PCAOB and SEC are Keeping Watch

March 30, 2016
It's amazing that after 12 years of collective experience with SOX-related audits of Internal Controls over Financial Reporting (ICFR) that companies and external auditors are struggling. Look at this factoid:   Among the Big 4, KPMG’s 46-percent audit deficiency rate follows only EY, ...more
Category: PCAOB and SEC

What comes after Executive Education?

March 30, 2016
Many of us within our GRC community often brainstorm on the best steps to take when a firm is just starting to consider investing in a GRC program initiative or system of record. Our team has seen a lot of responses to this question that range from writing a program charter to investing in a ...more

Is your Risk Assessment Approach Too Simplistic?

March 30, 2016
We just spotted this article in Coprporate Risk & Insurance’s risk magazine:   Merrill Lynch criticised by regulator for ‘simplistic’ risk management The Bank of America’s UK Merrill Lynch business has been criticised by regulators for weak risk management. The Prudential Regulation ...more

Risk Assessment Bibliography

March 30, 2016
Doug Hubbard of Hubbard Decision Research recently published a list of interesting sources (on the Society of Information Risk Analyst listserve) that he has used in his work writing on various risk assessment methods and tools. I thought that you might find this list to be of interest. Doug's ...more

Requirements-driven Knowledge Management

March 30, 2016
We recently came across the International Atomic Energy Agency's ( definition of knowledge management (KM). We wanted to share this with you to get your take on it and compare and contrast your own definition with it. We'd like to get your input. Following is our own take ...more

Group Decision-Making

March 30, 2016
We recently had a question about our suggested approach to group decision-making. We thought that our response might be of interest to our community. The participants that come into complex decision brainstorming session, are told that a rational or best choice is that choice that best meets ...more

Are You Ready for the ISO Standard on Compliance Management?

March 30, 2016
 The new ISO standard 19600 should get your attention. Its the impetus, or motivating factor, that is as compelling to companies on the fence about whether they are interested in investing in a company-wide GRC initiative as Sarbanes Oxley was for publicly traded companies (listed on US ...more
Category: ISO 19600

Governance Execution Framework™ (GEF™)

March 30, 2016
The Governance Execution Framework™ (GEF™) is a solution set that addresses GRC in both financial and operational contexts and at 5 levels of governance from the boardroom to internal audit. It enables companies to apply structured problem solving methods such as ...more

The Reengineering of Risk Assessment

March 30, 2016
It's amazing how often we come across companies that are spending millions of dollars having their employees rate risks using ordinal or Likert scales within a commercially purchased tool or in a home-grown spreadsheet or Word document. This needs to stop and it needs to stop fast! Shareholder ...more

GRC Brain Trust

March 29, 2016
This BLOG is to tell you about our global GRC Brain Trust. The “Trust” is an extension to our GRCme University and it consists of the following 3 Member constituencies:         GRC Service Providers          GRC Product ...more