For all that you do and are trying to accomplish with the use of your platform, there has to be some form of accountability within the confines of using it within your company. That means validating the controls, testing procedures and risks, etc. Without accountability, without the audit element of someone coming in and saying, “Here is what is supposed to be done,” you will find yourself missing a key letter in GRC.
About Michael Blumreich
Michael is a solution consultant, specializing in governance, risk and compliance (GRC) and business process automation.
Entries by Michael Blumreich
Onspring has partnered with the Shared Assessments to enable its customers to leverage their best-in-class practices for managing third-party risk. With Onspring’s tailored solution, companies can leverage the methodology and structure provided by the SIG Questionnaire for a third-party risk management program.
For those of us who live in the GRC consulting world, birthday milestones are a bit like project milestones. Some are big events. Some are barely noticed. Some are cause for celebration. Others are simply a jumping-off point for the next big thing.
On a daily basis, I work hand-in-hand (or phone-to-phone) with clients to guide them through implementing their Governance, Risk and Compliance (GRC) processes using platform-based software. Having been involved in the implementation of dozens of GRC processes in a number of different industries, I can tell you the one thing they have in common: they’re all different.