Recent Stories

Dead Rats And GRC

Dead Rats And GRC

Sometimes in the governance, risk, and compliance (GRC) world, we lose sight of the big picture and the real business issues and fall back on jargon and technical terms….
man analzed GRC on tablet

A Strategic Solution For The Disintegration Of GRC

Forgive me for being a little abstract and conceptual, but I believe governance, risk, and compliance (GRC) is rapidly disintegrating. Fragmentation of GRC Stick an adjective in front of the word “risk” and a new silo is established (privacy…
Does The Super Bowl Need SOX?

Does The Super Bowl Need SOX?

Here we go again. Deflated footballs. A major compliance failure. Management deniability. Mysterious circumstances. Loss of public confidence. Blatant wrongdoing. A few years ago, the business world…
Why Speed Matters To GRC

Why Speed Matters To GRC

About five years ago, I was sitting beside a pool in Palm Springs while on a winter vacation when my phone rang. It was one of…
Everything I Know About Key Risk Indicators I Learned In Middle School

Everything I Know About Key Risk Indicators I Learned In Middle School

A number of years ago, while living near Houston, Texas and working for a major oil company as an audit director, I joined the local volunteer fire department…
dead rat

Dead Rats In Risk Management

It seems that almost every day I read blogs or articles in professional journals lamenting the fact that business executives aren’t supporting risk management initiatives in their business or not consuming the reports and conclusions of their risk…
GRC quiz

Dead Rats And GRC

GRC Quiz: Please select the best answer: 1. A flight attendant in a commercial airliner notices smoke coming from the stove in the rear galley. He is trained to: a. Immediately contact the pilot and report a “material…
GRC Strategy Quadrant: Understanding Type D Risks

GRC Strategy Quadrant: Understanding Type D Risks

There’s nothing new about classifying risks by category – strategic risk, operational risk, and so on. But I’m suggesting the strategy for managing risks is dramatically different for each section…
GRC Strategy Quadrant: Understanding Type C Risks

GRC Strategy Quadrant: Understanding Type C Risks

There’s nothing new about classifying risks by category – strategic risk, operational risk, and so on. But I’m suggesting the strategy for managing risks is dramatically…
key in a lock representing the grc strategy quadrant

GRC Strategy Quadrant: Understanding Type B Risks

In a recent blog, I illustrated a GRC Strategy Quadrant that I think can be used to tailor risk management strategies to different types of risks. A better way to classify risks There’s nothing new about classifying risks…