|
| GRC: It’s Better to be Good than Lucky | There is a saying that “it’s better to be lucky than good.” It seems, though, that those who are consistently lucky are probably good as well. They’re probably doing something inherently, even if subconsciously, that produces the desired result repeatedly. How does this apply to GRC? GRC isn’t something that companies do or don’t do. It is a discipline that is performed at varying levels of maturity across the organization. For many companies, sound governance, discipline and principles are infused throughout their enterprise based on organizational culture and tone.
It strikes me that our industry often speak | |
...[Read More] | |
Posted on: 4/20/2012 |
0 Comment | | Submit a Comment |  RSS Feed
|
| A Simpler Plan: An Extensible Entity Hierarchy | While the main focus of version 3.12 of the Governance Portal was on simplifying existing functionality, we have also added some great new features.
One that I’m particularly proud of is an extensible entity hierarchy that allows companies to manage multiple aspects of GRC from a central registry. The driving force behind the development of this feature is that larger enterprises have multiple objectives they are trying to achieve, often requiring unique structures and naming conventions. Our team has done a great job extending the entity hierarchy with a flexible, unlimited-depth framework that supports almost any GRC need. At the same time, we have consolidated the management of entities i | |
...[Read More] | |
Posted on: 3/8/2012 |
0 Comment | | Submit a Comment | RSS Feed
|
| More Contributors, More Expertise, a Broader Discussion | It’s only the end of February, but it’s already been an exciting year at Protiviti. We’ve released v3.13 of the Governance Portal, which will help our clients more seamlessly manage documentation, conduct confidential audits and analyze their data through more dynamic search interfaces. We’ve also kicked off our campaign to assist financial organizations with regulatory reform by initiating implementations of the Governance Portal with two systemically important financial institutions. We’re now heads down preparing for our mid-year 4.0 release. It’s going to significantly improve our clients’ IT organizations’ ability to offer GRC software as a solution to multiple risk, compliance and assurance related programs. Another important development is the expansion of the GRC Tech Portal Blog.
| |
Posted on: 2/29/2012 |
0 Comment | | Submit a Comment | RSS Feed
|
| Driving Strategy to Execution with ERM | On Tuesday, December 7, Chris McClean of Forrester Research and I, along with my Protiviti colleague Michael McGarry, delivered Drive Strategy to Execution with Enterprise Risk Management, a webinar that provided a concrete roadmap for how ERM can help companies eliminate the disconnect between their strategy and their execution. I’d like to thank Chris for sharing his client experiences and providing insight into how technology tools can support ERM.
During the webinar, we focused on ERM's role in strategy articulation and examined three tools (risk assessment, policy and risk tolerances) that can be used to drive strategy to execution. Over the course of the next few weeks, I'll provide some additional insight about each of these topics and respond to the many questions we receiv | |
...[Read More] | |
Posted on: 12/22/2011 |
0 Comment | | Submit a Comment | RSS Feed
|
| Key Characteristics of an Integrated GRC Program | Integrating GRC is about bringing people together to work towards common business goals. The biggest obstacles to integration are not the technical components but rather the organizational and cultural changes that to need to take place. The end result? A concerted effort among process, knowledge, frameworks, content, and technology that enables businesses to become more agile and benefit from improved business performance over the longer term. Below are some of the key characteristics of a successfully integrated GRC program:
- Adoption of Common Risk Language:
In a previous blog post, I highlighted the importance of having a GRC culture in which the entire company, including legal, IT and business users embrace a single GRC vision that supports business goals. Adoption of a common risk language help
| |
...[Read More] | |
Posted on: 12/7/2011 |
0 Comment | | Submit a Comment | RSS Feed
|
| Tips for A Successful Implementation | Through the selection and implementation phases of the Governance Portal, clients often ask me “what are the risk factors” or “what should I be worried about.” Looking back at more than 400 implementations, our team has certainly learned some lessons and developed techniques for managing this process. Considering the continued interest in this topic, I thought I’d share some of our experiences through this forum, cataloged across the following categories:
Allocate resources to a core project team:
While we typically manage Governance Portal implementations on behalf of our clients, I cannot stress enough how | |
...[Read More] | |
Posted on: 11/17/2011 |
0 Comment | | Submit a Comment | RSS Feed
|
| Multiple Sources of Assurance | Our team has just completed our second annual U.S. Governance Portal User Forum, held in Chicago last week., As in Europe, we had a great event with a lot of sharing, learning and discussions among the attendees. The participants were a diverse group – spanning multiple industries and varying in organization size. I found it interesting to see professionals mostly focused on a single GRC domain (e.g. financial controls management or internal audit) interacting with professionals tackling multi-domain GRC. Many of the professionals using our Governance Portal for only one purpose were pleasantly surprised to see how what they do for one set of risks can be applied relatively simply to another set of business challenges. On the other hand, teams tackling multi-domain GRC benefited from the experience of our clients that have | |
...[Read More] | |
Posted on: 11/4/2011 |
0 Comment | | Submit a Comment | RSS Feed
|
| A GRC Culture | In too many companies, there’s a major disconnect—sometimes even a subtle antagonism—between those charged with risk management and those working to reach top-line business goals. Both groups are working for the bottom-line good of the company, but it often seems they’re working at cross purposes, impeding each other’s progress.
