Upcoming Events . . .

View Calendar

Latest Pontifications & Thoughts . . .

  • Enabling an Integrated Compliance Lifecycle

    Michael Rasmussen

    Inevitability of Failure Ineffective Processes to Manage Regulatory Change and Compliance Regulatory change is overwhelming organizations across industries. Organizations are past the point of treading water as they actively drown in regulatory change from turbulent waves of laws, regulations, enforcement actions, administrative decisions, and more around the world. Regulatory compliance and reporting is a moving target……

  • Enabling 360° Insight & Control of Third Party Relationships

    Michael Rasmussen

    The Extended Enterprise Demands Attention Organizations are no longer a self-contained entity defined by brick and mortar walls and traditional employees. The modern organisation is comprised of a mixture of third party relationships that often nest themselves in complexity such as with deep supply chains. Two decades ago the term insider was synonymous with employee,……

  • Legal at the Center of GRC Leadership and Strategy

    Legal at the Center of GRC Leadership and Strategy

    Michael Rasmussen

    Legal Challenges in a New Era Today’s global business environment presents a broad spectrum of economic, political, social, legal and regulatory changes, which continually increase strategic and tactical complexity, and create commensurate pressures on business performance and exponential growth of often conflicting and overlapping legal and business requirements alongside global operations. The enterprise must reliably……

  • Managing Change is the Greatest GRC Challenge

    Managing Change is the Greatest GRC Challenge

    Michael Rasmussen

    Change is the single greatest challenge for organizations in the context of governance, risk management, and compliance (GRC). Managing the dynamic and intricate web of change and how it impacts the organization is driving organizations toward improving their approach to governance, risk management, and compliance (GRC) in the context of the organization’s enterprise architecture. The challenge……

  • Inevitability of Failure: Flawed Use of Spreadsheets in GRC

    Inevitability of Failure: Flawed Use of Spreadsheets in GRC

    Michael Rasmussen

    Spreadsheets, and their associates documents and emails, are the most prevalent GRC tool used by organizations. Their use comes at a significant cost if not controlled, monitored, and used properly. In my research, organizations utilize spreadsheets for a variety of purposes. They are used to: Conduct risk, compliance, and control surveys, questionnaires, and assessments Inventory policies……

  • Making Sense of GRC Related Technology & Solutions

    Michael Rasmussen

    Every organization does GRC (governance, risk management, and compliance), but it does not mean that every organization does GRC well. Complicating this is a maze of GRC technologies. Some are built to solve very specific problems, others focus on department/function wide management of GRC related activities, some are enterprise platforms for a specific purpose (e.g.,……

  • Mistakes & Challenges in Risk Management Technologies and Strategies

    Michael Rasmussen

    Risk management is pervasive throughout organizations. There are many departments that manage risk with a variety of approaches, models, needs, and views into risk. This makes enterprise and operational risk management a challenge. Organizations often fail in enterprise risk management strategies when they force everyone into one flat view of risk, they also fail when they allow……

  • Manage Third Party Risk Exposure in an Interconnected World

    Michael Rasmussen

    Realize that everything connects to everything else. Leonardo da Vinci The world is flat, risk is pervasive, and organizations have no boundaries. We operate in a global and interconnected world. Organizations are no longer defined by brick and mortar walls nor by employees. The term insider used to be a synonym for employee. Today, more……

  • FCPA: Change is in the Air

    Michael Rasmussen

    The past few months have seen some interesting developments in context of the U.S. Foreign Corrupt Practices Act (FCPA). I get more questions on anti-bribery and corruption than any other compliance topic in my GRC research, these developments particularly should interest compliance professionals. The change is not a brand new direction, but a continual evolution……

  • From Backcountry Ranger to GRC Pundit

    Michael Rasmussen

    It is the Thanksgiving holiday here in the United States, so I thought I would make this post a little more personal. I am grateful for all of my clients, followers/subscribers, and the many I get to interact with in the range of my travels at conferences, workshops, and other events. Each and everyone of……

  • The Agile Organization: GRC in Context of Regulatory Change

    Michael Rasmussen

    Change is an intricate machine of chaotic gears and movements and is the single greatest challenge for organizations in the context of governance, risk management, and compliance (GRC). The challenge is the compounding effect of change. Organizations have change bearing down on them from all directions that is constant, dynamic, and disruptive, as I discussed……

  • IT GRC > IT Security

    Michael Rasmussen

    If you have been following my research over the course of the past 15 years you will know that I have often been frustrated when IT GRC has been understood to be confined to IT security management. In fact, you can find some of my Forrester reports (2001 to 2007) that often challenge the captivity…