Is Your TPRM A Weak Link In Your Continuity and Cyber Risk Plans?

All too often when we think of business continuity planning, we think of detailed checklists and tabletop tests, and situations approaching disaster recovery scenarios. We think of key suppliers and residual power supplies, and more. America’s current novel coronavirus situation has many of us finding ourselves facing periods of varying lengths where we will be[…]

Integrating Audit and Cyber Risk Management Processes to Address AI Risks

Audit and risk management are really two perspectives or “flavors” of the same measurement and inspection processes. In blogs of October and November 2018, I’ve discussed some of the key aspects of these processes and offered some arguments for the benefit of their integration to offer executive management a sharper picture of their true risk[…]

Third Party Risk Management (TPRM) Made Simple

Over the past several articles I’ve gone into some depth about TPRM; why it’s a critical part of managing cyber risk, how to integrate TPRM into your enterprise risk program, and the importance of assessment and governance to the overall effort. In doing so it’s possible this focus has created the impression that TPRM is[…]

Why Vendor Management Is Critical To Cyber Risk and Security

Where We Were Diligence mattered, but was relatively straightforward. Not long ago the vendors, suppliers, and other 3rd parties your business engaged with were discreet, independent service or material providers of one sort or another.  You communicated by phone, fax, written correspondence or maybe email or EDI. For the most part data flows were simple.[…]

How GRC Platforms Enable Effective Board-Level Reporting

Our last discussion talked about how to present cyber and related risk information to your Board of Directors in a relevant and meaningful manner. Here we’ll explore how a GRC software platform can help organize and structure risk data from multiple sources necessary to perform this analysis to support such meaningful Board level reporting. And[…]

Addressing the Right Cyber Risk…. An Example

Recently there was a malware attack discovered. “So?”, you might ask?  “There’s always a malware attack of some sort or another being identified, reported and measured for its scope and impact.”  Well, this one was unique in several ways: First, it seemed to target Mac OS, which is a rarity for technical (its UNIX roots)[…]

Exploring Risk Management software: What Separates the Good from the Great – A User’s Perspective

Choosing a risk management platform is an important process.  First, and foremost, companies often think this software must reflect the priorities, practices, and processes of your current operating risk management processes— “model what we do and how we do it”, so to speak.  This can be a fundamental, strategic error. If you are in the[…]

The Evolution Of GRC As Compliance And Risk Management Become More Complex

The core functionality of GRC has evolved in response to the need for a standardized and centralized data and process management structure supporting compliance and risk management functions in light of increasing complexity in both activities. As GRC further evolves into an enterprise platform, these capabilities cease to be solution differentiators, although they are no[…]

The Configurability of Workflows With GRC

The Configurability of Workflow In some cases, these capabilities represent very basic, generic understandings of a workflow in the abstract that do not match the specific processes of the organization in question. Even in tools focused on a specific function or application of GRC, the workflows used by the solution may not match the individual[…]

A Director’s View Of Risk: Opportunities For True Enterprise GRC

The increased complexity and stakes of risk and compliance have resulted in strengthened demand for an understanding of the risks that face an organization. While this raises the profile of compliance and risk management with corporate leadership, it also presents new challenges. Few directors or senior executives outside of risk and compliance management have in-depth[…]

Top