It doesn’t have to be this way. In fact, the more efficiently and consistently that risk management and compliance processes are integrated into the business, the better for both the top line and the bottom line.
Writes Ben Cole, associate editor at SearchCompliance.com, in
...[Read More] | |
Posted on: 10/18/2011 |
2 Comments | | Submit a Comment | RSS Feed
|
| Assessment of Assessments… | Having just hosted the European Governance Portal User Forum this week, I would like to share some excitement that occurred towards the end of the session when we discussed our 2012 roadmap. I was pleasantly surprised by the response to our upcoming refresh of the Governance Portal’s assessment engine. Don’t get me wrong, it’s going to be a great update, but assessments and surveys have always been part of our software, so the excitement expressed by a large percentage of the attendees prompted me to think about why. My assessment of the assessment response is that because they allow us to solve multiple GRC objectives, we have grown to rely on assessments for many reasons. Surveys, assessments and their wide application in GRC implementations help make us and our colleagues successful within multiple domains. They can help us set a tone, communic | |
...[Read More] | |
Posted on: 10/7/2011 |
0 Comment | | Submit a Comment | RSS Feed
|
| GRC – From Strategy to Execution | In our industry, we’ve seen all too often, the repercussions of what can happen if companies don’t execute an optimized enterprise-wide GRC strategy. Recently, the UBS unauthorized trading case garnered widespread attention, highlighting and reminding us of the importance of not only having an enterprise-wide risk and compliance program that looks and sounds good on paper, but also having the technology tools in place for enforcement. In his InformationWeek article, author Mathew J. Schwartz cites how the financial services industry still has more work to do with GRC, noting, “But too many businesses may not be taking a crucial next step, from not just having policies, but also the correct tools in place to automate and enforce them.” While people talk a lot more about GRC these days, the integration of GRC into daily business p | |
...[Read More] | |
Posted on: 9/30/2011 |
0 Comment | | Submit a Comment | RSS Feed
|
| GRC and the Theory of Everything | I was speaking with a prospective buyer of GRC technology the other day. She had heard of the term “GRC,” and given its rather broad acronym, thought it might be a good fit for the problem she was looking to solve. Of course, being a GRC vendor, my first inclination was an emphatic, “OF COURSE IT’S A GOOD FIT!” However, there was one of those conscientious angels hovering around my left ear whispering, “This is not really a good fit. She needs something else.”
The issue she was looking to resolve in her company related specifically to the analysis of contract terms acr | |
...[Read More] | |
Posted on: 9/25/2011 |
0 Comment | | Submit a Comment | RSS Feed
|
| ERM Gains Strategy Chops | ERM hasn’t always been seen as a strategic cornerstone of business success, but I believe that perception is changing in a fundamental way. We have witnessed companies underperform vis-à-vis the promise of their business strategies because they don’t fully understand the inherent risks in a strategy, or they lack the ability to effectively track the execution of that strategy. In either case, ERM can help.
When it comes to understanding the risks in a strategy, ERM can create a framework that helps management articulate, agree on, and communicate the company’s “risk appetite,” that is, the limits of what a company is willing to do in pursuit of its strategies. Doing this | |
...[Read More] | |
Posted on: 9/16/2011 |
0 Comment | | Submit a Comment | RSS Feed
|
| Breaking Down Your Risk and Compliance Silos for a More Effective Program | Forrester defines grc generally as “a coordinated set of functions that support strategic decisions and actions to maximize business performance within acceptable risk thresholds and increased control.” It’s a mouthful but clear after careful reading. It’s the policies and procedures a business sets up to try to ensure it can perform optimally given its appetite for risk.
