Skip Ribbon Commands
Skip to main content
Home
 

Current Topic (s):

  • Client Reflections and Complimentary Roadmap to Compliance Webinar – May 8th, 12:00 p.m. EDT

    As we prepare for tomorrow’s webinar, A Roadmap to Compliance, I’ve been reflecting upon our client experiences and lessons learned.

     All of these clients present unique challenges. Each has its own needs, requirements and approach to managing these complex activities. Yet, we find a common link across each. They find success in manageable increments. They find what works and adjust as they learn.
     

    ...[Read More]

    Posted on: 5/7/2012 | 0 Comment
    Submit a Comment
    RSS Feed
  • A Roadmap to Dodd Frank Compliance: Complimentary Webinar – May 8th, 12:00 p.m. EDT

    On May 8, 2012, from 12:00 to 1:00 p.m. EDT, Protiviti will present “A Roadmap to Compliance,” a complimentary webinar on the critical questions organizations ask on their journey toward compliance with the Dodd Frank Act.

     
    I will be co-presenting with my colleague and Protiviti Associate Director James Ensminger.
     
    Posted on: 5/2/2012 | 0 Comment
    Submit a Comment
    RSS Feed
  • ​​GRC: It’s Better to be Good than Lucky

    There is a saying that “it’s better to be lucky than good.”  It seems, though, that those who are consistently lucky are probably good as well.  They’re probably doing something inherently, even if subconsciously, that produces the desired result repeatedly.  How does this apply to GRC?  GRC isn’t something that companies do or don’t do.  It is a discipline that is performed at varying levels of maturity across the organization.  For many companies, sound governance, discipline and principles  are infused throughout their enterprise based on organizational culture and tone. 

    It strikes me that our industry often speak

    Posted on: 4/20/2012 | 0 Comment
    Submit a Comment
    RSS Feed
  • Evolution of audit departments & technology

     As the Protiviti 2012 Internal Audit Capabilities and Needs Survey reveals, technology is a key business enabler and catalyst, offering tremendous opportunities and introducing new challenges. The value of an automated work paper application, for example, evolves over time, delivering moderate value during the initial small steps of getting started, then taking giant leaps in value as it becomes a fully integrated solution.

     
    Over the past dec
    Posted on: 4/6/2012 | 0 Comment
    Submit a Comment
    RSS Feed
  • Protiviti’s IT Security and Privacy Policy Report at a Glance

    Protiviti recently released a report, The Current State of IT Security and Privacy Policies and Practices, about how organizations today are classifying and managing data on a daily basis.

     
    The report outlines varied percentages of data classification, preparation, planning, communication and training associated with data security policies and practices across organizations. Most of these variations across companies are likely
    Posted on: 3/21/2012 | 0 Comment
    Submit a Comment
    RSS Feed
  • A Simpler Plan: An Extensible Entity Hierarchy

    While the main focus of version 3.12 of the Governance Portal was on simplifying existing functionality, we have also added some great new features.
     
    One that I’m particularly proud of is an extensible entity hierarchy that allows companies to manage multiple aspects of GRC from a central registry. The driving force behind the development of this feature is that larger enterprises have multiple objectives they are trying to achieve, often requiring unique structures and naming conventions. Our team has done a great job extending the entity hierarchy with a flexible, unlimited-depth framework that supports almost any GRC need. At the same time, we have consolidated the management of entities i
    Posted on: 3/8/2012 | 0 Comment
    Submit a Comment
    RSS Feed
  • More Contributors, More Expertise, a Broader Discussion

    It’s only the end of February, but it’s already been an exciting year at Protiviti. We’ve released v3.13 of the Governance Portal, which will help our clients more seamlessly manage documentation, conduct confidential audits and analyze their data through more dynamic search interfaces. We’ve also kicked off our campaign to assist financial organizations with regulatory reform by initiating implementations of the Governance Portal with two systemically important financial institutions. We’re now heads down preparing for our mid-year 4.0 release. It’s going to significantly improve our clients’ IT organizations’ ability to offer GRC software as a solution to multiple risk, compliance and assurance related programs.  Another important development is the expansion of the GRC Tech Portal Blog.

    Posted on: 2/29/2012 | 0 Comment
    Submit a Comment
    RSS Feed
  • Protiviti Named a “Strong Performer”

    Noting that Protiviti "offers a unique perspective in the enterprise GRC market with its strong consulting background, delivering especially impressive technical capabilities in risk and control management and audit management"” Forrester Research named Protiviti a Strong Performer in "The Forrester Wave™: Enterprise Governance, Risk, and Compliance Platforms, Q4 2011" (November 30, 2011). You can view the full report on our website and read our press release here.

