BLOG

Driving Video Standards for Knowledge Management

March 30, 2016
Over the past year, I have been heavily researching, the best tools that would allow us, as educators, to drive our knowledge management practice capabilities and consulting practice capabilities to an entirely new level from that achieved in 2014 so that we can produce high quality ...more

Regulatory Compliance for the Small-to-Medium-sized Enterprise (SME)

March 30, 2016
Here's a LinkedIN GRC comment from Sanjay N:, "A lot of the attention is on the Compliance management problems of the larger companies but the challenge for the smaller companies with their limited staff, budgets and bandwidth is perhaps even greater. Cloud based systems probably offer some help ...more
Category: GRC for SME

Vendor / Product Assessment & Recommendations

March 30, 2016
We often assess GRC vendors and their "pure" enterprise-class GRC applications (including applications oriented towards Internal Audit and Security) using a proven process that has a number of mission-critical business objectives associated with the work.The top objectives are to reduce the risk ...more

Contextual Data Will Become Vital

March 30, 2016
I just came across Brenda Boultwood's article for GARP; "How People, Data and Conduct Will Shape Risk Management in 2015". In it she talks about context and the contextual data that concerns our ability to understand the implications of risk. This struck a cord with me because, I see Predictive ...more

PCAOB and SEC are Keeping Watch

March 30, 2016
It's amazing that after 12 years of collective experience with SOX-related audits of Internal Controls over Financial Reporting (ICFR) that companies and external auditors are struggling. Look at this factoid:   Among the Big 4, KPMG’s 46-percent audit deficiency rate follows only EY, ...more
Category: PCAOB and SEC

What comes after Executive Education?

March 30, 2016
Many of us within our GRC community often brainstorm on the best steps to take when a firm is just starting to consider investing in a GRC program initiative or system of record. Our team has seen a lot of responses to this question that range from writing a program charter to investing in a ...more

Is your Risk Assessment Approach Too Simplistic?

March 30, 2016
We just spotted this article in Coprporate Risk & Insurance’s risk magazine:   Merrill Lynch criticised by regulator for ‘simplistic’ risk management The Bank of America’s UK Merrill Lynch business has been criticised by regulators for weak risk management. The Prudential Regulation ...more

Risk Assessment Bibliography

March 30, 2016
Doug Hubbard of Hubbard Decision Research recently published a list of interesting sources (on the Society of Information Risk Analyst listserve) that he has used in his work writing on various risk assessment methods and tools. I thought that you might find this list to be of interest. Doug's ...more

Requirements-driven Knowledge Management

March 30, 2016
We recently came across the International Atomic Energy Agency's (https://www.iaea.org/) definition of knowledge management (KM). We wanted to share this with you to get your take on it and compare and contrast your own definition with it. We'd like to get your input. Following is our own take ...more

Group Decision-Making

March 30, 2016
We recently had a question about our suggested approach to group decision-making. We thought that our response might be of interest to our community. The participants that come into complex decision brainstorming session, are told that a rational or best choice is that choice that best meets ...more