Sustaining Your GRC Program, After the Fireworks are Over


Have a plan for sustaining the excitement of your GRC deployment.

Firework shows are the ultimate front-loaded project; the type where it’s easy to lose sight of the long-term relationship. For two summers in my early twenties, I was a “Licensed Pyrotechnic Operator” by the Missouri Division of Fire Safety (which, if you know me, is like asking your cat to clean the swimming pool). My job description involved trekking to a variety of rural, hole-in-the-wall communities and assisting a team with blowing up a pre-determined number of explosives, without losing any appendages.

After 12 hours of work in the hot sun, the day would end with a brilliant display of color and spectacle. For many teams, the end of the show was their cue to haphazardly tear down the tubes (the launching mechanisms for the fireworks) and get the heck out of Dodge (or Thayer, West Plains, Monett, etc.), all the while high-fiving each other and talking about the great event they just created. I was lucky enough to be assigned to a team that knew better, though. To be a successful fireworks operator, it’s not just about the show.

Continue reading

Posted in GRC, GRC Consulting, GRC Technology Implementation | Tagged | Leave a comment

4 Tactics for Ensuring Enterprise Data Security


Businesses of all sizes benefit from a sound information security program.

“Privacy” is the current buzzword sweeping the nation, and no matter who you ask, everyone seems to have different opinions on the subject.  With the latest revelation of government and business surveillance, both domestic and international, many people are asking themselves, “Is my private data actually private?”  The ongoing struggle between security and privacy is nothing new (and it will continue for years to come), but if there is anyone who needs to be more worried than most, it would be the businesses who handle sensitive, business-critical information on a daily basis.

Continue reading

Posted in GRC Consulting, Risk Management | Tagged | 1 Comment

Raising Your Internal Audit IQ: Education through Education


The author heads to New York to teach. . . and learn.

One of the most fulfilling activities I engage in is serving as a volunteer instructor for the Institute of Internal Auditors (IIA). I’ve always been a fan of the IIA’s simple yet elegant goal for the internal audit profession: “progress through learning.” Their volunteer Instructor program stays true to that mantra by leveraging the time and talent of the professional community to help perpetuate the development of internal audit professionals.

Continue reading

Posted in Audit Management, GRC | Tagged | Leave a comment

Office Space and the GRC Space


Have you covered your basis with managing change in your GRC program? Review these tips to minimize the headaches in your office.

Most of us firmly entrenched in office/cubicle/workspace environments are familiar with the movie Office SpaceFor those that aren’t familiar with the plot, the film provides insights into the mundane life of a software engineering company, covering all the standard office clichés:

  • the demanding boss with annoying catchphrases
  • “efficiency experts”
  • mass layoffs
  • printers that never do what you want them to do
  • themed parties (Hawaiian shirt day!)

Though bombing at the box office in the late 1990s, it’s now achieved cult status with its satiric take on office culture.

Continue reading

Posted in GRC Consulting, GRC Technology Implementation | Tagged | 1 Comment

Getting the GRC Plane Off the Ground (And Keeping It There)


Achieving lift in your GRC program involves a variety of moving parts. By following a plan, you can get your GRC program to soar.

I have had the pleasure of working in the governance, risk and compliance (GRC) space for some time now, and one simple question that continues to come up is, “where do we start?” If you’re just starting your GRC journey, when you survey your landscape you’ll likely find contrasting personalities, specialized nomenclature and inflexible technology systems. Aligning operations and processes that have operated independently is no easy feat!

If you’re interested in optimizing your business operations through GRC, but feel immobilized as to what the next steps are, this blog post is for you. Based on my experiences in the industry, I’ve found the following five steps (all industry-neutral) to be the critical tasks to complete as you kick off your program.

Continue reading

Posted in GRC Consulting | Tagged | Leave a comment