For the past two years Archer Technologies has been a disruptive force in the GRC market. They have been going strong in the IT/information security segment of GRC for several years – but the past two years has shown them to be a formidable competitor in what is referred to as the enterprise GRC (eGRC)……

  The following is an abstract from my latest research piece “Enhancing Business Performance through Risk Management“ While the market seems eager to grasp onto the phrase “risk intelligence,” it means nothing if corporations cannot take action on the intelligence it provides. Being intelligent is not the same as being wise – most organizations lack……

  Over the past few weeks we have looked at both theinformation model and the enterprise application core of Corporate Integrity’s GRC Reference Architecture. The GRC Reference Architecture provides the framework to approach technology, classify software offerings, and is part of my broader GRC EcoSystem (which includes over 1300 technology, professional service, and information providers).……

We interrupt this broadcast . . . yes, I know many of you have been waiting in eager participation for my next installment of the GRC Reference Architecture which is to focus on the application taxonomy of specific business roles/functions that are part of GRC (in previous weeks we looked at the core enterprise GRC……

  Friend, Last week we began our presentation of the GRC Reference Architecture, which is part of my broader GRC EcoSystem (which includes over 1300 technology, professional service, and information providers). The GRC Reference Architecture is the core to the revisions to the OCEG GRC IT Blueprint – for those of you interested in the……

  GRC – Governance, Risk, & Compliance. Whether you use this specific acronym or not the fact is your organization does GRC. There is not a single executive that will tell you that they lack corporate governance, do not manage risk, and completely ignore compliance. The truth of the matter: GRC has been a part……

  From the SCCE: In the recent Corporate Integrity Agreement between Pfizer and the Office of the Inspector General of the Department of Health and Human Services, Pfizer agreed that its Chief Compliance Officer will report directly to the CEO; will neither be nor be subordinate to the General Counsel or CFO; and will make……

  Success in today’s dynamic business environment requires the organization to integrate, build, and support business process with an enterprise view of risk and compliance.Without a new approach to risk and compliance, the scattered and non-integrated risk and compliance approaches of the past fail and introduce greater risk and regulatory threats to the business.A sustainable……

Most GRC software as well as GRC implementations are more like RC (without the G). Or just R or just C. Or perhaps Rc or rC. . . My position for this discussion – we cannot adequately state we are doing the G in GRC unless we are also taking into account business objectives, strategy,……

For one thing – that would be too much of an acronym CGRCO. The subject actually came up in a corporate governance discussion group I belong to. Michael Corcoran posted the question “Anybody know of a Chief Governance, Risk And Compliance (GRC) Officer?” and provided a short article in which he was advocating this role.……

  While GRC is ultimately about collaboration and communication between the business roles and processes responsible for varying risk and compliance functions, there is no doubt that technology has an important role in facilitating this enterprise cooperation. As a result . . . I am combing my work on the GRC EcoSystem with the second……

During my latest OCEG GRC Strategy & Red Book 2 Bootcamp, one attendee stated they had seen the job title of Chief Punishment Officer in China. Any takers? On a related note – one attendee had asked if anyone had a disciplinary matrix – wrongs with associated punishments – for their organization.   My upcoming……