'; foreach($rss->items as $item) { if($count < 1) { $href = $item['link']; $title = $item['title']; $summary = $item['summary']; echo ''. trim(str_replace("MKRasmussen:", "", $title)) .''; $count++; } } ?>
Corporate Integrity quoted in the press . . .
June 2010
"Governance, Risk en Compliance (GRC) is meer dan een softwarebe- nadering voor het bedrijfsleven. Ju- ridische zaken, IT en compliance, al- les communiceert met elkaar. Op zich is dat nog niks nieuws. Bedrij- ven hebben immers al decennialang te maken met allerlei regels waar ze aan moeten voldoen. De Amerikaan- se GRC-adviseur Michael Rasmussen ziet een belangrijke trend: “Waar het echt om gaat,is om dit verantwoorde- lijk te doen in een dynamische omge- ving,in een beweeglijke business.” (Risk Management - Media Planet)
July 2009
"The latest SAP BusinessObjects GRC solutions further showcase their unique vision, which ensures that GRC is integrated into the core business processes and applications - and is not simply an afterthought," Michael Rasmussen, president, Corporate Integrity. "With a holistic approach to real-time monitoring of key risk indicators and controls, organization can manage their business proactively and strategically, rather than reactively. And a more comprehensive risk management strategy is key to improving corporate performance. Customers ability to automatically test and monitor these processes can deliver significant cost and efficiency savings." (BeyeNetwork)
June 2009
In spite of its scant usage, Michael Rasmusson, president of Corporate Integrity, a firm that advises on compliance issues, said he considers products such as EthicsPoint a required investment. "These platforms are pretty much a standard," he said. "In fact, if you don't have them in place, it could add significant liability and exposure." He pointed to the regulations of the United States Sentencing Commission, an agency in the judicial branch of government, specifying what makes for an "effective compliance and ethics program." Among the criteria, "a system, which may include mechanisms that allow for anonymity or confidentiality, whereby the organization's employees and agents may report or seek guidance regarding potential or actual criminal conduct without fear of retaliation." According to Rasmusson, courts will scale back or accelerate fines or other punishments in situations where those mechanisms don't exist. The fact that the mechanism is delivered by an outside service is also important to its overall effectiveness as a risk management tool, Rasmusson added. "That shows that the organization isn't trying to control or mess with how things are being reported," he explained. "Most organizations want to go to an external provider so they have that independent objectivity." (Campus Technology)
Committees like the one at Caterpillar, are often comprised of representatives from an organization's legal, marketing, security and human resource departments, according to Michael Rasmussen, president of Corporate Integrity, LLC, a Wisconsin-based consultancy that specializes in governance, risk, and compliance. Many companies are now using brand integrity issues as a way to put a positive spin on a company image, he said. More than 25 percent of the Global 100 firms include elements of security and privacy in their corporate social responsibility reports. "The idea is that part of being a good corporate citizen and protecting the community is going above and beyond and protecting information," said Rasmussen. (CSO)
March 2009
Michael Rasmussen, principal analyst at Corporate Integrity, told me that, even though Sarbanes-Oxley compliance is no longer a big market driver, customers are still looking for applications to automate transaction monitoring, monitor supply chain chain risk, and manage operational and enterprise risk. (BNet)
“It's about collaboration and communication – getting parts of an organization to share information and processes to drive efficiency,” says Michael Rasmussen, president of the GRC strategy advisory firm Corporate Integrity, and the man who has been called the founder of what he calls “this whole GRC mess.” But, it may be easier to define what GRC is not. GRC is not just about technology or one person owning it, says Rasmussen. There are no corporate borders for such a cohesive approach. And whether one likes the acronym or not, GRC planning – done right – can address IT governance, along with the needs to control risks and assure compliance, adds Crawford. (SC Magazine)
January 2009
Where will that leave the software category in 2009? Michael Rasmussen, president of Corporate Integrity, a Waterford, Wisconsin-based consultancy that specializes in GRC issues, insists that GRC is far more than a handy marketing acronym. It captures a philosophy of business that encompasses oversight, processes, and culture. "Ultimately, GRC is about the integrity of the organization," says Rasmussen. Nonetheless, he expects both recent events and impending changes to the business climate, such as additional regulation, to have a strong impact on the space. "The GRC market today is not necessarily going to be the same one that is around a year from now," he adds. "Change is inevitable." (CFO.com)
October 2008
