in the context of business strategy, objectives, and performance, resulting in complexity, redundancy, and failure. The organization……
-
Enabling 360° Insight & Control of Third Party Relationships
The Extended Enterprise Demands Attention The Modern Organization is an Interconnected Mess of Relationships No man is an island, entire of itself; Every man is a piece of the continent, a part of the main.[1] Substitute ‘man’ with ‘organization’ and seventeenth-century English poet John Donne could be describing the post-modern twenty-first century organization: “No organization……
-
Providing 360° Contextual Awareness of Risk
Monitoring and Managing Risk Effectively A Challenge for Boards, Executives, and Risk Management Professionals Organizations take risks all the time but fail to monitor and manage risk effectively. Organizations need to understand how to monitor risk-taking, whether they are taking the right risks, and whether risk is managed effectively. A cavalier approach to risk-taking is……
