Recent Stories

Dead Rats In Risk Management: The Myth Of Complexity

Dead Rats In Risk Management: The Myth Of Complexity

Recent research commissioned and published by SAP (Managing risk in an age of complexity) reveals a startling conclusion that seems to reinforce the notion that complexity is a…
The State Of GRC: Should We Manage Controls?

The State Of GRC: Should We Manage Controls?

Surveys suggest that more and more things seem to be going wrong. Either there are more risks than ever, or there are more “things.” If there are more risks,…
audit committee

Three Lines Of Defense: Collaboration, Not Segregation

The Three Lines of Defense model has become popular in recent years. It began with the Guidance on the 8th EU Company Law Directive published by the Federation of European Risk Management Associations (FERMA). It now has…
A New Approach To Risk Oversight: A Lens To Look Through And Levers To Pull

A New Approach To Risk Oversight: A Lens To Look Through And Levers To Pull

Risk management continues to fall short of expectations. Surveys show boards and senior executives believe risk management is important, but they also reflect an overwhelming dissatisfaction with the ability…
Dead Rats And GRC

Dead Rats And GRC

Sometimes in the governance, risk, and compliance (GRC) world, we lose sight of the big picture and the real business issues and fall back on jargon and technical terms….
employee training

A Strategic Solution For The Disintegration Of GRC

Forgive me for being a little abstract and conceptual, but I believe governance, risk, and compliance (GRC) is rapidly disintegrating. Fragmentation of GRC Stick an adjective in front of the word “risk” and a new silo is established (privacy…
Does The Super Bowl Need SOX?

Does The Super Bowl Need SOX?

Here we go again. Deflated footballs. A major compliance failure. Management deniability. Mysterious circumstances. Loss of public confidence. Blatant wrongdoing. A few years ago, the business world…
Why Speed Matters To GRC

Why Speed Matters To GRC

About five years ago, I was sitting beside a pool in Palm Springs while on a winter vacation when my phone rang. It was one of…
Everything I Know About Key Risk Indicators I Learned In Middle School

Everything I Know About Key Risk Indicators I Learned In Middle School

A number of years ago, while living near Houston, Texas and working for a major oil company as an audit director, I joined the local volunteer fire department…
dead rat

Dead Rats In Risk Management

It seems that almost every day I read blogs or articles in professional journals lamenting the fact that business executives aren’t supporting risk management initiatives in their business or not consuming the reports and conclusions of their risk…