Several dozen software vendors, including Axentis, Integrity Interactive and ELT, offer such wage and hour compliance platforms, says Michael Rasmussen, a Milwaukee-based corporate governance, risk and compliance consult- ant. He says that a good system will not only provide adequate content management and integration, but also will have a user-friendly interface that doesn’t require specialized knowledge of wage and hour law jargon to operate. "Some of the programs out there are fine for the compliance officer, but if a wide range of people throughout the organization are going to depend upon it, it should be easy for them to navigate," Rasmussen says. (Workforce)
Mike Rasmussen of Corporate Integrity has been busy. He’s in the right business - in the current climate, regulation and compliance are climbing right up the agenda and there will, I’m sure, be many extra demands on IT to provide visibility of data and respond to new regulatory demands. (Information Span ITasITis blog)
The integrated application, Data Privacy, extends beyond a company’s usual siloed approach by providing a central, enterprise-wide repository of global and local data controls that can be set up and enforced at the network level, says Michael Rasmussen, president of Corporate Integrity LLC, a governance, risk and compliance (GRC) strategy advisory firm. (Treasury & Risk)
September 2008
“Hiring employees is a complex and daunting task, but I proclaim that hiring IT employees is several degrees more complex and daunting,” says Michael Taivalmaa, an analyst for Corporate Integrity (www.corp-integrity.com). “First, in my opinion, quality candidates in the IT space are becoming a rare commodity. Second, I have found that many candidates can ‘talk the talk’ but not ‘walk the walk.’” (Processor)
August 2008
“Employee monitoring is fairly common in policy but varied in practice,” says Michael Rasmussen, president of Corporate Integrity (www.corp-integrity.com). “Most organizations have policies in place to establish that employees should not have an expectation of privacy and that the corporation retains rights to monitor communications. However, the practice is quite varied.” Still, there are certain policies all enterprises should follow, Rasmussen says. “Organizations that are going to pursue monitoring need to have a policy in place that states that there is no expectation of employee privacy and that the organization reserves the right to monitor communication,” he notes. “Monitoring also has to be done for a legitimate purpose and cannot be done in a way that discriminates against an individual.” (Processor)
July 2008
"The so-called Governance, Risk and Compliance market "is hard to size," says Michael Rasmussen, president of Corporate Integrity, a market research firm and advisory firm. That's because it encompasses everything from Sox compliance, enterprise risk management, environmental regulations, audit management, IT governance, operational risk management for business processes, market risk, credit and at least a dozen other categories. "You could even add IT security and physical security into that mix," Rasmussen adds, noting that today corporations spend about $40 billion for the former and more than three times that for the latter." (CIO Zone)
June 2008
Is GRC just a buzzword? We think not. When Michael Rasmussen first defined the governance, risk and compliance (GRC) marketplace while at Forrester Research, it was rapidly adopted by PricewaterhouseCoopers and a number of other professional services firms and software providers, who in turn helped introduce the key concepts to their clients. Although practitioners are still debating exactly what the term means and how it relates to enterprise risk management (ERM), most people understand that the objective of GRC is to ensure a holistic, sustainable process for identifying, assessing and proactively responding to all types of risk. For many people, GRC = ERM + IA (that is, GRC is basically equal to ERM plus internal audit). (OpRisk and Compliance )
May 2008
"I've been covering the GRC technology marketplace as an analyst for over 5 years," said Michael Rasmussen, former head of Forrester's GRC research unit and the current President of Corporate Integrity and special advisor to the OCEG Technology Council. "The progress made by this group in one day leap-frogged prior efforts and discussions to agree on common terms." (CSRWire)
April 2008
"Michael Rasmussen, president of Corporate Integrity, a market research and advisory firm, puts the GRC market as high as $50 billion—about $40 billion in professional services and consulting and $10 billion in software. And he sees the chaos in the financial markets leading to tougher regulations for scores of industries, which, in turn, could push GRC sales up 35% over the next two years. " (more at... Financial Week )
"Great summary by Michael Rasmussen of Corporate Integrity on the 2008 State of the GRC market was posted earlier this month. I believe the title of one of the sections itself summarizes one of the biggest benefits of GRC, "GRC is About Organization Collaboration." He is 100% correct from my perspective - independent of the people, technology and process - GRC solutions are about using software automation to help enterprises collaborate to reduce their exposure to the big three buzz areas each of those letters in the acronym represent (Governance, Risk, Compliance)." (Security-Works.com/blog)
