When our customers are establishing ERM and Policy Management programs within Onspring, the question of “who owns these risks/policies/controls?” comes up time and time again. Unfortunately, finding the right people to own process-level or content-level items can be quite challenging.
Is there ever a slow week in compliance-related news? Not that we can remember. It’s tough to keep up with the latest developments in legal and regulatory requirements, evolving industry standards and internal best practices for compliance professionals. Onspring is here to help. We’ve gathered articles, opinions and insights that will bring you up to speed.
While the concept of reporting seems to be pretty straightforward, the term “report” can have a variety of meanings, so I’m always careful to validate my understanding so I don’t veer off in some unwanted direction. After all, reporting capabilities often represents the organization’s A-1 deal breaker requirement.
Common supports remain in place, even as regulations and best practices evolve. Remember this as you stand at the metaphorical “ice cream counter of compliance.” The sheer variety and complexity of requirements can be overwhelming, but the core people, processes and technologies you engage to understand and address those requirements remains largely the same.
When it comes to regulations, industry standards and supporting controls, the only constant is change. Most organization have smart people and defined processes for managing change, but tracking the changes themselves—knowing what they are and how they impact the business—can be a massive headache.
We’re pleased to announce that Onspring has teamed up with Unified Compliance to help companies stay up to date with rapid regulatory changes. Using our dynamic Data Connector, we’ve made it push-button easy to update controls and authority documents from the UCF Common Controls Hub™ within our flexible Controls & Compliance solution. Join us for a webinar on Tuesday, September 19 for all the details!
This is the first article in a three-part series I’ll be posting throughout the GRC Conference in Phoenix. My intent is not to dissect the IIA’s changes in minute detail. There have been a number of great pieces written on this topic, and I encourage you to jump over and read what those on the forefront of internal audit are saying, particularly a recent article by Norman Marks and Kristen Gantt that offers a compelling view of the internal audit department of tomorrow.