Business continuity management (BCM) is on the rise but is it maturing? In a recent OCEG poll, more than 75% of respondents indicated that their organization has a formal program for BCM, but answers to other questions in the poll might indicate that it isn’t really being taken seriously.
“It’s common to see billion dollar fines instead of million dollar fines.” A scary but real fact in regulatory compliance enforcement. Andrew Neblett, SVP, Thomson Reuters discusses these issues in the Tech Talk video interview “Regulatory Monitoring and Intelligence.”
I’ve been getting a lot of questions lately about the GRC Professional Certification and the companion GRC Audit Certification. So, I thought I’d tackle them all at once.
Here we go:
1. What is a GRC Professional?
An individual that spends substantial time helping an organization achieve principled performance by leading, planning, performing, enabling, integrating or auditing governance, performance management, risk management, internal control, compliance or ethics activities.
2. What is the GRC Professional Certification?
GRC Professional (GRCP) certification is the only credential that ensures understanding of the OCEG GRC Capability Model (Red Book). OCEG’s Red Book is the only true GRC capability model — and it is independent of a specific profession or vendor solution.
I was an environmental lawyer in private practice back in the day, and during the 20 years I had that job I served dozens of in-house legal departments that made important contributions to governance, risk management and compliance (GRC) in their companies. As I worked environmental due diligence for acquisitions, or advised on the regulatory impact of changes in manufacturing operations, or conducted assessments of compliance programs, I saw firsthand the significant role that Legal has in GRC, both as an adviser and as a conduit of information that is critical to the strategic leaders of the organization.
Big data is transforming the world of governance, risk management, and compliance (GRC). In the Tech Talk video interview Big Data and GRC, Bruce McCauig, Director of Solution Marketing for SAP, shares thoughtful stories from his experience as a chief auditor, global consultant, and board member. He also talks about exciting big data technology solutions from SAP.
My colleagues at Littler and I have seen organizations that believe compliance investigations are a “one off” activity. They mistakenly believe that as soon as they make a policy change or terminate the problem, employees will stop complaining, the investigations will come to an end and the business can return to “normal.” Organizations and mangers with this mindset are wrong for three reasons.
I often say that organizations have been engaged in governance, risk management and compliance in one way or another, since the beginning of society. Over the past 10 – 15 years, with the onset of the concept of GRC as integrated capabilities that drive Principled Performance, the structures and processes to drive these activities have matured. And, at the same time, the availability of technologies to support these efforts has grown at an exponential rate.
Governance, risk management, and compliance (GRC) technology can provide big benefits to your organization. What can you expect and where do you start?
If you have any familiarity at all with internal control concepts, you probably have an understanding of the traditional designations of preventive, detective and corrective controls that relate to discouraging, finding, or correcting errors and irregularities. In the modern business world, I submit that this approach to internal control is simply not enough, and both the names for these groups of controls and the definitions of them must evolve.
The career path for executives, managers and team members in GRC is expanding faster than ever before. Just a few years ago it looked like a meandering unpaved trail, and today it more resembles a multi-lane super highway. The skills and knowledge you need to perform as a contributing member of a modern GRC team have matured.