This latest installment of the CW/OCEG GRC Illustrated Series provides readers with details on how to implement a strategic approach to operational risk strategy coupled with an integrated information and technology architecture.
Michael Rasmussen
Posted inEthics & Culture
Policy Engagement Starts With Policy Writing
Policy engagement: There is a lot to be said for how technology can make policies easier to find, social, and interactive. In fact, I have been on my soapbox proclaiming next-generation policy and training management for the past decade in which organizations deploy a portal that brings together policies, training, and related resources in one […]
Posted inUncategorized
GRC Federalist Papers: A Call to Action
Business is complex. Gone are the years of simplicity in business operations. Exponential growth and change in risk, regulations, globalization, distributed operations, processes, competitive velocity, business relationships, disruptive technology, technology, and business data encumbers organizations of all sizes. Keeping complexity and change in sync is a significant challenge for boards and executives, as well as […]
Posted inUncategorized
Measuring the Integrity of the Organization
Compliance and ethics is not the same today as it was a few years ago. The forces shaping compliance are likely to continue to influence the trajectory of compliance and ethics for years to come. In the past, compliance was distributed and disconnected. The relationship of ethics to compliance was inconsistent. Organizations may have had […]
Posted inEthics & Culture
Effective Policy Enforcement Involves Technology
I find that ineffective and unenforced policies are rampant within organizations, and are a thorn in the side of compliance and policy managers. Mismanagement of policy has grown exponentially with the proliferation of documents, collaboration software, file shares, and Websites. Organizations end up with policies scattered on dozens of sites with no defined understanding of […]
Posted inUncategorized
Policy Communication in a YouTube World
So you wrote a policy—now what? Policies are only effective if you can show that they have been communicated and understood. Having a written policy that no one knows about is just like having no policy at all. You cannot hold people accountable to a policy until you have made them aware of the policy. […]
Posted inUncategorized
Accountability and Consistency in Policy Development
In my experience, policy management processes are in disarray when operating autonomously, introducing risk in today’s complex, dynamic, and distributed business environment. The typical organization lacks a structured means of policy development and governance with an inconsistent maze of templates and processes. Inconsistency in policy management means processes, partners, employees, and systems that behave like […]
Posted inInternal Controls
Building Regulatory Intelligence
In the time it takes you to read this article your business has changed. The economic environment has changed, your employees have changed, and there are constant changes to technology, competition, and processes. Business drifts in a sea of change. One particular area of change that bears down on the organization is the siege of […]
Posted inInternal Controls
Why Do Policies Matter?
From time to time, to my surprise, I still hear people asking why policies matter. After all, they argue, aren’t the laws and regulations we have to follow enough guidance? Beyond those requirements, can’t we let managers decide how to run their own operations and have case-by-case flexibility? Don’t policies create liability when they aren’t […]