Organization exposure to compliance risk is rising at the same time the cost of compliance soars. An ad hoc or reactive approach to compliance brings complexity, forcing business to be less agile. Organizations in the past have addressed compliance as singular issues or obligations, which often resulted in multiple initiatives working in isolation. Isolated compliance initiatives tend to rely on…
The GRC software space is vast with numerous vendors. In fact, in my market models there are over 400 GRC software providers that span 28 primary categories (with numerous sub-categories) of GRC related software. Nine of these categories encompass components of an enterprise GRC platform (though no vendor does all nine components), 19 of the categories are focused in specific…
Understanding and Approaching Compliance and Ethics Risk Historically the compliance function did not understand and model processes for risk management. Compliance documented and met requirements, and found and resolved issues. There was limited modeling of compliance issues and risk to determine business impact and prioritization of resources. Most often compliance was reactive, putting out fires instead of actively interpreting and…
Twenty-first century organizations are expected to do everything possible to manage and maintain corporate integrity. Demands coming from governments, the public, business partners, and clients require the organization to have defined values and ethics practices that are monitored and adapted to the demands of a changing business and regulatory environment. Most organizations at least try to address external legal requirements…
Compliance risk management in the 21st century boils down to defining and maintaining corporate integrity. Organizations operate in a field of ethical, regulatory, and legal landmines. Any day of the week, business and trade publication headlines reveal failures to heed compliance obligations and ethical practices. Led by WikiLeaks and widespread coverage of corporate exposure and scandal, the organization must understand,…
Managing an organization’s ethics and values is challenging enough. A legion of laws, regulations, contractual obligations, judgments, and fines bear down on the organization and the CECO in the 21st century. There is a difficult path ahead for ethics and compliance management. Compliance is particularly difficult, as business is bombarded with thousands of new regulations each year. U.S. Perspective At…
Over the next several posts we will now turn our attention to the evolving role of Corporate Compliance and Ethics. Regulations, ethics, and integrity are challenging the organization like never before. Governments are increasing scrutiny of organizations, stakeholders demand transparency, clients want assurance the organization is reputable and upholds their values, and business partners require commitments to compliance and ethics.…
Before even getting into technology and vendors it is necessary to understand what GRC is about. I argue that GRC is nothing new – we have been doing GRC long before we had an acronym that I first started using back in 2002. The truth is organizations have governance, risk management, and compliance (GRC) practices and processes in place. Your…
Understand the state and direction of the GRC technology market: State of the GRC Market Q4-2011 Friday, October 14, 2011 Eastern Time 12:00 PM - 2:00 PM / Pacific Time 9:00 AM – 11:00 AM / GMT 4:00 PM – 6:00 PM ONLINE SEMINAR: State of the GRC Market Q4-2011 . . . Today’s complex and competitive GRC market demands that…
With increased exposure to anti-corruption laws and investigations, and defined anti-corruption practices, how does an organization go about using technology to manage anti-corruption compliance? Compliance needs to be an active part of the organization and culture to prevent and detect corruption, bribery, and fraud. This continuous and ongoing process must be monitored, maintained, and nurtured. The challenge is establishing corruption prevention and detection…
