grc (87)

Conservative estimates of GRC software implementations place the cost at either $200,000 or 50% of total licensing costs, whichever is greater. Even when initial costs are low, many vendors make up for apparent price reductions with professional services, or customizations, required to make the product work. Professional services are so ingrained in the software landscape that many organizations now consider them a necessary evil if they are to reap the benefits of GRC.

But you shouldn’t be payin

Read more…

LogicManager was recognized in a leading industry analyst’s most recent evaluation of the top 14 GRC software vendors. We take pride in the continued refinement of our product offerings and capabilities, as well as customer satisfaction levels unparalleled in the governance, risk, and compliance market.

LogicManager’s business model is designed to remove frustrations common with GRC solutions:

  • Software upgrades are included in the subscription. They are also seamlessly integrated so your use of th
Read more…

How to Build a Business Case for GRC Software

The role of today’s risk managers is clear: to close the gap between strategic-level initiatives and the operational risks faced at the activity level.

To do this, many organizations are adopting risk-based GRC programs – both at the request of senior management and to meet the expectations of regulators. A large number of these programs rely on spreadsheets and shared drives to manage information collected across departments and levels. But today’s GRC software solutions are proven to unlock val

Read more…

What's Changing in the Approach to IT GRC?

Increasing cyber-hazards have been accompanied by another trend; Governance, Risk Management, and Compliance (GRC) focused on IT (referred to as IT GRC) is changing. More and more organizations have been turning to a risk-based approach.

Traditionally, IT is comprised of a variety of underlying functions. These functions include:

  • IT Asset Management, commonly used to inventory servers, computers, and other technology hardware;
  • IT Risk Management, including vulnerability and threat identification an
Read more…

Governance programs are the unsung heroes of 21st-century business operations. Their situation is analogous to that of football’s offensive line.

If an offensive line does its job, no one will notice it, but when something goes wrong, the spotlight shifts.

Governance personnel know this feeling all too well. Unwanted surprises – be they compliance notices, audit findings, or a poor vendor relationships – are bad for business. Even a good surprise, like exceeding a sales target, can cause trouble i

Read more…

Take the Risk out of ERM and GRC Software

Forrester predicts that by the end of 2015, over half of all ERM and GRC software implementations will be done through Software-as-a-Service (SaaS) models. While SaaS GRC software is undoubtedly gaining traction and market share, many organizations are still hesitant to pursue SaaS solutions. Organizations fear housing organizational data “in the cloud” (a myth we explore below), and fall victim to the common misconception that on-premise solutions provid

Read more…

8028230496?profile=originalThe Baker/baker complex, as illustrated in Joshua Foer’s Moonwalking with Einstein, states that if you ask one person to remember a baker and another to remember a man named Baker; the person asked to remember the proper noun will struggle far more than the person asked to recall the bread maker.

Same word, two very different outcomes because one provides your memory with context, while the other floats independently, devoid of the connections and methodology that improve our recall.

At LogicManag

Read more…

ERM: 4 Predictions for 2015

The year 2014 has come and nearly gone, and it’s clear that enterprise risk management will not go quietly into the night. Following a 2013 that saw Edward Snowden NSA leaks, a Carnival Cruise line generator fire, and Target’s credit card heist (to name only a signature few), this year has proven to be no slouch: FINRA has disciplined thousands of companies with over $34 million in fines, Home Depot and Sony fell victim to IT security threats, and GM issued one of the largest recalls in automake

Read more…

CMS Wire's Norman Marks recent article, "Why Risk Management Technology Projects Fail," captures a common but limited viewpoint of Risk Management that limits its ability to succeed in any environment, whether supported by software, spreadsheets, or pen & paper.

