Blog

LogicManager was recognized in a leading industry analyst’s most recent evaluation of the top 14 GRC software vendors. We take pride in the continued refinement of our product offerings and capabilities, as well as customer satisfaction levels unparalleled in the governance, risk, and compliance market.

LogicManager’s business model is designed to remove frustrations common with GRC solutions:

• Software upgrades are included in the subscription. They are also seamlessly integrated so your use of th

The role of today’s risk managers is clear: to close the gap between strategic-level initiatives and the operational risks faced at the activity level.

To do this, many organizations are adopting risk-based GRC programs – both at the request of senior management and to meet the expectations of regulators. A large number of these programs rely on spreadsheets and shared drives to manage information collected across departments and levels. But today’s GRC software solutions are proven to unlock val

In light of recent events, the Environmental Protection Agency is using new monitoring techniques to evaluate the quality of companies’ classifications and reporting of hazardous materials. Ironically, as we all learned recently, even the EPA itself isn’t immune to catastrophic, if preventable, mistakes. New compliance regulations increase the importance of standardized risk identification, mitigation, and monitoring strategies.

Two takeaways from this new development:

1. A variety of companies, part

Despite the growing necessity of robust risk management software for companies of all sizes, it’s easy to think of risk solutions as akin to insurance, like guardrails that prevent a vehicle from careening off a narrow mountain road; the thought of actually needing them in the event of a failure is too unsettling to dwell on.

That functionality is of course important, but what about day-to-day operations and costs? An efficient risk management process starts with identifying and assessing risks a

This past April, an Air Force reconnaissance airplane caught fire. At the time, 27 airmen were on the plane, and all their lives were put in danger. What went wrong and caused this costly error? According to U.S. Air Force investigators, the mistake traces back to an error in vendor management. In this case, a vendor failed to properly secure an oxygen tank, resulting in a “highly flammable oxygen-rich environment that ignited.”

Findings also indicate that problems with the military contractor ma

Take the Risk out of ERM and GRC Software

Forrester predicts that by the end of 2015, over half of all ERM and GRC software implementations will be done through Software-as-a-Service (SaaS) models. While SaaS GRC software is undoubtedly gaining traction and market share, many organizations are still hesitant to pursue SaaS solutions. Organizations fear housing organizational data “in the cloud” (a myth we explore below), and fall victim to the common misconception that on-premise solutions provid

Enterprise Risk Management (ERM) Software, unfortunately, is a poorly defined (and often poorly executed) concept, but by structuring your vendor selection around the core concepts of Enterprise Risk Management, Risk Managers can mitigate the inherent risks that accompany a software implementation.

Common Pitfalls of ERM Programs

The common maturity process of an ERM programs looks something like this: define our purpose with an ERM charter, define our process, and then seek automation to support

The Baker/baker complex, as illustrated in Joshua Foer’s Moonwalking with Einstein, states that if you ask one person to remember a baker and another to remember a man named Baker; the person asked to remember the proper noun will struggle far more than the person asked to recall the bread maker.

Same word, two very different outcomes because one provides your memory with context, while the other floats independently, devoid of the connections and methodology that improve our recall.

At LogicManag

The RIMS Risk Management Society (LogicManager’s co-author for the RIMS Risk Maturity Model) promotes the adoption of Risk Committees for organizations looking to formalize their enterprise risk management processes.

With more organizations adopting risk committees or similar governance groups, the question remains: What should risk managers present to their risk committee; or conversely, what should risk committees ask that their managers present to them?

Forrester Research, in their report on me

Last week, Insurance News Net’s Trish Ennis examined the relationship between occupational  health, safety risk management and reputational risk.

Texas City refinery. Upper Big Branch mine. Deepwater Horizon. Tazreen Fashions factory. Rana Plaza. Each of these tragedies was caused by a chain of events that included safety and health system deficiencies. They have something else in common, too: They all caused significant damage to the reputations of the organizations involved.”

