In my 2013 book "Mastering 21st Century Enterprise Risk Management" I prophetically stated “just as the Wild West of the 1890's had disappeared without trace by the Roaring 1920s, so too will the business world of the 1990s, be long forgotten by the 2020s”. Just 5 years on and not only has the world changed emphatically but the rate of change is accelerating..
Enterprise Compliance Today
So why don’t most Enterprise Risk Management system work? Simply, they don’t “manage” risk, they just record it. Manage is a verb not a noun. It is activity not an item. Making a list might be adequate for those who want to check off regulatory compliance, but it’s does not produce a ROI.
Unfortunately, there seems to be a lack of understanding of what GRC really is. Contrary to popular belief GRC is NOT ERM, but 3 separate disciplines Governance, Risk and Compliance. Here I look at the neglected Governance component.
When starting out on the Compliance Management journey, understanding the alphabet soup of acronyms can be confusing. Here we try to explain the terms, what needs to be done, and need for compliance management software in the process.
The benefits of SharePoint as a content management system and information portal tool are indisputable. With great search functionality and user definable portal pages SharePoint is now the leading Content Management solution chosen by most IT departments.
But what if your business demands strict document controls protocols, not just because it’s good practice but life depends on it? Unfortunately there is generally a poor appreciation by IT departments of the importance of document control in mission critical business.
Just like the Brexit win 2 months ago, Donald Trump’s election as US President beggars belief but has some valuable lessons to learn from both a Risk Management and corporate governance perceptive.
In my last article “Is Cloud based Risk Management worth the Risk?” I confirmed cloud solutions can be the right and effective solution given that you do the appropriate due diligence on being fit-for-purpose. If a cloud solution is appropriate, that’s any application not just risk and compliance, then how can you minimise your internet infrastructure risk?
Last week’s simultaneous DDoS cyber-attack on major US websites from Twitter to New York Times, exposed the serious vulnerability for those with cloud based Risk & Compliance solutions. It looks like some people may be cutting off the branch they are sitting on!
It is not uncommon for laboratories to be saddled with maintaining both ISO 17025 and ISO 9001 certification. Although it is simpler to create and implement two QMS – and to "merge" those activities which can be merged – this approach is arduous, inefficient, and prone to mistakes.