GRC Platform Bogging You Down? Maybe It’s Time to Take a Leap

Wherever you are in the platform evaluation process, narrowing your choices down and selecting a new solution is never easy. This guide helps balance out the pros and cons of what your needs really are as you evaluate your current system and prepare to make a final leap to a new GRC platform.

Sports, Heartbreak & Platform Implementations

Sometimes a little pain still brings big gain. Be it football or GRC platforms, rough and bumpy opening scenarios don’t mean you won’t have future success.

Rethinking the RCM

Much like fire and early man, the Excel-based RCM-to-Assurance Professional relationship has seemingly been in existence since the dawn of time (or at least the dawn of Excel). Thankfully there is a better way to manage this critical element of your assurance process. And you can do it without having to sacrifice what made the Excel-based approach so appealing in the first place—structured data, demonstration of key relationships, management of key attributes.

IRM vs. GRC: What’s in a Name?

IRM vs. GRC: What’s in a name? And what does this all mean? For many it means learning a new language and making old terms taboo. For others it means straddling both sides of the fence. And for others it doesn’t mean very much at all. Jason Rohlf explains.

Voir Dire: Speak the Truth

In jury selection, the prosecution and defense ask tough questions not because they want to embarrass people. They simply want to find 12 jurors best suited for the case. And so it goes in GRC consulting. We must ask difficult questions of our clients and ourselves. We must speak the truth in our answers. And we must be willing to accept the truth (even the hard truth) from our colleagues. That’s how we bring value to our engagements and continue to improve ourselves.

The Process Ownership Conundrum

When our customers are establishing ERM and Policy Management programs within Onspring, the question of “who owns these risks/policies/controls?” comes up time and time again. Unfortunately, finding the right people to own process-level or content-level items can be quite challenging.

GRC Groundhog Day: Same Thing, Different Result?

Your organization must place its primary focus on the execution of the critical GRC processes that have been vetted and validated. That said, as you ride the ebbs and flows of your business, it is crucial to perform periodic assessments of your processes to make sure it’s giving you what you need. Keep in mind that this does not merely involve reviewing your process documentation, making a few tweaks, and calling it a day. Rather, you should focus on asking yourself some tough questions.

Purchasing Software: The Shampoo Fallacy

Too many decision makers purchase a tool based on the fact that it “can” automate GRC/other business processes, not on “how” it does it for your organization. Just like buying a volume maximizing shampoo will indeed clean your hair…beware the unintended consequences.

Implementing New Software? Start with Smart Design

I recently had the pleasure of co-authoring an E-Book with GRC consultant and “process whisperer” Dan Plato. Dan was one of our most dynamic speakers at Onspring Connect 2017 with his presentation on solution design best practices. We’ve packaged up those best practices, along with a set of templates and samples, into a guide that’s available free on our website.

What Are Other People Doing? Maybe You Don’t Want to Know

I have a running list of recurring phrases in GRC (there are quite a few), and I’d like to share two of them with you: specifically, my favorite and my least favorite. And since I think I read somewhere that it’s always better to lead with bad news (or maybe it was the other way around?), I’ll start with my least favorite: “What are other people doing?”

Continuous Improvement in GRC

An application built into a GRC platform to facilitate a business process will never truly be “finished.” When you first implement a business process, think of it like you would a software product. What you just implemented is essentially “version 1.0.” Over time and through repeated end-user exposure, users will request updates. Some of those updates will be minor, like adding a value to a dropdown list, and some will be major, like completely overhauling users’ access.

The Thing About Milestones

For those of us who live in the GRC consulting world, birthday milestones are a bit like project milestones. Some are big events. Some are barely noticed. Some are cause for celebration. Others are simply a jumping-off point for the next big thing.