I'd say SAP is 80% of the way there," says Michael Rasmussen, former Forrester GRC tech guru and now president of GRC consultancy Corporate Integrity. "They still need something for managing documents and processes, but what's important about this latest portfolio of products is that SAP is delivering on its vision to [move away] from siloed products. They now have got one of the broadest packages out there." (more at . . . Treasury & Risk)
"In order to effectively exploit IT GRC, organizations must first identify the full range of information processes across IT risk domains--security, disaster recovery, etc.--and then map this intelligence into a unified IT platform,' said Michael Rasmussen, President of Corporate Integrity, LLC." (more at... TMCnet)
March 2008
"GLBA has had more significant effect on data security than similar legislation, such as the Health Insurance Information Portability and Accountability Act (HIPAA), said analyst Michael Rasmussen, president of Corporate Integrity LLC.” ( SearchFinancialSecurity.com)
"Vision, communication and strategy are the backbone of GRC. Organisations need to defien what they want to achieve from GRC," says Michael Rasmussen, president of strategy advisory firm Corporate Integrity, based in Wisconsin. "These usually fall into four themes - sustainability, consistency, efficiency, and transparency." (OpRisk and Compliance)
February 2008
Michael Rasmussen, a corporate governance consultant, and former vice-president at Forrester Research, is an advocate of the use of information technology to help efficiently manage risk. The value of the risk-related software market has doubled in 18 months to about US$5 billion ($5.5 billion), he says, although he points out it is still dwarfed by the professional services/consulting market, on US$40 billion ($44.2 billion) this year. But in the US, he says the growth is in large part due to the much maligned SOX, which led many to dive into investing in IT systems that are sold as compliance and risk management tools, but often need extensive customisation or are just not appropriate. One of the key differences he has noticed between Australia and the US, is a lower propensity here to see IT as a way to deal with compliance and risk. That may be in part due to the different regulatory regimes, but he says perhaps in some ways technology has been used too little. “Banks worldwide, for the most part they’re pretty mature in adopting platforms to document risk,” he says. “But the banks I talked to here in Australia are still struggling with understanding some of the software platforms out there to help you document the key risk indicators and organisational controls and manage that.” He says there has been a greater propensity to overhaul legacy systems in the US, in part driven by the prescriptive compliance regime, but another factor could be what he saw as a lack of collaboration between risk management and IT parts of the business in Australia. “Risk management talk is run independently, and collaboration and coordination with IT could be improved.” (Risk Management)
"ERM systems are distinguished by the sophistication of their risk assessment, loss management and risk modeling. Some have simple graphs doing heat maps in a simplistic way. Some do more qualitative modeling. At the extreme end, [solutions offer] quantitative modeling, such as Monte Carlo simulations,” says Michael Rasmussen, president of Corporate Integrity, a newly created governance, risk and compliance (GRC) consulting firm. Loss management, he adds, is especially important. “A significant piece of any ERM is not only predicting the future, but where you’ve been in the past.”" (Treasury & Risk)
"The worst thing to do is let a technology define your risk program. It is a huge mistake – there are many platforms that were built with a specific view of risk in mind (such as SOX) and they may not have been designed to model your view of risk... The growth in capabilities is focusing on more modelling, analytics, as well as business process management."(Risk Management)
"Corporate Integrity, provider of governance, risk and compliance (GRC) research and advisory services, has launched." (SC Magazine)
January 2008
"The market for the software is growing . . . according to market analyst Michael Rasmussen of Corporate Integrity LLC." (Portland Business Journal)
"At last count, Corporate Integrity president Michael Rasmussen found 114 software vendors that claim to offer GRC platforms. The hijacking of a three-letter acronym is standard practice in the software world, of course, and makes life difficult for would-be GRC customers. "Convergence is about processes, about getting different roles to talk to each other, and working toward a common goal," Rasmussen says. Most sales pitches don't acknowledge the nuances, or difficulty, of such efforts." (CFO.com)
December 2007
"Controls and risk practices mean nothing if people are not aware of them. Effective GRC requires that individuals be aware of the policies, procedures and training that apply specifically to them," said Michael Rasmussen, President of Corporate Integrity, LLC. "Axentis has architected a highly scalable and accessible solution to communicate and train individuals on corporate policies and procedures. The SaaS model makes the platform extensible not only internally but also to an organization's range of business partners." (StreetInsider.com)