Author Archives: opgrc

A Proverbial Approach to Success

I am a quirky individual. One quirk, of which I am acutely aware, is my tendency to reference traditional English proverbs to summarize a point. We have all heard and used one or many of these famous proverbs at one time or another. While my wife, kids, friends and coworkers love to roll their eyes and give me grief for this particular personality trait, I am a firm believer that many of these proverbs have stood the test of time for a reason, and several of them are used quite frequently to this day (Check the origin stories for many of these proverbs.) Continue reading

Posted in GRC Education | Tagged | Leave a comment

Don’t Let Your Big Data Be a Big Mess

The amount of data we are exposed to, both professionally and personally, is expanding wildly, all while the amount of investment necessary to store this data diminishes. Since storing information is so cheap now, there’s no real disincentive to avoid becoming “data hoarders.” While data hoarding has a lot fewer health risks than knick-knack hoarding, if you don’t manage your inbound data well, you can end up equally overwhelmed and paralyzed when you realize the mess you’ve made. Continue reading

Posted in GRC, GRC Technology Implementation, Risk Management | Tagged | Leave a comment

Enhance Your GRC Projects with New Perspectives

Recently, I had the opportunity to gain some new perspectives and completely change surroundings. Not only did I transition to a new client, but I made a geographical move across the country. New office, new client coworkers, new breakfast and lunch locales – even a new time zone! I’ve traded in all of my routines for a fresh start, and to be honest, I couldn’t be happier. I’ve learned a variety of new things about myself that I would not have been able to do had I stayed in my old surroundings.

When in the middle of a GRC technology implementation, it’s easy to lose sight of the big picture. While we spend time checking off the business requirements, if we’re not careful we may be solving for trivial problems and missing a chance to add real value to the organization. If not written well, requirements documents become just a “wish list” of levers, dials and knobs aimed at simplifying existing aspects of the overall process. The core process is never questioned; the job of the new system is just to “clean it up” or “make it smoother.” Continue reading

Posted in GRC, GRC Consulting, GRC Technology Implementation | Tagged | Leave a comment

Don’t Paint Your Core Values Short: 3 Actions for Promoting Ethical Behavior

As a consultant, I’ve stayed in numerous hotel rooms of wide ranging quality. One common thread that connects all hotels, from the lavish Leela Palace of Bangalore to Joe’s Motel of “I booked last minute and just pray it has running water,” is wall art. No matter the location, quality or style of your locale, rest assured that throughout the building and in your room there will be non-descript, non-attention grabbing paintings adding subtle textures to the walls.

Your office may have similar, subtle images across its walls. These images likely have branded colors, invoke a warm message but are often ignored by the people that pass by. Allow me to introduce you to one of the most prevalent types of wall art in corporate life: your company’s corporate values. Continue reading

Posted in Compliance & Ethics, GRC | Tagged | Leave a comment

Failure Is an Option

I am a failure.

It’s time to come clean and admit that I have frequently (and at times remarkably) fallen short of what’s expected of me. Whether we choose to admit it or not, everybody fails. Einstein was written off as a dullard by his teachers. Abraham Lincoln failed at business, went bankrupt twice and was defeated in numerous campaigns for public office. Thomas Edison’s teachers told him he was “too stupid to learn anything.” JK Rowling was divorced, broke, depressed and on welfare. The list goes on and on. (You can read about more of these “failures” here.)

While I am certainly not trying to compare myself to these great men and women, the point is valid – no matter how successful one is perceived to be, the road taken to get there is often a bit bumpy. However, these bumps are often what jolt us forward and propel us to new discoveries. Continue reading

Posted in GRC, GRC Education | Tagged | 1 Comment

Sustaining Your GRC Program, After the Fireworks are Over

Firework shows are the ultimate front-loaded project; the type where it’s easy to lose sight of the long-term relationship. For two summers in my early twenties, I was a “Licensed Pyrotechnic Operator” by the Missouri Division of Fire Safety (which, if you know me, is like asking your cat to clean the swimming pool). My job description involved trekking to a variety of rural, hole-in-the-wall communities and assisting a team with blowing up a pre-determined number of explosives, without losing any appendages. After 12 hours of work in the hot sun, the day would end with a brilliant display of color and spectacle. For many teams, the end of the show was their queue to haphazardly tear down the tubes (the launching mechanisms for the fireworks) and get the heck out of Dodge (or Thayer, West Plains, Monett, etc.), all the while high-fiving each other and talking about the great event they just created. I was lucky enough to be assigned to a team that knew better, though. To be a successful fireworks operator, it’s not just about the show.

Sustainability in the fireworks business is about the complete relationship. The person signing the check is typically a city council member or the chair of an oversight committee. The last impression of this stakeholder isn’t the show, but the conditions that are left behind after the show. Was the area cleaned up appropriately? Was trash left behind? Was the team professional and on time? Small town leaders talk; one bad impression can lead to a lack of business, both this summer and beyond. Continue reading

Posted in GRC, GRC Consulting, GRC Technology Implementation | Tagged | Leave a comment

4 Tactics for Ensuring Enterprise Data Security

“Privacy” is the current buzzword sweeping the nation, and no matter who you ask, everyone seems to have different opinions on the subject. With the latest revelation of government and business surveillance, both domestic and international, many people are asking themselves, “Is my private data actually private?” The ongoing struggle between security and privacy is nothing new (and it will continue for years to come), but if there is anyone who needs to be more worried than most, it would be the businesses who handle sensitive, business-critical information on a daily basis. Continue reading

Posted in GRC Consulting, Risk Management | Tagged | 1 Comment