Articles
Tag: it grc
-
Enterprise Risk Management and the Internal Audit Plan
One of internal audit's values is to tell management when the controls to manage risks and assure opportunities aren't working.
Continue reading...
-
How Do We Fix Risk Management?
Instead of risk management, can we think of it as success management or effective management? Because that's what it is.
Continue reading...
-
The Risk of Excessive Red Tape
Practitioners need to have the courage to stimulate management to remove controls and other procedures that cost more than they are worth.
Continue reading...
-
Risk Management and Cloud Computing: Two Approaches
Any discussions of IT-related risk should start with an understanding of the organization's business objectives and go from there.
Continue reading...
-
Exploring the Positive Side of Risk
Pretty much every situation has several potential outcomes — some positive, some negative. Focusing only on the latter doesn't make business sense.
Continue reading...
-
Here's Where to Start With Your Information Security Program
How do you prioritize data protection at a time of evaporating perimeters, widespread data access, and the misguided idea that “more is better” with data?
Continue reading...
-
How Risk Management Can Build Credibility With Management
ERM wants a seat at the management table. What do risk practitioners need to do to make this happen? And should that really be their goal?
Continue reading...
-
Revitalizing Risk Management Through a Changed Reporting Structure
Would a change in reporting structure revitalize and give new energy to a risk management function and practice?
Continue reading...
-
Assessing and Addressing Technology Risk
Any technology risk assessment should be made in terms of the potential effect on the business, not any effect on IT assets or goals.
Continue reading...
-
Is It Time We Retire the GRC Acronym?
Instead of using GRC, should we instead focus on what people are responsible for rather than tagging them with an expression that signifies nothing?
Continue reading...
-
Is Agile Auditing the Latest Fad or a Really Great Practice?
If your organization is practicing agile internal auditing, is it practicing big A Agile or little a agile? Because there's a big difference between the two.
Continue reading...
-
The GDPR Consequences We Haven't Talked About
The pandemic has inevitably caused both individuals and companies to alter or check their normal security and data protection practices.
Continue reading...
-
Should We Abandon Risk Assessment, Risk Management and Risk Appetite?
More people are recognizing that managing or mitigating a list of risks is not effective, nor of much value beyond compliance.
Continue reading...
-
Another Look at Risk Appetite
If you are developing a risk appetite statement, don’t do it to comply with regulations — do it so it means something.
Continue reading...
