The Ponemon Institute, which I have previously referred to in my posts as the publisher of reports o...
Practitioner & Thought Leader, Internal Audit / Risk Management / GRC
February 17, 2017
A risk register makes you feel good. It makes you feel you have accomplished something, a list of ri...
February 2, 2017
Questions for board members to address.
January 3, 2017
We should address risk because of its potential effect on the achievement of enterprise objectives.
December 2, 2016
Risk needs to be expressed in terms of the potential for a breach to affect the achievement of the ...
November 8, 2016
The management of risk, whether you call it enterprise risk management, strategic risk management, o...
October 27, 2016
People violate their organization’s code of ethics for all kinds of reasons. While there are some ...
October 18, 2016
GRC is defined by OCEG, repeated in the section above, as “a harmonized set of capabilities that e...
October 5, 2016
More Thoughts on Wells Fargo Case.
September 26, 2016
It’s not just that staff at Wells Fargo “opened an estimated 1.5 million deposit accounts and ap...
September 14, 2016