A World-Class Enterprise Risk Management (ERM) or Governance, Risk and Compliance (GRC) program offers numerous benefits to organizations of all sizes and across various industries. Here are 20 key elements needed for the creation of an efficient, effective, and successful program: 1. Mission Statement Purposeful connection of strategy and tactics 2. Framework – Part A[…]
One acronym after another. An ice cream headache, for sure, trying to understand the similarities, differences and connectivity between all these terms. You need to do it, however. Simplify, simplify, simplify. Break it down and truly comprehend everything. Get ready for the proverbial elevator speech, if the need for one materializes. Toward that goal, here[…]
Third Party Risk Management (TPRM) is more than just management of a group or category of business relationships. It is a program unto itself with its own unique characteristics and methods. Too often, TPRM is viewed and undertaken as a procurement process subset. That can lead to a collection of discrete transactions managed on a[…]
The modern battlefield has a new extension—cyberspace! And the modern battlefield is no longer confined to simple geographies of land masses, airspace, oceans, valleys and mountains. Better (more destructive) bombs, missiles, rockets, guns, and fighter aircraft, weren’t enough for us feisty humans. Just as the global economy has blurred once sharply defined geographical and economic[…]
As we enter another year of challenges to business, to cyber-survival, and to living in a time where past norms of operation seem more historical than current, one is left to question what is important, and within that set, what is feasible now? There are many voices aloft across social media channels, news channels, thought[…]
Over the years I’ve written about many possible cyber risks, their potential impacts upon companies, their stakeholders, clients, and associates. We’ve talked about third party risk (TPRM) and associated measures to be taken to protect, detect, remediate, and respond. Well, recently one of these events struck home, literally, and the scenario, as described to me[…]
Summertime, and the living is, once again, easy—sort of. Just a few summers ago these were the days of occasional remote work, long weekends, holidays, vacations, and for some companies, shortened “summer hours”. As our work routines have made the separation of office, work, and personal time a fluid continuum, our risk perimeter and footprint[…]
There are lessons to be learned from the Colonial Pipeline ransomware attack. Panic is not one of them—it will yield no improvement nor progress for any situation. The event does strongly highlight how much more attention we need to pay to cyber risk now than past efforts demonstrate. The details of this ransomware incident are[…]
Some Risk Managers rely upon reported findings from internal risk assessments as the primary source of risk data in their Third Party Risk Management (TPRM) programs. Too often this approach generalizes over time from a primary to an exclusive source. That’s a missed opportunity to leverage value from other contributors to your operations, by incorporating[…]
This month, I’m going to depart a bit from the independent discussions of IT risk and cybersecurity to explore some of the specific ways this blog’s host, DoubleCheck Software, provides tools, resources, and value to companies working to manage their supply chain and partner risk—TPRM (Third Party Risk Management). The DoubleCheck GRC offers a platform[…]