How GRC Platforms Enable Effective Board-Level Reporting

Our last discussion talked about how to present cyber and related risk information to your Board of Directors in a relevant and meaningful manner. Here we’ll explore how a GRC software platform can help organize and structure risk data from multiple sources necessary to perform this analysis to support such meaningful Board level reporting. And[…]

Addressing the Right Cyber Risk…. An Example

Recently there was a malware attack discovered. “So?”, you might ask?  “There’s always a malware attack of some sort or another being identified, reported and measured for its scope and impact.”  Well, this one was unique in several ways: First, it seemed to target Mac OS, which is a rarity for technical (its UNIX roots)[…]

Exploring Risk Management software: What Separates the Good from the Great – A User’s Perspective

Choosing a risk management platform is an important process.  First, and foremost, companies often think this software must reflect the priorities, practices, and processes of your current operating risk management processes— “model what we do and how we do it”, so to speak.  This can be a fundamental, strategic error. If you are in the[…]

The Evolution Of GRC As Compliance And Risk Management Become More Complex

The core functionality of GRC has evolved in response to the need for a standardized and centralized data and process management structure supporting compliance and risk management functions in light of increasing complexity in both activities. As GRC further evolves into an enterprise platform, these capabilities cease to be solution differentiators, although they are no[…]

The Configurability of Workflows With GRC

The Configurability of Workflow In some cases, these capabilities represent very basic, generic understandings of a workflow in the abstract that do not match the specific processes of the organization in question. Even in tools focused on a specific function or application of GRC, the workflows used by the solution may not match the individual[…]

A Director’s View Of Risk: Opportunities For True Enterprise GRC

The increased complexity and stakes of risk and compliance have resulted in strengthened demand for an understanding of the risks that face an organization. While this raises the profile of compliance and risk management with corporate leadership, it also presents new challenges. Few directors or senior executives outside of risk and compliance management have in-depth[…]

Managing Risk & Compliance Across 3rd Party Relationships

This blog is an extract from the white paper Managing Risk & Compliance Across 3rd Party Relationships, written by Michael Rasmussen of GRC 20/20 Research. The paper, in its entirety, can be found by clicking here. DoubleCheck is a GRC solution that GRC 20/20 has researched, evaluated, and reviewed with organizations that are using it in[…]

Business Intelligence And Analytics In The Place Of GRC Reporting

Most GRC solutions include some sort of automated reporting, producing either preconfigured or customizable reports on organizational compliance and risk profiles, performance, and activities. These reports are generally used to understand current or historical performance, based on the data managed within the GRC solution. In their simplest variations, these automated reports replace any number of[…]

Part 7: Deployment as a Project and a Partnership

GRC Implementation Success, Part 7: Deployment as a Project and a Partnership DoubleCheck Software presents GRC Implementation Success, a guest blog series by Blue Hill Research Principal Analyst David Houlihan. This series draws on five years of Blue Hill studies in GRC in order to highlight key lessons for purchasing and implementing GRC software. Part[…]