Entries by Evan Stos

History of GRC | Governance, Risk Management & Compliance History

When GRC platforms started becoming a “thing” in the mid-2000s, there were only a few major players in the market. They focused primarily on IT: whether it be controls, policies or risk management. Additionally, with the Enron and Worldcom scandals, SOX and its myriad of financial reporting controls quickly became platform offerings as well. As the market started expanding quickly at the turn of the decade, the concept of “eGRC”, with the “e” standing for enterprise, swept the landscape. Why settle for managing IT processes when many of the tools were capable of managing an entire organizations’ Governance, Risk and Compliance frameworks? The natural progression had begun.

Traditional Project Management in an Agile World

Being a project manager (PM) can be a tough gig; when everything is going fine, you may, at times, be viewed with disdain: a mere “meeting scheduler” who collects status updates from the key stakeholders and SMEs, reporting them upwards. When everything isn’t going fine, they are in the cross-hairs of everyone: the key stakeholders, the SMEs and the higher-ups they report to.

Online Product Reviews

So how do you filter out the noise of bad reviews? By going back to basics: If you know someone who is using or has used a product you’re looking at acquiring, ask them how they like it. Here at Onspring, we’re always happy to refer potential customers to existing ones, even if what is shared between them isn’t 100% sunshine and puppy dogs when it comes to our product.

The Process Ownership Conundrum

When our customers are establishing ERM and Policy Management programs within Onspring, the question of “who owns these risks/policies/controls?” comes up time and time again. Unfortunately, finding the right people to own process-level or content-level items can be quite challenging.

Supporting Your Solution After the High-Fives

Getting help with software implementation from trained experts is great. But what happens when the consultants are gone? Will you be equipped for success? Evan Stos shares three helpful tips for becoming self-sufficient and “owning” your solutions right away.

Purchasing Software: The Shampoo Fallacy

Too many decision makers purchase a tool based on the fact that it “can” automate GRC/other business processes, not on “how” it does it for your organization. Just like buying a volume maximizing shampoo will indeed clean your hair…beware the unintended consequences.

What Are Other People Doing? Maybe You Don’t Want to Know

I have a running list of recurring phrases in GRC (there are quite a few), and I’d like to share two of them with you: specifically, my favorite and my least favorite. And since I think I read somewhere that it’s always better to lead with bad news (or maybe it was the other way around?), I’ll start with my least favorite: “What are other people doing?”

Continuous Improvement in GRC

An application built into a GRC platform to facilitate a business process will never truly be “finished.” When you first implement a business process, think of it like you would a software product. What you just implemented is essentially “version 1.0.” Over time and through repeated end-user exposure, users will request updates. Some of those updates will be minor, like adding a value to a dropdown list, and some will be major, like completely overhauling users’ access.

Sasquatch, Unicorns and Fully Integrated GRC

If I showed you a picture of a Sasquatch or a unicorn, chances are you would be able to identify them almost immediately. That is to say that nearly everyone knows exactly what they are even though they haven’t been proven to exist. In most cases, the “Fully Integrated GRC Program” fits within the same category. Anyone that has been working in GRC recognizes the concept immediately, but chances are there’s no proof that integrated GRC is fully alive within the organization.