Emerging GRC patterns around Cloud

With Microsoft making a big bet on its Azure Cloud based services, the impact and implications for Governance, Risk & Compliance (GRC) space makes for a very interesting case. I will share some interesting industry patterns around GRC on an ongoing basis as i come across them. Today i  start off with – Cloud GRC and Cloud based…

0

Jeff Jinnett: Towards a Structured GRC Taxonomy

Although governance, risk management and compliance laws and regulations may vary greatly depending on the jurisdiction, issuing authority, regulator and target industry, there appear to be certain common GRC issues that can be used to group mandates into categories. For example, the following nine GRC issues (with examples) may represent a useful taxonomy for the…

0

Sai Sireesh: Business Analytics at the Speed of Thought: The Next Game Changer!

I always look forward to interactions with Finance/Risk Microsoft Excel power users. Most times it’s a humbling experience as I come away learning something new about how innovatively they have stretched the capabilities of Excel. One of my earlier blogs speaks about the importance of self-serve in the Risk and Finance world. Well to extend…

0

Failure to Upgrade Software Systems as a Potential Regulatory Risk – thoughts from Jeff Jinnett

In the current highly regulated, but intensively competitive banking environment, many banks are upgrading to the latest versions of third party operational software in order to be able to take advantage of new features, such as multi-touch capability. Conversely, other banks may seek to reduce costs by continuing to run on older software versions as…

0

Jeff Jinnett: Value of an IT Security Due Diligence Document/Risk Mitigation Plan

If a company were ever asked to describe its IT security program, the company likely would have to bring in numerous staffers from the IT department and refer to reams of documents to present a full picture of the company’s IT security approach.  The need to be able to describe the company’s IT security program…

0

Jeff Jinnett: The Problem with Unmanaged End User Computing Applications

Approximately 68% of an enterprise’s corporate data is managed in IT Department-controlled applications and 32% is stored in key Microsoft Excel spreadsheets(1), Microsoft Access and other databases(2) , business intelligence tools (e.g., reporting tools), Microsoft Word and other forms of documents, web-oriented architecture “mashup” approaches(3) and other end user computing applications. Often the 32% portion…

0

Jeff Jinnett: How to Take a Holistic Approach to Governance, Risk Management and Compliance – part 2

In the last blog, we were discussing ways to copy with today’s new business and regulatory challenges.  Again, you might want to consider adopting a “holistic” GRC approach that can help you develop multi-purpose, reusable GRC solutions.  For example, under such a holistic approach, a company could (a) identify the most important legal and policy…

0

Jeff Jinnett: How to Take a Holistic Approach to Governance, Risk Management and Compliance – part 1

Today’s increasingly complex business landscape is matched by an increasingly challenging governance, risk management and compliance (GRC) landscape. U.S. multi-national companies are faced with a bewildering array of international, U.S. federal and state regulations, depending on the nature of the company’s business. These regulations can include the EU privacy directive, the Basel II Accord, the…

0