In jury selection, the prosecution and defense ask tough questions not because they want to embarrass people. They simply want to find 12 jurors best suited for the case. And so it goes in GRC consulting. We must ask difficult questions of our clients and ourselves. We must speak the truth in our answers. And we must be willing to accept the truth (even the hard truth) from our colleagues. That’s how we bring value to our engagements and continue to improve ourselves.
About Sarah Nord
As director of learning services for Onspring, Sarah is responsible for content and programs that help clients realize maximum value from our no-code platform. She's also a regular contributor to the Onspring blog.
Entries by Sarah Nord
At Onspring Connect 2018, client presenters from 16 companies shared their creative uses of the Onspring platform to solve business challenges in internal audit, vendor management, risk assessment, internal controls and business operations. But only one of these organizations would go home with the coveted Innovation Award…or so we thought.
Whether it’s an audit recommendation, a failed control test, an incident report or a third-party weakness, the risk of the “vanishing issue” is real. To get to the root of the problem, it’s important to understand why an issue may get lost.
We’ve probably all had similar experiences. We’ve gone off in search of information, only to be confronted with too much data in a difficult format, not personalized to our needs. But here’s the good news: dashboard technologies like Onspring are designed to solve this very problem. In a nutshell, dashboards help to make the complex understandable, the details digestible. But before we get carried away with dashboards, remember that they can seriously miss the mark if we don’t consider their purpose, audience and content.
One term you’ll hear while standing around the water cooler with a bunch of risk management professionals (don’t we all?) is risk register. The basic definition is simple: A repository of all risks that could impact a project, a legal entity or an entire enterprise. But when you get beyond the basic definition, you’ll find plenty of variation in the details. To gain a better understand of what a risk register is, why it exists and what information it should contain, I interviewed Evan Stos, a GRC consultant who has helped more than 60 Fortune 500 companies gain control of audit, risk, compliance and information security processes. Here are a few insights from our conversation.
After a week at RSA Conference, talking with current and prospective clients and demoing our GRC solutions, I’m looking forward to a quiet day back at the office. But I also feel really good about what happened this week. We had many excellent conversations with people who are eager for next-generation technology and fresh ways to solve problems. I can’t tell you how many times we heard people say, “I’m looking for something new.”
This same type of transformation is happening in the world of business applications. Custom-coded point solutions are giving way to a new generation of no-code platforms that allow business users to configure and manage their own applications. As TechRepublic explains, “No-code platforms are helping businesses more quickly create custom solutions for day-to-day problems and diversify who is able to build apps.”
Internal Audit is a field for people who love to learn, and there’s plenty of good information on the web for practitioners who want to advance their careers. But what about the folks who are entirely new to the profession? How do they begin to swim in a vast sea of professional guidance?
We love it when clients use our platform in creative ways. Mark Barak, general counsel at Aronson Security Group (ASG), is a prime example. He started using Onspring in 2016 to manage legal matters, but when a need arose for greater efficiency and visibility in the company’s partner relationships, Mark put the platform to work in new ways.
More than likely, you have a process for managing vendor relationships. You may even have a sophisticated process with a centralized vendor repository, risk assessments, due diligence, contract review, careful onboarding and ongoing monitoring. But how many of your employees know the process? And more importantly, how many of them understand how they fit in?
Identifying and managing risk within your own organization is challenging enough. When you add a diverse array of third-party relationships, the picture becomes exponentially more complex. Learn how Intarcia has taken control of vendor risk management with automation, structure and real-time reporting.
As I typically do when obsession strikes me, I began Googling Churchill to learn more. My search led me to “50 Sir Winston Churchill Quotes to Live By,” published by BBC America. It’s a goldmine of insight for our personal and professional lives. Here are a few of the quotes that struck me as particularly relevant for us “working-folk.”