Governance, Risk Management, and Compliance – every organization does it.  There are variations in the opinion of what we call GRC.  Some like it and some do not.  Some use the term ERM in much the same way I use the term GRC, others may call it something else or not even have a name……

As we close out 2012 let us roll the years back from 2012 to 1912.  One hundred years a go was the disaster of the Titanic.  What can we learn from it today? I have been told that Captain E.J. Smith stated before the Titanic set sail, “Never in all history have we harnessed such……

Thank you for joining me on this journey through Effective Policy Management. Today we come full circle and bring the effective policy management process to closure. Let’s review where we have been. The first illustration and roundtable introduced the topic of why policies matter and my Effective Policy Management Lifecycle. Each illustration after that took……

Risk management is maturing, but as a result needs to be understood correctly and reminded that it does not rule the roost. I have three teenage boys (19, 18, and 16).  At times my boys get to big for their britches and need to be reminded what the pecking order is.  It does not mean……

If you have been following my posts, you will know that I created a firestorm of discussion on: Rethinking GRC, Analyst Rant, Gartner’s 2012 EGRC Magic Quadrant.  If you go to this link you will see the range of comments – many anonymous – from on the topic. French Caldwell, who continues to be a gracious……

ANNOUNCEMENT: GRC 20/20 is accepting nominations for the 2013 GRC Technology Innovation Awards. To nominate a technology solution – please download the form. The GRC Technology Innovation Awards are to recognize technologies that are revolutionizing Governance, Risk Management, and Compliance (GRC).  Please understand what it is NOT: The purpose of these awards is NOT to……

I find that ineffective and unenforced policies are rampant within organizations, and are a thorn in the side of compliance and policy managers.   Mismanagement of policy has grown exponentially with the proliferation of documents, collaboration software, file shares, and Websites. Organizations end up with policies scattered on dozens of sites with no defined understanding……

So you wrote a policy—now what? Policies are only effective if you can show that they have been communicated and understood. Having a written policy that nobody knows about is just like having no policy at all. You cannot hold people accountable to a policy until you have made them aware of the policy. Unfortunately,……