The fact is: business is dynamic, distributed, and complex.  The pace of change to risk, regulations, employees, partners, and technology requires organizations to approach governance, risk management, and compliance in a way that is efficient, effective, and agile to the needs of today’s dynamic business environment.   Organizations do not operate in a static environment…

As a market research analyst, I get involved in a lot of inquiries and interactions with organizations looking to purchase GRC solutions.  On average, GRC 20/20 handles about five interactions a week – some weeks more and some weeks less.  These can range from simple questions via email or phone to detailed help in writing…

The role of the audit is taking on greater significance to guide the enterprise beyond traditional attitudes about financial controls; toward assuring that the organization is managing risk appropriately and meeting obligations across a range of high-risk business processes, operations, and regulatory requirements.  Today’s audit department must have a full understanding of the risks the…

Business is complex. Gone are the years of simplicity in business operations. Exponential growth and change in risk, regulations, globalization, distributed operations, processes, competitive velocity, business relationships, disruptive technology, technology, and business data encumbers organizations of all sizes. Keeping complexity and change in sync is a significant challenge for boards and executives, as well as…

No company is an island. Organizations are a complex and diverse system of processes and business relationships. Risk and compliance challenges do not stop at traditional organizational boundaries. Organizations struggle to identify, manage, and govern extended business relationships. The challenge is: “Can you attest that risk and compliance are managed across extended business relationships?” An…

I trust the New Year is off to a great start and your governance, risk management, and compliance (GRC) initiatives are fruitful.  Myself, I have been quiet in communications this last month wrapping up 2013 projects, redoing much of the www.GRC2020.com website, and planning for 2014. It is important to note that every organization does…

Why Spreadsheets, Documents & Emails Fail for GRC At times I can sound like a broken record – repeating myself over, and over, and over, and over again, and again, and again.  One of my prominent soapboxes over the past decade has been the failure of spreadsheets, documents, and emails to assess, audit, manage, and…

GRC 20/20 is providing a specific focus on 3rd Party Governance, Risk Management & Compliance (GRC) in the month of December.  This is the fastest growing part of the GRC market as organizations struggle with issues of conflict minerals, anti-bribery & corruption, social accountability, privacy, security, and more . . .  No company is an…