Entries by Beth Strobel

Policy Exception Management | When the Exception is the Rule

I’ve worked in the compliance and risk field for almost 15 years. Every company I’ve worked for and with has had policies; all of them also had and made exceptions to their procedures and guidelines. The way the policies were written, stored and communicated tends to be similar across organizations. However, the way exceptions are managed is less consistent. Depending on the company’s size and maturity, exceptions might be granted during simple a hallway conversation; or in a more formal method, as a multi-level risk analysis and approval workflow using a technology.

NIST-Based Risk Assessment Takeaways

For those who aren’t aware, NIST is the National Institute of Standards and Technology, a non-regulatory agency of the U.S. Commerce Department. NIST develops and issues standards, guidelines and other documents to encourage and assist federal agencies and the private sector in implementing these standards.

The Challenge of NERC

The North American Electric Reliability Corporation (NERC) is certainly not new, but the approach NERC is taking in regards to its requirements has transformed over the past four years. This change was born out of the recognition that all Registered Entities have limited resources for compliance activities, and that not all issues and findings identified represent the same level of risk to the bulk power system.

Weighing Your Options

I recently had lunch with an audit executive who told me her team needed a new audit software solution. However, she kept putting it off because she felt overwhelmed by the myriad of options and the process of finding one. Wading through solution websites, stretching out mentally to determine which functionalities are marketing fodder and which are real, knowing she’d have to sit through numerous demos; she said she felt exhausted before she’d even begun!