A Frame of Reference for Research of Integrated Governance, Risk, and Compliance (GRC) resource Research / Studies Member contribution
This research paper was presented at the 11th IFIP TC 6/TC 11 International Conference for Communications and Multimedia Security in Linz, Vienna. It provides a scientifically derived short-definition of GRC and a frame of reference for research of integrated GRC.
Board Matters Quarterly, July 2007 Issue resource Books / Publications OCEG Reviewed
An Ernst & Young publication.
This issue is dedicated to Continuing Education.
CARNIVAL GRC ACHIEVEMENT AWARD 2010 PRESENTATION resource Presentation Slides OCEG Reviewed
A presentation of the project for which Carnival won a 2010 OCEG GRC ACHIEVEMENT AWARD.
GRC in Chile - New Challenges blog
MIRAGroup Chile is in charge of development EGRC Concepts in multiples industries in this country. Our first purposes is help companies to understand this new way to manage Risk, Governance and Compliance as an integrated process.
OCEG One Minute Poll: GRC Charter December 2010 resource OMP - One Minute Poll OCEG Reviewed
A short survey of the OCEG membership about the value of a GRC Charter.
Operational Risk Management – Key Shifts Required to Rise to the Challenge blog
By Brian Barnier, OCEG Fellow
Regulatory Intelligence by Michael Rasmussen: an Axentis Thought Leadership White Paper resource White Papers Member contributionOCEG Reviewed
"The old paradigm of regulatory change management is clearly a recipe for disaster given the volume, pace of change
SAI Global GRC Software
SAI Global’s GRC Platform provides a flexible software solution to manage and profile risks, compliance obligations, incidents and cases, policies, and learning across the organization. Specific applications include configurations for environmental, health and safety use and for bribery and corruption risk management. A full utilization of SAI Global's software enables integration with SAI Global's Learning & Communication Platform and a single view across highly decentralized global operations. This inevitably results in better use of human capital, reduced costs, increased transparency and improved business results. A partial list of solution components, deployable as standalone elements or integrated, include risk assessment and profiling; obligations management; case and incident management; policy management; registries to manage gifts, hospitality, entertainment, facilitation payments and conflicts of interests; audit management; integration with hotline; and a fully configurable GRC Dashboard that integrates with learning and communication.
- IT.02 - Board and Entity Management
- IT.05 - Compliance Management
- IT.11 - Environmental, Health, and Safety
- IT.14 - Global Trade Compliance/International Dealings
- IT.15 - Hotline/Helpline
- IT.19 - Issue and Investigations Management
- IT.22 - Policy Mgmt, Communication & Training
- IT.23 - Privacy Management
- IT.26 - Risk Management
- IT.26 - Regulatory Intelligence and Monitoring
- IT.28 - 3rd Party/Vendor Risk & Compliance
- (C) Context
- M1. Context Monitoring
- P1. Proactive Actions & Controls
- R1. Responsive Actions & Controls
- D2. Notification
- M2. Performance Monitoring
- P2. Codes Of Conduct
- R2. Internal Investigation
- D3. Inquiry
- P3. Policies
- R3. 3rd Party Inquiry & Investigation
- M4. Assurance
- P4. Education
- (O) Organize
- (A) Assess
- (I) Interact
SEC (finally) Articluates Corporate Cooperation Criteria blog
In a recent litigation release, the SEC explains the resolution of a Reg FD matter. For the first time ever (at least in my memory), the SEC chose to charge the individual vs. the company AND the individual.
