Learn from the experience of others and share your experience! blog
Have you ever asked your peers or professional colleagues what risk management or compliance tools they use? We value the ground well tread because we know that learning comes from making mistakes. How would you like to know what 1000's of your peers are saying about GRC ven
WYSIATI - Jumping to Conclusions with Limited Evidence blog
Over confidence in our ability to assess risks has led to more mistakes than we care to admit. WYSIATI - "What You See Is All There Is" describes a set of biases that prevents us from becoming better risk managers. Why is this the case? Because we jump to conclusions based on weak evidence and confuse correlation with causation.
After the deadline: a status review of the implementation of the new European cookies rules (2011) resource Articles OCEG Reviewed
As of late August, only the UK, Denmark, Estonia, Finland, Ireland, Malta and Sweden have introduced laws fully implementing the amendments contained in the revised Directive.
SAS Enterprise GRC
SAS Enterprise GRC strengthens governance and trust with systematic management of risk. It detects and helps prevent violations, allowing you to align strategy with risk appetite. The solution builds a reliable view of risk compliance, facilitates collaboration between GRC teams and reduces the cost of risk management through automation. Some Distinctive Features Include: Creates a common and integrated repository of all critical GRC components (e.g., risks, controls, policies, audits, etc.). Facilitates collaboration between various GRC teams, which will be difficult when the GRC components are in multiple systems. Reduces cost of risk management and compliance by reducing duplication of data and processes. Links all critical GRC elements, enabling you to easily visualize and assess the impact of a business decision in one part of the organization over other parts of the organization.
- IT.01 - Audit and Assurance Management
- IT.03 - Brand and Reputation Management
- IT.05 - Compliance Management
- IT.07 - Control Activity, Monitoring, and Assurance
- IT.12 - Finance/Treasury Risk Management
- IT.13 - Fraud and Corruption Detection, Prevention & Mgmt
- IT.16 - Information/IT Risk & Security
- IT.19 - Issue and Investigations Management
- IT.22 - Policy Mgmt, Communication & Training
- IT.24 - Quality Management and Monitoring
- IT.26 - Risk Management
- IT.26 - Regulatory Intelligence and Monitoring
- IT.27 - Strategy, Performance, and Business Intelligence
- A1. Identification
- D1. Detective Actions & Controls
- I1. Info Management
- M1. Context Monitoring
- P1. Proactive Actions & Controls
- R1. Responsive Actions & Controls
- A2. Analysis
- D2. Notification
- M2. Performance Monitoring
- R2. Internal Investigation
- A3. Planning
- D3. Inquiry
- I3. Technology
- P3. Policies
- R4. Crisis Response
- P7. Risk Financing
SAS Enterprise GRC
SAS Enterprise GRC strengthens governance and trust with systematic management of risk. It detects and helps prevent violations, allowing you to align strategy with risk appetite. The solution builds a reliable view of risk compliance, facilitates collaboration between GRC teams and reduces the cost of risk management through automation. Benefits Demonstrates an effective implementation of the GRC framework. Enhances the quality of decision making across the organization. Reduces the likelihood of unpleasant surprises for all stakeholders. Enhances the efficiency and effectiveness of GRC processes. Reduces risk-related losses. Reduces the risk of regulatory compliance violations. Provides more reliable assurance to stakeholders.
- IT.01 - Audit and Assurance Management
- IT.03 - Brand and Reputation Management
- IT.05 - Compliance Management
- IT.07 - Control Activity, Monitoring, and Assurance
- IT.16 - Information/IT Risk & Security
- IT.27 - Strategy, Performance, and Business Intelligence
- D1. Detective Actions & Controls
- P1. Proactive Actions & Controls
- R1. Responsive Actions & Controls
- R2. Internal Investigation
- D3. Inquiry
- P3. Policies
- R5. Remediation
- P7. Risk Financing
- (A) Assess
- (M) Measure
- (I) Interact
SAS Enterprise GRC
SAS Enterprise GRC strengthens governance and trust with systematic management of risk. It detects and helps prevent violations, allowing you to align strategy with risk appetite. The solution builds a reliable view of risk compliance, facilitates collaboration between GRC teams and reduces the cost of risk management through automation. Benefits Demonstrates an effective implementation of the GRC framework. Enhances the quality of decision making across the organization. Reduces the likelihood of unpleasant surprises for all stakeholders. Enhances the efficiency and effectiveness of GRC processes. Reduces risk-related losses. Reduces the risk of regulatory compliance violations. Provides more reliable assurance to stakeholders. How SAS® Is Different Creates a common and integrated repository of all critical GRC components (e.g., risks, controls, policies, audits, etc.). Facilitates collaboration between various GRC teams, which will be difficult when the GRC components are in multiple systems. Reduces cost of risk management and compliance by reducing duplication of data and processes. Links all critical GRC elements, enabling you to easily visualize and assess the impact of a business decision in one part of the organization over other parts of the organization.
- IT.01 - Audit and Assurance Management
- IT.03 - Brand and Reputation Management
- IT.04 - Business Continuity Management
- IT.05 - Compliance Management
- IT.07 - Control Activity, Monitoring, and Assurance
- IT.16 - Information/IT Risk & Security
- IT.22 - Policy Mgmt, Communication & Training
- IT.26 - Risk Management
- IT.26 - Regulatory Intelligence and Monitoring
- IT.27 - Strategy, Performance, and Business Intelligence
- IT.28 - 3rd Party/Vendor Risk & Compliance
- A1. Identification
- D1. Detective Actions & Controls
- I1. Info Management
- M1. Context Monitoring
- O1. Commitment
- P1. Proactive Actions & Controls
- R1. Responsive Actions & Controls
- A2. Analysis
- M2. Performance Monitoring
- O2. Roles
- P2. Codes Of Conduct
- R2. Internal Investigation
- A3. Planning
- D3. Inquiry
- I3. Technology
- M3. Systemic Improvement
- O3. Accountability
- P3. Policies
- C4. Objectives
- M4. Assurance
- R5. Remediation
- P7. Risk Financing
Basic Steps In E-discovery: Legal Hold Policies Where Information Is Within The Company, In A Cloud Or On A Social Media Site (2011) resource Articles
Introduction: This article focuses on a critical planning component: legal hold guidelines. This includes legal holds not only on data within the company but also on data held by third parties (cloud computing) and data maintained by a social media service provider.
Authors: Mark L. Austrian and Martin Krolewski, Metropolitan Corporate Counsel, April 3, 2011
E-Discovery Rules Applied to Social Media: What This Means in Practical Terms for Businesses (2011) resource Articles OCEG Reviewed
The percentage of companies using social media such as Twitter and Facebook continues to grow at a rapid rate; 65% of Fortune 500 companies had active Twitter accounts in 2010. This online presence comes with legal obligations to capture and save these communications.
Author: Michelle Sherman, The National Law Review, January 21, 2011
Interactive Guide to Electronic Discovery (Findlaw) resource Tools / Templates (Enterprise) OCEG Reviewed
Based on the Electronic Discovery Reference Model (EDRM), this tool will help develop knowledge of e-discovery practices and determine the best strategies for success with complex e-discovery issues.
FTC: Fighting Fraud with the Red Flags Rule: A How-to Guide for Business resource Agency Guidances OCEG Reviewed
The “Red Flags” Rule, in effect since January 1, 2008, requires many businesses and organizations to implement a written Identity Theft Prevention Program designed to detect the warning signs – or “red flags” – of identity theft in their day-to-day operations, take steps to prevent the crime, and mitigate the damage it inflicts. By identifying red flags in advanc
