Tag Archives: Jonathan Kitchin

Don’t Let Your Big Data Be a Big Mess

The amount of data we are exposed to, both professionally and personally, is expanding wildly, all while the amount of investment necessary to store this data diminishes. Since storing information is so cheap now, there’s no real disincentive to avoid becoming “data hoarders.” While data hoarding has a lot fewer health risks than knick-knack hoarding, if you don’t manage your inbound data well, you can end up equally overwhelmed and paralyzed when you realize the mess you’ve made. Continue reading

Posted in GRC, GRC Technology Implementation, Risk Management | Tagged | Leave a comment

Don’t Paint Your Core Values Short: 3 Actions for Promoting Ethical Behavior

As a consultant, I’ve stayed in numerous hotel rooms of wide ranging quality. One common thread that connects all hotels, from the lavish Leela Palace of Bangalore to Joe’s Motel of “I booked last minute and just pray it has running water,” is wall art. No matter the location, quality or style of your locale, rest assured that throughout the building and in your room there will be non-descript, non-attention grabbing paintings adding subtle textures to the walls.

Your office may have similar, subtle images across its walls. These images likely have branded colors, invoke a warm message but are often ignored by the people that pass by. Allow me to introduce you to one of the most prevalent types of wall art in corporate life: your company’s corporate values. Continue reading

Posted in Compliance & Ethics, GRC | Tagged | Leave a comment

Sustaining Your GRC Program, After the Fireworks are Over

Firework shows are the ultimate front-loaded project; the type where it’s easy to lose sight of the long-term relationship. For two summers in my early twenties, I was a “Licensed Pyrotechnic Operator” by the Missouri Division of Fire Safety (which, if you know me, is like asking your cat to clean the swimming pool). My job description involved trekking to a variety of rural, hole-in-the-wall communities and assisting a team with blowing up a pre-determined number of explosives, without losing any appendages. After 12 hours of work in the hot sun, the day would end with a brilliant display of color and spectacle. For many teams, the end of the show was their queue to haphazardly tear down the tubes (the launching mechanisms for the fireworks) and get the heck out of Dodge (or Thayer, West Plains, Monett, etc.), all the while high-fiving each other and talking about the great event they just created. I was lucky enough to be assigned to a team that knew better, though. To be a successful fireworks operator, it’s not just about the show.

Sustainability in the fireworks business is about the complete relationship. The person signing the check is typically a city council member or the chair of an oversight committee. The last impression of this stakeholder isn’t the show, but the conditions that are left behind after the show. Was the area cleaned up appropriately? Was trash left behind? Was the team professional and on time? Small town leaders talk; one bad impression can lead to a lack of business, both this summer and beyond. Continue reading

Posted in GRC, GRC Consulting, GRC Technology Implementation | Tagged | Leave a comment

What’s Your Elevator Pitch?

This week marks the anniversary of the birth, and death, of a true American original, Major General George Owen Squier (March 21, 1865 – March 24, 1934). Besides his distinguished service record, Squier was a scholar, holding a Ph.D. from John Hopkins and being an elected member of the National Academy of Science. He was also an accomplished inventor, having discovered a way for the telephone to send multiple messages across a single line (multiplexing). However, the general’s most recognized achievement is one designed to not be recognized at all. Whether you’re shopping, having your teeth drilled or riding in an elevator you’ve likely been exposed to (don’t worry, it’s not contagious) Muzak – a term the general coined himself. Continue reading

Posted in GRC Education | Tagged | Leave a comment

Strategies for Using On-Screen Help to Enhance Your GRC Data

One of the risks you may or may not be tracking within your GRC program is the data quality within your online Governance, Risk and Compliance (GRC) tool. The reports and metrics within your GRC system hinge on the data provided by your end users. Mediocre, or worse, inaccurate data can have far reaching impacts across the enterprise. If you prioritize tasks and make risk and compliance decisions based off the data within your tool, you need to have plans and strategies in place for vetting and reviewing that data. Continue reading

Posted in GRC Technology Implementation, Risk Management | Tagged | Leave a comment

The Other ‘C’ of GRC: Cooperation

Recently I had the privilege of participating in something very rare: a GRC project kickoff meeting that involved both the CEO and the COO. While the organization was admittedly a smaller company than those I’ve dealt with in the past, the sheer presence of the company’s key decision makers spoke volumes about the team’s resolve to implement a scalable GRC program. The mood in the room was clear: all areas of the organization were ready to come together and build a plan that was best for all parties, whether it be IT, Risk or Compliance. It was said multiple times: “We want to follow the best practices so we all can be successful.” Small or not, this organization had already accomplished the often overlooked, but vastly important other “C” of GRC – cooperation. Continue reading

Posted in GRC Consulting, GRC Education | Tagged | 2 Comments

3 Tips for Better System-Generated Emails

There are blogs and even books solely devoted to helping me manage the deluge of incoming messages that causes my inbox to swell beyond comprehension. However, whether you’re a “touch it once” disciple, a “batch processor,” or something equally profound (such as the Pomodoro technique) these approaches only address the in-bound side of email. If you’re a GRC system administrator or a GRC process owner, you may be one of the culprits of this email overload. Continue reading

Posted in GRC Consulting, GRC Technology Implementation | Tagged | Leave a comment