    We're particularly pleased that our surveyed client

    Posted on: 12/27/2011 | 0 Comment
    Submit a Comment
    RSS Feed
  • Driving Strategy to Execution with ERM

    On Tuesday, December 7, Chris McClean of Forrester Research and I, along with my Protiviti colleague Michael McGarry, delivered Drive Strategy to Execution with Enterprise Risk Management, a webinar that provided a concrete roadmap for how ERM can help companies eliminate the disconnect between their strategy and their execution. I’d like to thank Chris for sharing his client experiences and providing insight into how technology tools can support ERM.

    During the webinar, we focused on ERM's role in strategy articulation and examined three tools (risk assessment, policy and risk tolerances) that can be used to drive strategy to execution. Over the course of the next few weeks, I'll provide some additional insight about each of these topics and respond to the many questions we receiv

    Posted on: 12/22/2011 | 0 Comment
    Submit a Comment
    RSS Feed
  • Key Characteristics of an Integrated GRC Program

    Integrating GRC is about bringing people together to work towards common business goals. The biggest obstacles to integration are not the technical components but rather the organizational and cultural changes that to need to take place. The end result? A concerted effort among process, knowledge, frameworks, content, and technology that enables businesses to become more agile and benefit from improved business performance over the longer term. Below are some of the key characteristics of a successfully integrated GRC program:

    • Adoption of Common Risk Language:
      In a previous blog post, I highlighted the importance of having a GRC culture in which the entire company, including legal, IT and business users embrace a single GRC vision that supports business goals. Adoption of a common risk language help
    Posted on: 12/7/2011 | 0 Comment
    Submit a Comment
    RSS Feed
  • Enterprise Risk Management Complimentary Webinar– December 7th, 2:00 p.m. EST

    On December 7, 2011 Protiviti will present a complimentary webinar: "Drive Strategy to Execution with Enterprise Risk Management," that will discuss how the effective use of Enterprise Risk Management (ERM) can assist in developing the tools businesses need to define, challenge and execute overall strategy. Joining us as special guest speaker will be Forrester Research Senior Analyst Chris McClean.

    After a decade of high-profile business failures and a subsequent financial recession, companies are now placing higher importance on ERM, noting that effective implementation can better equip management with the tools to effectively execute on a broader business strategy. Webinar attendees will have the opportunity to hear Protiviti Director Michael McGarry and yours truly, along with Forrester’s Chris Mc

    Posted on: 11/29/2011 | 0 Comment
    Submit a Comment
    RSS Feed
  • IT Risk Spending

    We've had a lot of discussions recently about how a variety of trends, such as an increasingly complex regulatory environment, big data, and financial loss from fraud, as well as highly publicized governance disasters, such as unauthorized trading, are driving an increased focus on risk management. Now we have some solid numbers to back this up. According to an ...[Read More]

    Posted on: 11/28/2011 | 0 Comment
    Submit a Comment
    RSS Feed
  • Tips for A Successful Implementation

    Through the selection and implementation phases of the Governance Portal, clients often ask me “what are the risk factors” or “what should I be worried about.” Looking back at more than 400 implementations, our team has certainly learned some lessons and developed techniques for managing this process. Considering the continued interest in this topic, I thought I’d share some of our experiences through this forum, cataloged across the following categories:

    Allocate resources to a core project team:
    While we typically manage Governance Portal implementations on behalf of our clients, I cannot stress enough how
    Posted on: 11/17/2011 | 0 Comment
    Submit a Comment
    RSS Feed
  • Fraud Awareness Week – November 6-12
    International Fraud Awareness Week, sponsored by the Association of Certified Fraud Examiners (ACFE), encourages businesses and employees to promote anti-fraud awareness and education. According to the ACFE, organizations lose an estimated five percent of their annual revenues to fraud. But even more important than this loss of revenue is the possibility that a successful fraud scheme can put your organization’s entire financial, operational and brand stability at risk.
    Posted on: 11/12/2011 | 0 Comment
    Submit a Comment
    RSS Feed
  • Multiple Sources of Assurance
    Our team has just completed our second annual U.S. Governance Portal User Forum, held in Chicago last week., As in Europe, we had a great event with a lot of sharing, learning and discussions among the attendees. The participants were a diverse group – spanning multiple industries and varying in organization size. I found it interesting to see professionals mostly focused on a single GRC domain (e.g. financial controls management or internal audit) interacting with professionals tackling multi-domain GRC. Many of the professionals using our Governance Portal for only one purpose were pleasantly surprised to see how what they do for one set of risks can be applied relatively simply to another set of business challenges. On the other hand, teams tackling multi-domain GRC benefited from the experience of our clients that have
    Posted on: 11/4/2011 | 0 Comment
    Submit a Comment
    RSS Feed
  • A GRC Culture

    In too many companies, there’s a major disconnect—sometimes even a subtle antagonism—between those charged with risk management and those working to reach top-line business goals. Both groups are working for the bottom-line good of the company, but it often seems they’re working at cross purposes, impeding each other’s progress.

