The core elements of a regulatory intelligence process can be delivered in a GRC software platform. The solution will allow the compliance and legal functions to profile regulations, link regulatory content aggregators, and have new developments or alerts pushed into the application and disseminated to the appropriate subject-matter expert for review and analysis. Technology tailored to this process empowers legal…
The old paradigm of regulatory change management is clearly a recipe for disaster given the volume, pace of change and the broader operational impact of today’s laws and regulations. Just as the CFO needs a financial system or the sales department needs CRM, legal and compliance need regulatory intelligence. Organizations should explore how technology and process combined with regulatory content…
Over the years, many organizations have matured in their view of internal risk-intelligence issues. However, monitoring external regulatory environments remains a broken process. To date, regulatory risk is managed in a very sporadic and ad hoc fashion with little accountability and oversight — if at all. Most organizations rely on manual ad hoc processes to manage regulatory change, and many…
After a brief hiatus, I turn our attention back to the issues of policy management and compliance. We will now explore (over several posts) the issue of Regulatory Intelligence and Monitoring. Hordes of regulation bear down on the organization Business is under siege by legion of laws and regulations. Compliance itself has become difficult as business is bombarded with thousands…
New GRC strategies, mergers, acquisitions . . . the last few weeks have been hopping for a market research analyst. Every time I sat down to blog on my thoughts someone else has come out without an announcement resulting in a whirlwind of buyer, market, and press questions. Between sessions at the OCEG GRC 360 Executive Forum I have found…
Why GRC & What Is It? GRC, simply put, is to provide collaboration between silos of governance, risk, and compliance. It is to get different business roles to share information and work in harmony. Harmony is a good metaphor, we do not want discord where the different parts of the organization are going down different roads and not working together.…
I am a man on a mission. Make that a business on a mission – to completely refocus organizations on how they approach policy management and communication. To take business to the new frontier, to boldly go . . . You get the picture. Policies are in a complete and disappointing disarray. In my training and workshops I have found…
Businesses are engaged in a continuous struggle to grasp the intricacies of risk management in an interconnected environment. The focus during the past few years has been on operational risk management — managing risk to business operations and processes. However, the standard definition used for operational risk management is flawed: Operational Risk Management: “. . . the risk of loss…
There has been a lot of consolidation and restructuring in the GRC space already in 2010 – SAI Global takes the next step by acquiring Integrity Interactive. This is particularly intriguing as SAI Global continues to position itself as a dominant player focused on the C in GRC, that being compliance. Integrity Interactive expands SAI Global’s compliance training and education…
As an industry pundit and analyst it is always fun to play match maker. For some time I have been pontificating that SAP and CA are very complimentary in their approach to the GRC market. While one focuses on business processes and applications (SAP), the other (CA) focuses on IT management and security. I was quite excited when they formally…