Because the “coordinated set of functions” for GRC must be coordinated among the varied risk and compliance silos—strategic, financial, operational, regulatory, IT, legal— organizations are adopting “integrated GRC” as the means to increase transparency into all these areas of risk and thereby create a unified program that allows resources and knowledge to be shared efficiently in order to m
| |
...[Read More] | |
Posted on: 8/30/2011 |
0 Comment | | Submit a Comment | RSS Feed
|
| GRC for Data Governance & Management | It’s evident that data is growing exponentially in volume and complexity; in fact, as IDC U.S. vice-president of storage and Big Data analyst, Benjamin Woo notes, “In 10 years we are going to grow that data amount 44 times to 35 zettabytes by 2020 and almost 50 per cent of new data generated will be in the Cloud within 10 years, which means someone else is going to be touching your information along the way.” While I wasn’t able to attend Woo’s presentation at the Implementing Information Infrastructure Symposium (IIIS) in Sydney earlier in the month, journalist Harnish Barwick captured some interesting highlights in his story posted on Computerworld.com.
So how does GRC fit in this amorphous mass | |
...[Read More] | |
Posted on: 8/15/2011 |
0 Comment | | Submit a Comment | RSS Feed
|
| Policy Management – Living Documents or Collecting Dust? | Analysts from Gartner and Forrester have incorporated the concept of policy (or broader content) management into their reviews of GRC platforms, and industry pundits have recently blogged about policy management. In particular, Michael Rasmussen has written insightful commentary on many of the issues organizations face with policies as well as the requirements of a good policy management system.
With an increased focus on this topic, and a fair amount of writing related to the associated problems with policy management, it is reasonable to ask why policies are important in the first place. It may seem intuitive that a company should have good policy management, but if it’s a big costly hassle, then why bother to do it? Management of external regulations is an obvious
| |
...[Read More] | |
Posted on: 8/5/2011 |
3 Comments | | Submit a Comment | RSS Feed
|
| Dodd-Frank Act – One Year Later | The uncertainty around the Dodd-Frank Wall Street Reform and Consumer Protection Act (“DFA”) leads to an ironic certainty for enterprises: they must have the flexibility and adaptability to implement and enforce whatever comes out of the evolution of DFA.
This uncertainty has several causes. The first is that regulators have missed deadlines associated with the implementation of DFA, which is the result of the scope and complexity of legislation that includes more than 1,000 pages of text and, according to the U.S. Chamber of Commerce, requires regulatory agencies to enact 350 rules, conduct 47 studies, and issue 74 reports. As of the | |
...[Read More] | |
Posted on: 7/28/2011 |
0 Comment | | Submit a Comment | RSS Feed
|
| Welcome to the GRC Tech Portal Blog! | We're kicking off our new GRC technology-focused blog to provide industry insiders who deal with governance issues on a daily basis with insights gleaned from our GRC experience. Technology is often where concept meets reality. Our goal is to introduce perspectives that distill market-relevant topics and ideas into practical applications. GRC encompasses a broad set of business activities, so keeping things simple may be a challenge, but we're going to try. For larger organizations, GRC management involves multiple departments with multiple areas of expertise trying to balance the execution of business strategy and improving operational performance against managing risk. GRC management should also increase transparency and control within organizations even as they strive for greater agility in the face of mounting pressures—pressures from financial instability, globaliza | |
...[Read More] | |
Posted on: 7/22/2011 |
0 Comment | | Submit a Comment | RSS Feed
|
|
|
|
|
|
|
|
|
|
|
|
About the GRC Tech Portal Blog |
| The GRC Tech Portal Blog – a window into all things related to using technology to manage governance, risk and compliance. |
| |
|
|
|
About the [ENTER BLOG NAME] Blog
|
|
| Welcome to Protiviti Blogs. Use this space to provide a brief message about this blog or blog authors. To edit this content, select "Edit Page" from the "Site Actions" menu. |
|
|
|
|
|
|
|
Fraud, GRC, Internal Audit, Risk Management, Dodd-Frank Act, Regulatory Reform, Regulatory Intelligence, Financial Services, Policy Management, Enterprise Risk Management, Governance Portal, Compliance, Security, Audit, Sarbanes-Oxley |
|
|
|