Entries by Sarah Nord

Voir Dire: Speak the Truth

In jury selection, the prosecution and defense ask tough questions not because they want to embarrass people. They simply want to find 12 jurors best suited for the case. And so it goes in GRC consulting. We must ask difficult questions of our clients and ourselves. We must speak the truth in our answers. And we must be willing to accept the truth (even the hard truth) from our colleagues. That’s how we bring value to our engagements and continue to improve ourselves.

Innovations in Audit and Operations

At Onspring Connect 2018, client presenters from 16 companies shared their creative uses of the Onspring platform to solve business challenges in internal audit, vendor management, risk assessment, internal controls and business operations. But only one of these organizations would go home with the coveted Innovation Award…or so we thought.

Don’t Lose Sight of Your Findings

Whether it’s an audit recommendation, a failed control test, an incident report or a third-party weakness, the risk of the “vanishing issue” is real. To get to the root of the problem, it’s important to understand why an issue may get lost.

5 Ways to Design Better Dashboards

We’ve probably all had similar experiences. We’ve gone off in search of information, only to be confronted with too much data in a difficult format, not personalized to our needs. But here’s the good news: dashboard technologies like Onspring are designed to solve this very problem. In a nutshell, dashboards help to make the complex understandable, the details digestible. But before we get carried away with dashboards, remember that they can seriously miss the mark if we don’t consider their purpose, audience and content.

How to Build Your Risk Register

One term you’ll hear while standing around the water cooler with a bunch of risk management professionals (don’t we all?) is risk register. The basic definition is simple: A repository of all risks that could impact a project, a legal entity or an entire enterprise. But when you get beyond the basic definition, you’ll find plenty of variation in the details. To gain a better understand of what a risk register is, why it exists and what information it should contain, I interviewed Evan Stos, a GRC consultant who has helped more than 60 Fortune 500 companies gain control of audit, risk, compliance and information security processes. Here are a few insights from our conversation.

Transforming GRC (and Other Tales from the Trade Show Floor)

After a week at RSA Conference, talking with current and prospective clients and demoing our GRC solutions, I’m looking forward to a quiet day back at the office. But I also feel really good about what happened this week. We had many excellent conversations with people who are eager for next-generation technology and fresh ways to solve problems. I can’t tell you how many times we heard people say, “I’m looking for something new.”

No-Code Development: A Big Deal for Our Business

This same type of transformation is happening in the world of business applications. Custom-coded point solutions are giving way to a new generation of no-code platforms that allow business users to configure and manage their own applications. As TechRepublic explains, “No-code platforms are helping businesses more quickly create custom solutions for day-to-day problems and diversify who is able to build apps.”

How to Onboard a New Internal Auditor

Internal Audit is a field for people who love to learn, and there’s plenty of good information on the web for practitioners who want to advance their careers. But what about the folks who are entirely new to the profession? How do they begin to swim in a vast sea of professional guidance?

The Working Wisdom of Winston Churchill

As I typically do when obsession strikes me, I began Googling Churchill to learn more. My search led me to “50 Sir Winston Churchill Quotes to Live By,” published by BBC America. It’s a goldmine of insight for our personal and professional lives. Here are a few of the quotes that struck me as particularly relevant for us “working-folk.”