     
    It doesn’t have to be this way. In fact, the more efficiently and consistently that risk management and compliance processes are integrated into the business, the better for both the top line and the bottom line.
     
    Writes Ben Cole, associate editor at SearchCompliance.com, in ...[Read More]
    Posted on: 10/18/2011 | 2 Comments
    Submit a Comment
    RSS Feed
  • Assessment of Assessments…

    Having just hosted the European Governance Portal User Forum this week, I would like to share some excitement that occurred towards the end of the session when we discussed our 2012 roadmap. I was pleasantly surprised by the response to our upcoming refresh of the Governance Portal’s assessment engine. Don’t get me wrong, it’s going to be a great update, but assessments and surveys have always been part of our software, so the excitement expressed by a large percentage of the attendees prompted me to think about why. My assessment of the assessment response is that because they allow us to solve multiple GRC objectives, we have grown to rely on assessments for many reasons. Surveys, assessments and their wide application in GRC implementations help make us and our colleagues successful within multiple domains. They can help us set a tone, communic

    Posted on: 10/7/2011 | 0 Comment
    Submit a Comment
    RSS Feed
  • GRC – From Strategy to Execution
    In our industry, we’ve seen all too often, the repercussions of what can happen if companies don’t execute an optimized enterprise-wide GRC strategy. Recently, the UBS unauthorized trading case garnered widespread attention, highlighting and reminding us of the importance of not only having an enterprise-wide risk and compliance program that looks and sounds good on paper, but also having the technology tools in place for enforcement. In his InformationWeek article, author Mathew J. Schwartz cites how the financial services industry still has more work to do with GRC, noting, “But too many businesses may not be taking a crucial next step, from not just having policies, but also the correct tools in place to automate and enforce them.” While people talk a lot more about GRC these days, the integration of GRC into daily business p
    Posted on: 9/30/2011 | 0 Comment
    Submit a Comment
    RSS Feed
  • GRC and the Theory of Everything
    I was speaking with a prospective buyer of GRC technology the other day. She had heard of the term “GRC,” and given its rather broad acronym, thought it might be a good fit for the problem she was looking to solve. Of course, being a GRC vendor, my first inclination was an emphatic, “OF COURSE IT’S A GOOD FIT!” However, there was one of those conscientious angels hovering around my left ear whispering, “This is not really a good fit. She needs something else.”
     
    The issue she was looking to resolve in her company related specifically to the analysis of contract terms acr
    Posted on: 9/25/2011 | 0 Comment
    Submit a Comment
    RSS Feed
  • ERM Gains Strategy Chops

    ERM hasn’t always been seen as a strategic cornerstone of business success, but I believe that perception is changing in a fundamental way. We have witnessed companies underperform vis-à-vis the promise of their business strategies because they don’t fully understand the inherent risks in a strategy, or they lack the ability to effectively track the execution of that strategy. In either case, ERM can help.

     

    When it comes to understanding the risks in a strategy, ERM can create a framework that helps management articulate, agree on, and communicate the company’s “risk appetite,” that is, the limits of what a company is willing to do in pursuit of its strategies. Doing this

    Posted on: 9/16/2011 | 0 Comment
    Submit a Comment
    RSS Feed
  • Integrated Remediation and Audit Management

    Remediation and audit activities in GRC systems have emerged as central components that align work effort across all GRC stakeholders. [FYI: Protiviti’s recent edition of Internal Auditing Around the World, Vol. VII, looks at strategies for critical integration of internal audit and risk management and addresses some of the elements in this blog post.]

