Enterprise Compliance Today

Risk 2018 and the missed opportunities of 2017

Posted by Greg Carroll on Wed, Jan 17, 2018 @ 08:35 PM

In my 2013 book "Mastering 21st Century Enterprise Risk Management" I quipped “just as the Wild West of the 1890's had disappeared without trace by the Roaring 1920s, so too will the business world of the 1990s, be long forgotten by the 2020s”.  Just 5 years on and not only has the world changed emphatically but the rate of change is accelerating.

Read More

Tags: corporate governance, risk management, Innovation, decision making

Why most ERM systems don't work

Posted by Greg Carroll on Mon, Dec 04, 2017 @ 07:59 PM

So why don’t most Enterprise Risk Management system work?  Simply, they don’t “manage” risk, they just record it.  Manage is a verb not a noun. It is activity not an item.  Making a list might be adequate for those who want to check off regulatory compliance, but it’s does not produce a ROI.

Read More

Tags: corporate governance, risk management, risk aggregation

Understanding the Governance part of GRC Systems

Posted by Greg Carroll on Sat, Apr 29, 2017 @ 03:51 PM

Unfortunately, there seems to be a lack of understanding of what GRC really is.  Contrary to popular belief GRC is NOT ERM, but 3 separate disciplines Governance, Risk and Compliance. Here I look at the neglected Governance component.

Read More

Tags: corporate governance, Compliance Management, risk management, Strategic Management, grc systems

What is GRC and why use compliance management software?

Posted by Greg Carroll on Mon, Apr 17, 2017 @ 02:31 PM

When starting out on the Compliance Management journey, understanding the alphabet soup of acronyms can be confusing.  Here we try to explain the terms, what needs to be done, and need for compliance management software in the process.

Read More

Tags: corporate governance, Compliance Management, risk management

What Donald Trump’s win tells us about Decision Bias

Posted by Greg Carroll on Sat, Nov 12, 2016 @ 09:36 AM

Just like the Brexit win 2 months ago, Donald Trump’s election as US President beggars belief but has some valuable lessons to learn from both a Risk Management and corporate governance perceptive.

Read More

Tags: corporate governance, risk management, risk identification, decision making

How to reduce Security Risk when moving to Cloud Computing

Posted by Greg Carroll on Wed, Nov 02, 2016 @ 10:51 AM

In my last article “Is Cloud based Risk Management worth the Risk?” I confirmed cloud solutions can be the right and effective solution given that you do the appropriate due diligence on being fit-for-purpose.  If a cloud solution is appropriate, that’s any application not just risk and compliance, then how can you minimise your internet infrastructure risk?

Read More

Tags: risk management, project management, cyber risk

Is Cloud based Risk Management worth the Risk

Posted by Greg Carroll on Tue, Oct 25, 2016 @ 10:09 AM

Last week’s simultaneous DDoS cyber-attack on major US websites from Twitter to New York Times, exposed the serious vulnerability for those with cloud based Risk & Compliance solutions. It looks like some people may be cutting off the branch they are sitting on!

Read More

Tags: corporate governance, risk management, cyber risk

How to make Audit Management Effective

Posted by Greg Carroll on Mon, Jul 25, 2016 @ 10:00 AM

Effectiveness is the holy grail of Compliance Management.  Whether regulatory or ERM, ensuring business is conducted as intended is the base requirement to optimising your organization’s performance.
Read More

Tags: Best practices, Compliance Management, risk management, Quality Management, Compliance Audit

Brexit and the failure of ERM

Posted by Greg Carroll on Mon, Jun 27, 2016 @ 02:27 PM

I have often written on my view that there is an over emphasis these days on Black Swans in risk management. The Brexit vote on Thursday not only shot shockwaves through financial markets but has created a whole new paradigm to world economic stability both short and long term.  And if Risk is defined as uncertainty then as of today, this must be one of our greatest risks.

Read More

Tags: corporate governance, risk management, risk identification

Demystifying Risk – Life vs Death

Posted by Greg Carroll on Sat, Jun 25, 2016 @ 07:22 AM

Risk management is suffering from too much consultant-speak – mystifying what is a standard business practice. When inducting new staff in the concepts of risk management, I use the most obvious analogy which clarifies the issues simply: that of our own mortality.

Read More

Tags: corporate governance, risk management