Wherever you are in the platform evaluation process, narrowing your choices down and selecting a new solution is never easy. This guide helps balance out the pros and cons of what your needs really are as you evaluate your current system and prepare to make a final leap to a new GRC platform.
Sometimes a little pain still brings big gain. Be it football or GRC platforms, rough and bumpy opening scenarios don’t mean you won’t have future success.
Much like fire and early man, the Excel-based RCM-to-Assurance Professional relationship has seemingly been in existence since the dawn of time (or at least the dawn of Excel). Thankfully there is a better way to manage this critical element of your assurance process. And you can do it without having to sacrifice what made the Excel-based approach so appealing in the first place—structured data, demonstration of key relationships, management of key attributes.
IRM vs. GRC: What’s in a name? And what does this all mean? For many it means learning a new language and making old terms taboo. For others it means straddling both sides of the fence. And for others it doesn’t mean very much at all. Jason Rohlf explains.
In jury selection, the prosecution and defense ask tough questions not because they want to embarrass people. They simply want to find 12 jurors best suited for the case. And so it goes in GRC consulting. We must ask difficult questions of our clients and ourselves. We must speak the truth in our answers. And we must be willing to accept the truth (even the hard truth) from our colleagues. That’s how we bring value to our engagements and continue to improve ourselves.
When our customers are establishing ERM and Policy Management programs within Onspring, the question of “who owns these risks/policies/controls?” comes up time and time again. Unfortunately, finding the right people to own process-level or content-level items can be quite challenging.
Your organization must place its primary focus on the execution of the critical GRC processes that have been vetted and validated. That said, as you ride the ebbs and flows of your business, it is crucial to perform periodic assessments of your processes to make sure it’s giving you what you need. Keep in mind that this does not merely involve reviewing your process documentation, making a few tweaks, and calling it a day. Rather, you should focus on asking yourself some tough questions.
Too many decision makers purchase a tool based on the fact that it “can” automate GRC/other business processes, not on “how” it does it for your organization. Just like buying a volume maximizing shampoo will indeed clean your hair…beware the unintended consequences.
I recently had the pleasure of co-authoring an E-Book with GRC consultant and “process whisperer” Dan Plato. Dan was one of our most dynamic speakers at Onspring Connect 2017 with his presentation on solution design best practices. We’ve packaged up those best practices, along with a set of templates and samples, into a guide that’s available free on our website.
I have a running list of recurring phrases in GRC (there are quite a few), and I’d like to share two of them with you: specifically, my favorite and my least favorite. And since I think I read somewhere that it’s always better to lead with bad news (or maybe it was the other way around?), I’ll start with my least favorite: “What are other people doing?”
An application built into a GRC platform to facilitate a business process will never truly be “finished.” When you first implement a business process, think of it like you would a software product. What you just implemented is essentially “version 1.0.” Over time and through repeated end-user exposure, users will request updates. Some of those updates will be minor, like adding a value to a dropdown list, and some will be major, like completely overhauling users’ access.
For those of us who live in the GRC consulting world, birthday milestones are a bit like project milestones. Some are big events. Some are barely noticed. Some are cause for celebration. Others are simply a jumping-off point for the next big thing.