De-Mystifying (and Explaining the Connection Between) Risk-Related Acronyms and Phrases

One acronym after another. An ice cream headache, for sure, trying to understand the similarities, differences and connectivity between all these terms. You need to do it, however. Simplify, simplify, simplify. Break it down and truly comprehend everything. Get ready for the proverbial elevator speech, if the need for one materializes. Toward that goal, here[…]

The Compelling Case for an ERM Mission Statement

Risk is best defined as the “effect of uncertainty on the achievement of objectives.” The successful management of risk, therefore, is integrally connected to the achievement of the company’s strategic objectives. Enterprise Risk Management (ERM) is an essential discipline that all companies need to install, embed, and inculcate into the organization, in order to: Set[…]

Risk Management In A Down Economy

One of the biggest challenges to risk management programs, including cyber risk, arises from imposed belt tightening when economic downturns constrict funding and other resources. We’ve all been there from one time or another. All your efforts to re-evaluate risk management program needs, gaps, and improvements to further your maturity and completeness are derailed when[…]

Annual Tune-Up Time For Your Risk Management Program

Like cars, whose investment and value we protect and preserve with regular annual maintenance at the least, your GRC and risk management processes and tools require careful regular service to preserve and extend their value and utility. Business environments are fluid.  Change is a reliable variable from one year to another. Your business may have[…]

Your Embedded ERM Infrastructure May Have Become A Risk Enabler…What You Can Do About It

Enterprise software has a reputation for strength, resilience, and robust capabilities that enable it to fulfill all the expectations of management and lead to solid justification for the expense of staff resources, time, and treasure needed to establish its presence. Or so the story goes. This is the sales pitch, and candidly, it’s sometimes what[…]

Cyber Security and Risk Management—Who’s Responsible

There’s a lingering belief that these are IT management concerns. That lingering belief is founded upon a “perceived reality” of a business operating in an environment where IT was little more than a contributing discipline to complete tasks and deliver efficiency. It made some narrow sense in a world free of cyber anything, pre-internet, where[…]

Shopping For a GRC Platform

Almost every blog entry listed here makes some reference to a Governance, Risk, and Compliance (GRC) software tool and how it can help you manage cyber risk. But what if you don’t have one of these? What about spreadsheets? Or home grown database tools you made yourself and are certain are “good enough”? And suppose[…]

Holistic Third Party Risk Management

Third Party Risk Management (TPRM) is more than just management of a group or category of business relationships. It is a program unto itself with its own unique characteristics and methods. Too often, TPRM is viewed and undertaken as a procurement process subset. That can lead to a collection of discrete transactions managed on a[…]

cyber security software

When The Cyber War Comes Home

The modern battlefield has a new extension—cyberspace! And the modern battlefield is no longer confined to simple geographies of land masses, airspace, oceans, valleys and mountains. Better (more destructive) bombs, missiles, rockets, guns, and fighter aircraft, weren’t enough for us feisty humans. Just as the global economy has blurred once sharply defined geographical and economic[…]

EBI

Harvesting Information From GRC Data—The Promise of Business Intelligence Tools

Thirty-five years ago, my first article was published in a professional journal. It was the outgrowth of a talk I gave at a business conference on the use of computer generated graphical information reporting. In 1987 those technologies were in their infancy. Computerized business graphics, pie, line, and bar charts, generated using desktop systems and[…]

Top

DoubleCheck ERM One™

An out-of-the-box tool that delivers an integrated ERM process together with a comprehensive, high-level categorization of exposures (Financial, Core Business, Operational and Strategic), fully loaded with over 60 associated, pre-populated risks to be used as a starting point.

X