Enterprise Compliance Today

Greg Carroll

Greg has established his credentials in ERM and Compliance Management both as a director of Fast Track Enterprise Risk & Compliance Software, working with the likes of Motorola, Fosters and Serco, and in his 2013 book "Mastering 21st century Enterprise Risk Management". Greg regularly publishes articles on all matters around Governance, Risk and Compliance, at www.fasttrack365.com/blog
Find me on:

Recent Posts

Citibank vs Berkshire Hathaway – The Power of Ethics in Governance

Posted by Greg Carroll on Tue, May 12, 2015 @ 01:27 PM

Maybe "Greed is Good" but with a 300% increase in Shareholder Value Berkshire Hathaway proves Ethics pays better!  But if Ethics pays, the traditional "zero tolerance" preach & penalize awareness training approach won't get you there, nuturing will.


Read More

Tags: corporate governance, shareholder value, ethics

21 Best Practices in Workflow Management

Posted by Greg Carroll on Wed, Apr 22, 2015 @ 09:13 PM

Return of Investment (ROI) does not come for automating a process but from using it to add value.  Value adding comes from targeting time and resources, risk based thinking, and Business Intelligence where they can deliver the greatest benefit to achieving the organisation’s strategic goals.   

Read More

Tags: Best practices, Quality Management, Innovation, project management

Definition of Resilience - #VanuatuStillSmiles

Posted by Greg Carroll on Sat, Apr 11, 2015 @ 11:42 AM

When stripped naked, Resilience is about strength of character and speed of recovery.  Vanuatu has shown both in spades with the succinct #VanuatuStillSmiles.

Read More

Tags: Resilience

Why is it so hard to integrate risk appetite in an organisation?

Posted by Greg Carroll on Thu, Mar 19, 2015 @ 12:23 PM

Risk Appetite is such a simple concept that everyone thinks they know but invariably misunderstand. COSO and other regulatory requirements for boards to issue a Risk Appetite Statement has led to a belief a business has an overarching level of risk tolerance. Personally I don’t believe these Risk Appetite Statements add any value but regulators are regulators.

Read More

Tags: corporate governance, decision making, risk tolerance, risk culture, risk management

Strategic Management: How to turn a Strategic Plan into Results

Posted by Greg Carroll on Thu, Mar 05, 2015 @ 07:30 AM

Corporate objectives are not the “bulls eye” of strategic planning they're just the dartboard.  Boards are assessed by the quality of their Results not the quality of their Objectives.

Read More

Tags: corporate governance, Strategic Management, risk management

Time to Revise the ISO 31000 Risk Management Standard

Posted by Greg Carroll on Thu, Feb 19, 2015 @ 09:00 AM

With the recent release of a new British standard BS 65000 on Organisational Resilience, and COSO’s announcement of a review of its 2001 COSO ERM framework, I believe that business is moving ahead of ISO 31000 as a necessary response the evolving business environment and accelerating rate of technical change; therefore there is a strong case for a taking a fresh look at ISO 31000.   

Read More

Tags: risk management, Resilience, risk identification

Resilience - The Evolution of Risk Management

Posted by Greg Carroll on Thu, Feb 05, 2015 @ 09:27 AM

In the last decade we have seen the evolution of Risk Management from an administrative practice to ERM for corporate governance.  But the realization that results come out of action not protection, has started people pursuing a more proactive role for risk management.   

Read More

Tags: risk management, Resilience, risk identification

The Risk Outlook for 2015

Posted by Greg Carroll on Thu, Jan 22, 2015 @ 08:51 AM

It is customary at this time of year for most risk professionals to step back and take a broader look at the risk landscape ahead for the coming year. The normal starting point is the “think-tank” assessments of Global Risks such as Zurich Risk Landscape 2007-2015 and the WEF’s 2015 Global Risk Report.  And Global Warming is at the top of most experts’ lists.

Read More

Tags: risk identification, risk management, Resilience

COSO ERM Review - 9 Point Plan to Integrate ISO 31000

Posted by Greg Carroll on Fri, Jan 09, 2015 @ 09:09 AM

COSO has announced its intention to review its 2004 ERM Framework and has already started soliciting feedback.  Broadly panned by the Risk fraternity, I believe it can provide a valuable contribution to the GRC landscape. Although I expect critics from both sides (COSO & ISO 31000), here are my recommendations.

Read More

Tags: corporate governance, Resilience, risk management

PDCA is NOT Best Practice

Posted by Greg Carroll on Fri, Nov 14, 2014 @ 01:30 PM

There is a gaggle of Management Consultants pushing the 20th century mantra of Good Management Practice as a panacea to all the ill of today’s business environment. The key plank in most of these methodologies is that old chestnut “the PDCA cycle” for Continuous Improvement. If your consultant wears this as a badge, run a mile!

Read More

Tags: Best practices, corporate governance, iso 55000, Quality Management, project management, risk management