Ennis highlights an

One of the most frequently cited differences between Software-as-a-Service (SaaS) and On-Premise installations is the degree of flexibility between each type of solution. With SaaS solutions on the rise for GRC and Risk Management Software, more and more organizations are realizing that everything they thought they understood about the differences between SaaS and On-Premise is wrong. So what can we learn from their mistakes?

A Conflict of Interest

On-Premise vendors make about 50% of their revenu

Online media outlet TechTarget recently visited the 2014 Advanced Cyber Security Center (ACSC) conference right in our hometown of Boston, MA. Their findings? A successful cybersecurity risk management framework must be built around “Coordination. Cooperation. Collaboration.”

"You are not going to eliminate the risk of attacks, you are going to manage the risk," said Michael Chertoff, former secretary of the U.S. Department of Homeland Security. Chertoff directed organizations to focus on threat

CMS Wire's Norman Marks recent article, "Why Risk Management Technology Projects Fail," captures a common but limited viewpoint of Risk Management that limits its ability to succeed in any environment, whether supported by software, spreadsheets, or pen & paper.

"To be successful, a risk program has to be designed to enable managers to make intelligent, risk-informed decisions every day. The requirements have to include the perspectives of both the risk officer and of management... You need to en

Home Depot hacked. http://t.co/qZROzHKWr2. This #risk preventable with #ERMSoftware. So why are ERM Programs failing? http://t.co/gcbLO6wCjz

-- Steven Minsky (@SteveMinsky) September 2, 2014

The goal of an ERM program is to put your organization in the best position to manage uncertainty, and to provide transparency into areas of vulnerability so businesses can make better decisions. Risk Management Software supports that process by providing insights and analytics that aren't obvious to the front

Despite reports that more than 65% of organizations have adopted Enterprise Risk Management, executives remain unimpressed and skeptical of the value their ERM programs are providing versus what is needed.

A new report by APQC finds that fewer than 1 in 5 executives say their companies are effectively managing emerging risk, and the report's authors worry that "Companies may be 'checking the boxes' that say they have processes to monitor strategic risks."[1]

Additionally, two in three companies sa

Once SharePoint has taken root in a company, there’s a tendency to try to use it for everything. The mega-popular platform can accomplish many use cases, from social networking to document management. It’s no wonder then that Risk Managers have been asked to build their programs on SharePoint - and live and die with the consequences. If your organization is considering SharePoint for ERM or other governance activity, or you’re considering moving your program off SharePoint all together, consider

Jeffery Reynolds’ article in ABA Banking Journal, “ERM: Getting it, and getting it right”, equates the definition of Enterprise Risk Management with happiness.

"Before you start with ERM, you have to define it. If it were only that easy to nail down the definition of ERM—but it is not…Defining ERM is like defining happiness. Happiness is not the same for me as it is for you. Nor is it the same for me today as it was 20 years ago. And what drives happiness today will likely not be what defines hap

Many business cases for Enterprise Risk Management programs begin with what senior management can expect in terms of return on investment (ROI). While ROI may not be the best indicator of ERM success (it’s tough to quantify the monetary value of risks you’ve mitigated), there are simple and direct steps you can take to demonstrate the efficiency your program will gain through the implementation of an ERM system.

On average, risk managers spend 62% of their time on tactical, rather than strategic,

While SharePoint is a good tool for file storage, it falls significantly short of delivering the capabilities a risk manager needs to analyze trends and see the relationships the job requires.

Cost & Innovation

SharePoint on the surface may look like an inexpensive solution versus commercial ERM software, however the hidden cost of IT development is rarely understood until too late. To make a SharePoint project useful, a minimum of $150,000 in labor alone invested over 2 years is required for sma

In previous blogs, I've covered the differences between ERM and GRC offerings. One critical difference I'd like to explore more fully is the concept of Software-as-a-Service, especially as it pertains to the IT departments and legal councils charged with approving your ERM or GRC solution. Due to Software-as-a-Service's relatively recent entry into the Business to Business marketplace, it's not uncommon for risk managers to be concerned, even fear, how solutions that are not exclusively hosted o