     

    After the first round of silo financial control management and risk management implementations, most GRC system clients are now looking t

    Posted on: 9/12/2011 | 0 Comment
    Submit a Comment
    RSS Feed
  • ERM: From Strategy to Execution

    Compliance Week magazine has just released an eBook that contains various articles about the hot topic of ERM, titled ERM: Expanding Your Compliance and Risk Management Efforts Into Successful, Enterprise-Wide Programs. The eBook includes several compelling articles, including “ERM: From Strategy to Execution” written by yours truly (Scott Wisniewski) and my colleague Michael McGarry, a director within Protiviti’s Risk and Compliance practice and the firm’s Early Mover Center of Excellence. The eBook is complimentary; you just need to register to download it. (In the spirit of full disclosure, Protiviti is a pro

    Posted on: 9/1/2011 | 0 Comment
    Submit a Comment
    RSS Feed
  • Breaking Down Your Risk and Compliance Silos for a More Effective Program

    ​Forrester defines grc generally as “a coordinated set of functions that support strategic decisions and actions to maximize business performance within acceptable risk thresholds and increased control.” It’s a mouthful but clear after careful reading. It’s the policies and procedures a business sets up to try to ensure it can perform optimally given its appetite for risk. 


    Because the “coordinated set of functions” for GRC must be coordinated among the varied risk and compliance silos—strategic, financial, operational, regulatory, IT, legal— organizations are adopting “integrated GRC” as the means to increase transparency into all these areas of risk and thereby create a unified program that allows resources and knowledge to be shared efficiently in order to m
    Posted on: 8/30/2011 | 0 Comment
    Submit a Comment
    RSS Feed
  • GRC for Data Governance & Management
    It’s evident that data is growing exponentially in volume and complexity; in fact, as IDC U.S. vice-president of storage and Big Data analyst, Benjamin Woo notes, “In 10 years we are going to grow that data amount 44 times to 35 zettabytes by 2020 and almost 50 per cent of new data generated will be in the Cloud within 10 years, which means someone else is going to be touching your information along the way.” While I wasn’t able to attend Woo’s presentation at the Implementing Information Infrastructure Symposium (IIIS) in Sydney earlier in the month, journalist Harnish Barwick captured some interesting highlights in his story posted on Computerworld.com.
     
    So how does GRC fit in this amorphous mass
    Posted on: 8/15/2011 | 0 Comment
    Submit a Comment
    RSS Feed
  • Policy Management – Living Documents or Collecting Dust?

    ​Analysts from Gartner and Forrester have incorporated the concept of policy (or broader content) management into their reviews of GRC platforms, and industry pundits have recently blogged about policy management. In particular, Michael Rasmussen has written insightful commentary on many of the issues organizations face with policies as well as the requirements of a good policy management system. 


    With an increased focus on this topic, and a fair amount of writing related to the associated problems with policy management, it is reasonable to ask why policies are important in the first place. It may seem intuitive that a company should have good policy management, but if it’s a big costly hassle, then why bother to do it? Management of external regulations is an obvious
    Posted on: 8/5/2011 | 3 Comments
    Submit a Comment
    RSS Feed
  • Dodd-Frank Act – One Year Later

    The uncertainty around the Dodd-Frank Wall Street Reform and Consumer Protection Act (“DFA”) leads to an ironic certainty for enterprises: they must have the flexibility and adaptability to implement and enforce whatever comes out of the evolution of DFA.

     

    This uncertainty has several causes. The first is that regulators have missed deadlines associated with the implementation of DFA, which is the result of the scope and complexity of legislation that includes more than 1,000 pages of text and, according to the U.S. Chamber of Commerce, requires regulatory agencies to enact 350 rules, conduct 47 studies, and issue 74 reports. As of the

    Posted on: 7/28/2011 | 0 Comment
    Submit a Comment
    RSS Feed
  • Welcome to the GRC Tech Portal Blog!

    We're kicking off our new GRC technology-focused blog to provide industry insiders who deal with governance issues on a daily basis with insights gleaned from our GRC experience.  Technology is often where concept meets reality.  Our goal is to introduce perspectives that distill market-relevant topics and ideas into practical applications.  GRC encompasses a broad set of business activities, so keeping things simple may be a challenge, but we're going to try.  For larger organizations, GRC management involves multiple departments with multiple areas of expertise trying to balance the execution of business strategy and improving operational performance against managing risk.  GRC management should also increase transparency and control within organizations even as they strive for greater agility in the face of mounting pressures—pressures from financial instability, globaliza

    Posted on: 7/22/2011 | 0 Comment
    Submit a Comment
    RSS Feed

  About the GRC Tech Portal Blog

The GRC Tech Portal Blog – a window into all things related to using technology to manage governance, risk and compliance.
 

  Have a Suggestion for a Topic?

If you have a topic that you would like to add to the conversation or feedback on the topics under consideration, please share it with us.

  Blog Roll

  Tag Cloud