It is easy to say that risk management should be embedded into business processes such as strategic ...
Practitioner & Thought Leader, Internal Audit / Risk Management / GRC
March 17, 2017
The Ponemon Institute, which I have previously referred to in my posts as the publisher of reports o...
February 17, 2017
A risk register makes you feel good. It makes you feel you have accomplished something, a list of ri...
February 2, 2017
Questions for board members to address.
January 3, 2017
We should address risk because of its potential effect on the achievement of enterprise objectives.
December 2, 2016
Risk needs to be expressed in terms of the potential for a breach to affect the achievement of the ...
November 8, 2016
The management of risk, whether you call it enterprise risk management, strategic risk management, o...
October 27, 2016
People violate their organization’s code of ethics for all kinds of reasons. While there are some ...
October 18, 2016
GRC is defined by OCEG, repeated in the section above, as “a harmonized set of capabilities that e...
October 5, 2016
More Thoughts on Wells Fargo Case.
September 26, 2016