Upcoming Events . . .
Latest Pontifications & Thoughts . . .
-
GRC 3.0 – A History of GRC
GRC is “a capability to reliably achieve objectives while addressing uncertainty and acting with integrity." The reliable achievement of objectives is the governance piece, addressing uncertainty is about risk management, and acting with integrity is the compliance angle. All three of these provide a natural flow. Governance provides direction and objectives giving the context for…
-
3rd Party Management in Financial Services
Regulators such as the OCC, FDIC, CFPB, and NCUA are honing in on the financial services industry and, specifically, their oversight of 3rd party relationships – including vendors. Given the changes in the regulatory environment, the complexities of managing the same 3rd parties across very different regulatory bodies exposes the organization to very different risks. As a professional…
-
GRC 20/20 is Clarity of GRC Vision
This is the busiest I have ever been as a GRC analyst and market researcher. Lot's of RFPs and projects happening, in fact tracking several dozen current RFP and GRC process improvement initiatives within organizations. For example, there are approximately a dozen RFPs in the policy management sector of GRC right now. I am hard…
-
Compliance & Ethics in the Year 2020
Compliance and ethics is not the same today as it was a few years ago, and it’s safe to say that it will continue to evolve in 2020. In the past, compliance and ethics was distributed and disconnected. The result was a maze of processes, reporting, and information. Compliance functions spent more time managing the…
-
Michael Rasmussen, The GRC Pundit
Michael Rasmussen is an internationally recognized authority, thought leader, and pioneer in the disciplines of governance, risk management, and compliance (GRC). With over 30 years of experience, he is globally known for defining and shaping GRC strategy, processes, and technology. In February 2002, while at Forrester Research, Michael developed the concept of GRC — establishing the…
-
2013 GRC Drivers & Trends
With March upon us, 2013 is well underway. GRC related activities – process and technology – is increasing as organizations look for better ways to do things while they face distributed and dynamic risk and regulation. Fresh budgets, new resolutions, growing risk and regulatory burdens, understanding risk in the context of strategy, dynamic and distributed…
-
Defining a GRC Strategy and Blueprint that Bridges GRC Silos
Governance, risk, and compliance (GRC) is not a single role in the organization. Effective GRC requires collaboration across business areas that have historically operated as introverted silos. This comprehensive three-hour workshop walks you through the process of defining a central GRC strategy that encompasses all areas of your business. By attending, you learn how to:…
-
Wrapping Up Effective Policy Management Loose Ends
Many of you have closely followed my commentary over the past few years on Effective Policy Management and its role in a broader GRC architecture. It is apparent that I am an advocate for technology to manage policies. Document centric approaches fail. When we manage policies in word processors and distribute them in email or…
-
2013 GRC Technology Innovation Awards
GRC and technology. Every organization does GRC, not every organization does GRC well. You will not find an organization that states it lacks governance, does not care about risk, and forgets about compliance. Organizations may not call it GRC – but they have GRC processes from the ad hoc to the mature. What makes a…
-
1 – The GRC Marketplace: the Force.com of GRC, MetricStream’s Zaplet
The 2013 GRC Technology Innovator awards was filled with competition. The number of submissions more than doubled over 2012. With 57 submissions there were only twelve slots for winners. GRC 20/20 looked through all of the submissions, asked for clarification where needed, and selected the 12 recipients to receive this honor. Number 1 is MetricStream’s Zaplet which showed…
