Request A Demo!

Author - Joe Wilson


An estimated billion people use Excel. Big score for Microsoft!  So how can spreadsheets be dangerous? If you are using them to manage your Governance, Risk and Compliance (GRC) they are: Time consuming Difficult to manage Prone to errors Do not provide a chain of evidence 1. TIME CONSUMING Face facts, your Risk and Compliance team members spend enormous amounts of hours constructing, posting, editing, and reporting via spreadsheets. It is critical work but: Is it efficient? Nope! Cost effective? Nope! [...]

Head off supply chain disruption

Potential supply chain disruption is a tangible risk.  This is not a matter of if, but when, how bad and what are your options? Your supply chain risk management system must function as an early warning system and to manage those risks as they arise. Risks include: Regulatory compliance; Information privacy and security; Contract obligations; Employee and third-party fraud; Corporate culture; Change management Managing an agile and comprehensive supply chain risk management system is tough. You must constantly ask, “How can [...]

Proving the need for GRC improvements

Proving the need for GRC improvements Constructing an ROI business case for GRC is tough, but it can get you budget. What follows is an approach to calculating Annual Loss Expectancy. While a bit of a scare tactic (FUD fear, uncertainty and doubt), it is a legitimate approach. It can help with senior management if presented in terms of protecting profitability. Annualized Loss Expectancy (ALE) is the expected monetary loss anticipated for an asset due to a risk during one year. [...]

The Case for Continuous Compliance

The challenge of running effective GRC programs has grown as the amount of information these programs track has exploded. This challenge has been made more difficult by the shift in many organizations’ compliance programs into more of risk management or avoidance program. What was previously viewed as a form of auditing or reporting is now seen as a hedge against risk. This GRC model requires a more intensive sampling of information that was done previously. Unfortunately, with many companies running [...]

Return on Investment Versus Failer - ROI vs ROF

ROI vs. ROF – Return on Investment versus Failure

We have seen a trend in companies struggle to justify their investment in a GRC solution. It is hard for them to get senior executive buy-in to investing in automating their compliance, security, quality, safety, etc. They “know” they need to do it, but it never seems to reach the priority queue. The directly impacted managers who own the programs are frustrated, the stakeholders who have to assist in manually updating information for the program are not particularly happy [...]

Vendor and Third-Party Risk Management is Difficult

Think Vendors Are Risky Now? Just Wait…

Ask vendor & third-party relationship managers whether their job is harder today than 5-10 years ago and you will get “both”. The technology has made the job easier in that communications and tracking are easier, but the fact that the technology made things easier just meant that they were being asked to do more with less. Technology has helped to manage more vendors efficiently, but that means more vendors for each vendor manager along with more detailed reporting, but [...]

The GRC Investment Chasm

We see a good deal of companies trying to figure out how much to invest in compliance. Tough question, right? How do you know when enough is enough until you are faced with the situation that you are trying to prevent? But, there is a reasonableness factor in investing in GRC. You need to make sure that you are compliant with external regulations, industry standards, or internal organizational policies. That is a given. We have outlined 4 decision gates to help [...]

Build it (Wrong) and They Will (Not) Come

A good program doesn’t just end when the system goes live, so we provide additional program and support services to answer the following issues that we inevitably apply: Success What KPIs do we measure iterative, progressive, and overall success? What is the performance roadmap? How do we measure? How do we transition? Who will be responsible for conducting internal business quarterly and annual performance & requirements assessments? Onboarding How do we get initial buy-in, acceptance, and usage? How do we set [...]

Communicating Policies and Keeping Them Relevant

GRC 20/20 Expert to Provide Insight on Stronger Policy Conveyance in the Enterprise ATLANTA, GEORGIA, MARCH 6, 2015 – A well-written policy that is not easily understood by employees is like having no policy at all; policy is only effective when employees know and understand it. Scattered approaches for policy access and communication also confuse employees. Every policy should have a communication plan that not only evaluates and determines necessary messaging, training and attestation but also aims to make policies [...]

Let Us Help Your Business

Request A Demo!