Many companies share some problematic habits when it comes to compliance. The worst of them is treating compliance like a checklist. In other words, thinking, “If we meet these specific compliance requirements, our company should run efficiently and securely.” While this is a simplified outlook, the point remains the same. Being compliant guarantees neither efficiency nor security,…Continue
Added by Steven Minsky on January 19, 2016 at 9:30pm — No Comments
The role of today’s risk managers is clear: to close the gap between strategic-level initiatives and the operational risks faced at the activity level.
To do this, many organizations are adopting risk-based GRC programs – both at the request of senior management and to meet the expectations of regulators. A large number of these programs rely on spreadsheets and shared drives to manage information collected across departments and levels. But today’s GRC software solutions are proven…Continue
Added by Steven Minsky on January 15, 2016 at 5:30pm — No Comments
Increasing cyber-hazards have been accompanied by another trend; Governance, Risk Management, and Compliance (GRC) focused on IT (referred to as IT GRC) is changing. More and more organizations have been turning to a risk-based approach.
Traditionally, IT is comprised of a variety of underlying functions. These functions include:
Added by Steven Minsky on January 4, 2016 at 3:30pm — No Comments