"To be successful, a risk program has to be designed to enable managers to make intelligent, risk-informed decisions every day. The requirements have to include the perspectives of both the risk officer and of management... You need to en

Read more…

#ERMvsGRC - Home Depot in Focus


The goal of an ERM program is to put your organization in the best position to manage uncertainty, and to provide transparency into areas of vulnerability so businesses can make better decisions. Risk Management Software supports that process by providing insights and analytics that aren't obvious to the front

Read more…

How GRC Fails to Capture Enterprise Risk

8028226857?profile=originalGovernance functions are designed to manage risks that organizations face in operational and back office silos - financial misstatements, fraud, vendor management, disaster recovery, and other activities are all designed to address a subset of an organization’s risk profile. The concept of Enterprise Risk Management is not to create another function that exists in parallel to these areas, but rather creates a standardized methodology and language to objectively prioritize across functions and le

Read more…

The Cost of Reputation Risk


I came across a great presentation on Reputation Risk from Martin Davies of Causal Capital. It outlined the many dimensions of this onerous corporate threat. It offered a definition, a list of risk factors, its impact on a company’s financial condition and proposed frameworks to mitigate its effects.

In the pantheon of risk factors, reputational risk is the classic riddle wrapped in a mystery. Its obtuse nature is due in part because it can spring from a multitude of internal and external factors
Read more…

ERM vs GRC: Which adds more value?

Businesses began with Enterprise Risk Management (ERM) from the dawn of civilization. The first businesses were small and therefore one person knew all their customers, suppliers and processes. They knew all the risks within their business how they were connected to affect their business goals, which made it easy to manage both the upside and downside “impact of uncertainty on objectives”.

However, as the size of organizations grew in the industrial age, everyone became a specialist and groups of

Read more…

Risk Leadership - What is GRC?

I just returned from GRC 2012 - The inaugural industry conference bringing together the Australian Compliance Institute and the Risk Management Institution of Australasia. If you are wondering what GRC stands for, why the associations combined their conferences and what GRC really means, here are my views.What does GRC stand for? GRC is an acronym for Governance, Risk and Compliance. It has its origins in the US, particularly post the large corporate collapses of a decade ago, where there was a
Read more…

ERM Compliance and Enforcement

8028222470?profile=originalIn my last blog and On-Demand Webinar “Presenting Risk Management to the Board,” I was asked for help identifying government regulations that hold Boards responsible for Enterprise Risk Management (ERM) compliance.

Definition: First some background, the SEC Proxy Disclosure Enhancements rule defines ERM compliance as extending the board's role in risk oversight to the threshold of material impact of the risk regardless of the level. Boards of Directors were previously only responsible for CEO- le

Read more…

Presenting Risk Management to the Board

The first shoe to drop was government regulations holding the Board of Directors personally responsible for the effectiveness of enterprise risk management programs at their organizations. Boards are given a choice between proving their risk management programs are effective or disclosing their ineffectiveness in risk management to the public. If they do neither, it is considered fraud, as not knowing about a risk is no longer a defense.


What does enterprise risk management effectiveness mean? No

Read more…

Date: Thursday November 8th, 2012

Time: 1:00 pm eastern, 10:00 am pacific


Early in 2012, SAP commissioned an independent study to understand how companies are preventing access risk and fraud A vast majority of the 183 research respondents confirmed that managing access risks were "very" or "extremely" important to senior leadership in their organizations. Yet the same group found it challenging to establish and maintain a program for

Read more…

a free Webinar about an organisation development-  and diagnostic risk approach to implementing ISO 31000 in organisations.

The Webinar involves a brief presentation by Dr. Dean Myburgh, a New Zealand-based Risk Management Consultant with specialist diagnostic expertise; there will also be an opportunity for discussion on this approach that enables consultants and internal risk management facilitators to:

  • Facilitate risk identification and discussion at all levels, both multiple self-assessment
Read more…

First, what is Sarbanes-Oxley (SOX) 404 compliance? It is the legal requirement for public companies that senior management state that their company's financial reporting is accurate. Sounds simple? The expense and the value are all in the execution. How is that done? Simply put, the flow of information from the financial reports themselves is traced and connected to the activities that generate that information and the resources that are depended upon to generate that information. That sounds l

Read more…

This white paper presents a low risk, high impact approach to gaining control of regulatory compliance. The procedures, tasks, and behaviors that bear upon compliance can be overwhelming. Yet organizations that can master these activities, operate more efficiently, compete more effectively, and build their brands. Learn how Governance, Risk, and Compliance technologies can help.

Learn more: ===⇒

Read more…

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!