Category Archives: GRC Consulting

Enhance Your GRC Projects with New Perspectives

Recently, I had the opportunity to gain some new perspectives and completely change surroundings. Not only did I transition to a new client, but I made a geographical move across the country. New office, new client coworkers, new breakfast and lunch locales – even a new time zone! I’ve traded in all of my routines for a fresh start, and to be honest, I couldn’t be happier. I’ve learned a variety of new things about myself that I would not have been able to do had I stayed in my old surroundings.

When in the middle of a GRC technology implementation, it’s easy to lose sight of the big picture. While we spend time checking off the business requirements, if we’re not careful we may be solving for trivial problems and missing a chance to add real value to the organization. If not written well, requirements documents become just a “wish list” of levers, dials and knobs aimed at simplifying existing aspects of the overall process. The core process is never questioned; the job of the new system is just to “clean it up” or “make it smoother.” Continue reading

Posted in GRC, GRC Consulting, GRC Technology Implementation | Tagged | Leave a comment

Sustaining Your GRC Program, After the Fireworks are Over

Firework shows are the ultimate front-loaded project; the type where it’s easy to lose sight of the long-term relationship. For two summers in my early twenties, I was a “Licensed Pyrotechnic Operator” by the Missouri Division of Fire Safety (which, if you know me, is like asking your cat to clean the swimming pool). My job description involved trekking to a variety of rural, hole-in-the-wall communities and assisting a team with blowing up a pre-determined number of explosives, without losing any appendages. After 12 hours of work in the hot sun, the day would end with a brilliant display of color and spectacle. For many teams, the end of the show was their queue to haphazardly tear down the tubes (the launching mechanisms for the fireworks) and get the heck out of Dodge (or Thayer, West Plains, Monett, etc.), all the while high-fiving each other and talking about the great event they just created. I was lucky enough to be assigned to a team that knew better, though. To be a successful fireworks operator, it’s not just about the show.

Sustainability in the fireworks business is about the complete relationship. The person signing the check is typically a city council member or the chair of an oversight committee. The last impression of this stakeholder isn’t the show, but the conditions that are left behind after the show. Was the area cleaned up appropriately? Was trash left behind? Was the team professional and on time? Small town leaders talk; one bad impression can lead to a lack of business, both this summer and beyond. Continue reading

Posted in GRC, GRC Consulting, GRC Technology Implementation | Tagged | Leave a comment

4 Tactics for Ensuring Enterprise Data Security

“Privacy” is the current buzzword sweeping the nation, and no matter who you ask, everyone seems to have different opinions on the subject. With the latest revelation of government and business surveillance, both domestic and international, many people are asking themselves, “Is my private data actually private?” The ongoing struggle between security and privacy is nothing new (and it will continue for years to come), but if there is anyone who needs to be more worried than most, it would be the businesses who handle sensitive, business-critical information on a daily basis. Continue reading

Posted in GRC Consulting, Risk Management | Tagged | 1 Comment

Office Space and the GRC Space

Most of us firmly entrenched in office/cubicle/workspace environments are familiar with the movie Office Space. For those that aren’t familiar with the plot, the film provides insights into the mundane life of a software engineering company, covering all the standard office clichés: the demanding boss with annoying catchphrases, cubicles, “efficiency experts” mass layoffs, printers that never do what you want them to do, themed parties (Hawaiian shirt day!), etc. Though bombing at the box office in the late 1990s, it’s now achieved cult status with its satiric take on office culture. Continue reading

Posted in GRC Consulting, GRC Technology Implementation | Tagged | 1 Comment

Getting the GRC Plane Off the Ground (And Keeping It There)

I have had the pleasure of working in the governance, risk and compliance (GRC) space for some time now, and one simple question that continues to come up is, “where do we start?” If you’re just starting your GRC journey, when you survey your landscape you’ll likely find contrasting personalities, specialized nomenclature and inflexible technology systems. Aligning operations and processes that have operated independently is no easy feat!

If you’re interested in optimizing your business operations through GRC, but feel immobilized as to what the next steps are, this blog post is for you. Based on my experiences in the industry, I’ve found the following five steps (all industry-neutral) to be the critical tasks to complete as you kick off your program. Continue reading

Posted in GRC Consulting | Tagged | Leave a comment