The following is an abstract from my latest research piece “Enhancing Business Performance through Risk Management“ While the market seems eager to grasp onto the phrase “risk intelligence,” it means nothing if corporations cannot take action on the intelligence it provides. Being intelligent is not the same as being wise – most organizations lack both risk intelligence and wisdom. There…
Over the past few weeks we have looked at both theinformation model and the enterprise application core of Corporate Integrity’s GRC Reference Architecture. The GRC Reference Architecture provides the framework to approach technology, classify software offerings, and is part of my broader GRC EcoSystem (which includes over 1300 technology, professional service, and information providers). The GRC Reference Architecture represents the…
We interrupt this broadcast . . . yes, I know many of you have been waiting in eager participation for my next installment of the GRC Reference Architecture which is to focus on the application taxonomy of specific business roles/functions that are part of GRC (in previous weeks we looked at the core enterprise GRC data framework and applications). This…
Friend, Last week we began our presentation of the GRC Reference Architecture, which is part of my broader GRC EcoSystem (which includes over 1300 technology, professional service, and information providers). The GRC Reference Architecture is the core to the revisions to the OCEG GRC IT Blueprint – for those of you interested in the OCEG Technology Council we will be…
GRC – Governance, Risk, & Compliance. Whether you use this specific acronym or not the fact is your organization does GRC. There is not a single executive that will tell you that they lack corporate governance, do not manage risk, and completely ignore compliance. The truth of the matter: GRC has been a part of business since the dawn of…
From the SCCE: In the recent Corporate Integrity Agreement between Pfizer and the Office of the Inspector General of the Department of Health and Human Services, Pfizer agreed that its Chief Compliance Officer will report directly to the CEO; will neither be nor be subordinate to the General Counsel or CFO; and will make periodic reports to the Audit Committee…
Success in today’s dynamic business environment requires the organization to integrate, build, and support business process with an enterprise view of risk and compliance. Without a new approach to risk and compliance, the scattered and non-integrated risk and compliance approaches of the past fail and introduce greater risk and regulatory threats to the business. A sustainable enterprise view of risk…
Most GRC software as well as GRC implementations are more like RC (without the G). Or just R or just C. Or perhaps Rc or rC. . . My position for this discussion – we cannot adequately state we are doing the G in GRC unless we are also taking into account business objectives, strategy, and performance. That is what…
Corporate governance, enterprise/operational risk management, corporate compliance – these are areas that continue to challenge organizations. Whether it is called GRC or not, all of these elements are required elements of any business. The question is ‘Are they being done in a sustainable, efficient, consistent, transparent, & accountable manner?’ The best framework for defining a GRC strategy is found in…
For one thing – that would be too much of an acronym CGRCO. The subject actually came up in a corporate governance discussion group I belong to. Michael Corcoran posted the question “Anybody know of a Chief Governance, Risk And Compliance (GRC) Officer?” and provided a short article in which he was advocating this role. My response . . .…
