Yes, the latest Gartner EGRC Magic Quadrant is out and I am left questioning what value it provides.  My first impression is that it is best for the compost pile to be used as fertilizer for the garden next spring and not used in organizations that may rely on it to make misinformed GRC technology……

In my experience, policy management processes are in disarray when operating autonomously, introducing risk in today’s complex, dynamic, and distributed business environment. The typical organization lacks a structured means of policy development and governance with an inconsistent maze of templates and processes. Inconsistency in policy management means processes, partners, employees, and systems that behave like……

2012 marks the 10th anniversary since I first modeled a market for technology, content, and professional services and labeled it GRC. It all started with a vendor briefing with a software firm in which they demonstrated an integrated view of controls, policies, and assessments. A light bulb flashed within my head that there is a……

In the time it takes you to read this article your business has changed. The economic environment has changed, your employees have changed, and there are constant changes to technology, competition, and processes. Business drifts in a sea of change. One particular area of change that bears down on the organization is the siege of……

From time to time, to my surprise, I still hear people asking why policies matter. After all, they argue, aren’t the laws and regulations we have to follow enough guidance? Beyond those requirements, can’t we let managers decide how to run their own operations and have case-by-case flexibility? Don’t policies create liability when they aren’t……

The dynamic and global nature of business is challenging organizations to effectively and efficiently implement processes for governance, risk management, and compliance (GRC). As organizations expand operations, processes, locations, and business relationships (e.g., vendors, supply chain, outsourcers, service providers, consultants and staffing) their risk profile grows exponentially. Organizations need to stay on top of their……

Business is global, distributed and dynamic. Organizations of all sizes and industries have global client, partner, vendor and supply-chain relationships. Adding to this complexity is the dynamic nature of business — it is ever changing, with a revolving door of employees, partners, technology, processes, and strategies in an environment where risk, economics and regulations are……

Lacking an integrated view of GRC results in business processes, partners, employees and systems that behave like leaves blowing in the wind. Modern business requires a new paradigm for tackling risk and compliance issues across the enterprise. No longer can organizations afford to focus on single risk and compliance issues as unrelated projects; nor can……

Success in today’s dynamic business environment requires the organization to integrate, build, and support business process with an enterprise view of governance, risk management, and compliance (GRC).  Without an integrated view of risk and compliance, the scattered and non-integrated approaches of the past fail and introduce expose the business to interrelationships of risk and compliance……

GRC technology innovation is alive and well! As I mentioned in last week’s posting, the GRC market is now 10 years old. It was in February 2002 that I first modeled a market for technology and professional services and labeled it GRC while I was at Forrester Research (at the time GiGa Information Group). It……

2012: The Chinese Year of the Dragon to Mayan Doomsday prophesies – this year certainly proves to be interesting (note: I myself do not hold to these views; feel free if it interests you to ask me my view on providence and the end of the world). One thing is for sure: it is the……