The problem of silos within GRC comes down to a conflict between systems of evidence and systems of knowledge.
The state of GRC: Are internal controls a manageable dimension of the business and do we understand how to manage them?
Risk management: If business is more complex and managing a business is more difficult, we have failed, not as risk managers, but as control managers.
If the risks are the same but they’re happening in more places, then we need to examine our GRC practices.
The 3 lines of defense model is essential, but insufficient. Here is what it’s missing.
Risk oversight requires the ability to differentiate risks in a meaningful way and to develop responses appropriate to the nature of the risk.
Common in the GRC world, dead rats are random, somewhat mysterious, kind of ugly, undeniable realities. The very presence of a dead rat causes anxiety.
Governance, risk, and compliance (GRC) requires a strategic approach to address business risks and solutions. We invite your feedback to SAP's new app.
Football does have its problems – setting an example for transparency with minimal external regulation. What can the business world learn from the sport?
Speed in GRC changes everything. Why haven't we begun to imagine the possibilities, let alone exploit them?