When our customers are establishing ERM and Policy Management programs within Onspring, the question of “who owns these risks/policies/controls?” comes up time and time again. Unfortunately, finding the right people to own process-level or content-level items can be quite challenging.
One term you’ll hear while standing around the water cooler with a bunch of risk management professionals (don’t we all?) is risk register. The basic definition is simple: A repository of all risks that could impact a project, a legal entity or an entire enterprise. But when you get beyond the basic definition, you’ll find plenty of variation in the details. To gain a better understand of what a risk register is, why it exists and what information it should contain, I interviewed Evan Stos, a GRC consultant who has helped more than 60 Fortune 500 companies gain control of audit, risk, compliance and information security processes. Here are a few insights from our conversation.
Managing relationships with third-party providers is a major concern in the banking, healthcare, retail and tech industries…and beyond. We’ve gathered recent news, insights and opinions on vendor risk management, contract management, third party assessments and more. Help yourself to this week’s reading roundup!
We love it when clients use our platform in creative ways. Mark Barak, general counsel at Aronson Security Group (ASG), is a prime example. He started using Onspring in 2016 to manage legal matters, but when a need arose for greater efficiency and visibility in the company’s partner relationships, Mark put the platform to work in new ways.
One thing is certain: the unexpected will occur. Storms will pop up and our skills and coping mechanisms will be tested. Organizations must identify where they are exposed, apply an appropriate response for addressing the risk, and implement a mechanism to constantly monitor and reassess the risk and their response to it. Otherwise, we risk getting stuck by the side of the road in a driving rain.
When I’m asked the “How do you compare?” question or one of its many derivatives, I simply respond as follows: “To be honest, I don’t really have any experience with Product X, and anything I’d tell you would just be hearsay, so I can’t honestly make that comparison. Instead I’d like to hear about your goals and objectives so we can figure out a way to leverage Onspring to help you accomplish them in the best way possible.” Period.
When you develop software, there are many stages of the design phase that are highly critical to the final product. Too often, companies are in a rush to push feature releases or changes to their products that are “box checkers.” They’re trying to compare themselves to a competitor in a favorable light, without actually thinking about the problem in depth, or not considering things such as long-term performance and usability.
When risk taking tips over into unethical behavior, organizations face potentially catastrophic outcomes. But is all risk-taking bad? Certainly not. In fact, it’s essential for business growth. To put it simply, a business that takes no risks is quickly out of business.
After months of planning, it’s finally here: Onspring Connect, our inaugural user conference. We’ve gathered clients from all over the US and Canada, from Seattle to Dallas to Boston to Newfoundland and everything in between. We have internal auditors, enterprise risk managers, legal experts, vendor managers and compliance professionals among our participants. In short, we have a lot of collective brainpower.
Big things are happening in the heart of the country. No…not another World Series run. And not a BBQ, craft beer or jazz festival, either. We’re talking about Onspring Connect (July 10–13), the first of many user conferences for the Onspring community. (Craft beer included!)
When I first heard that my son’s first grade class was looking for parents to speak during Career Week, I looked before I leaped and happily volunteered my time. Then the butterflies set in. I had a hard enough time explaining what I did to my friends and family members. Nobody seemed to have the slightest idea what the heck GRC was or why it mattered, so you can only imagine my trepidation about talking about my job in front of a bunch of six- and seven-year-olds.
As with many things in this world, adulthood has a tendency to put a different spin on our youthful perspectives. This time of year can be fraught with its share of stress, angst, hassle and sadness. Whether it’s a minor nuisance like fighting tooth and nail for a parking place, or something much deeper, like celebrating your first Christmas without a loved one, this particular time of year is prone to its own set of struggles.