In my role leading the Solutions team at Onspring, I have the distinct honor of being one of our company’s primary storytellers. When your primary responsibility is helping clients piece together the various, individual aspects of their GRC programs—risk assessment software, compliance and control, and other solutions—into a compelling narrative about the overall health of the organization, you quickly realize that this analogy is apt.
“There is nothing more powerful or honest than the voice of the customer,” Onspring’s Founder and CEO Chris Panteanius, said of the award. “SoftwareReviews requires a LinkedIn profile to ensure vendors cannot vote for themselves or disparage competitors’ offerings, and it takes no money from vendors to determine these rankings. Instead, they rely exclusively on the customer’s voice — the true experts who use, and dare I say, stake their careers on the success of these products every day.”
The concept of a risk management system—what it is and consists of—is something that is often misunderstood or misinterpreted. A big challenge many companies face is evolving the management of their risk and dealing with it properly as it changes. While risk itself is a recurring instance for most companies, the problem is not just dealing with different risks, but having a universal definition of what they are and also specifically having a risk identification plan.
Much like fire and early man, the Excel-based RCM-to-Assurance Professional relationship has seemingly been in existence since the dawn of time (or at least the dawn of Excel). Thankfully there is a better way to manage this critical element of your assurance process. And you can do it without having to sacrifice what made the Excel-based approach so appealing in the first place—structured data, demonstration of key relationships, management of key attributes.
One term you’ll hear while standing around the water cooler with a bunch of risk management professionals (don’t we all?) is risk register. The basic definition is simple: A repository of all risks that could impact a project, a legal entity or an entire enterprise. But when you get beyond the basic definition, you’ll find plenty of variation in the details. To gain a better understand of what a risk register is, why it exists and what information it should contain, I interviewed Evan Stos, a GRC consultant who has helped more than 60 Fortune 500 companies gain control of audit, risk, compliance and information security processes. Here are a few insights from our conversation.
If risk management is on your radar, take a look through the articles and insights below. They might just challenge your thinking…in a good way.
More than likely, you have a process for managing vendor relationships. You may even have a sophisticated process with a centralized vendor repository, risk assessments, due diligence, contract review, careful onboarding and ongoing monitoring. But how many of your employees know the process? And more importantly, how many of them understand how they fit in?
Identifying and managing risk within your own organization is challenging enough. When you add a diverse array of third-party relationships, the picture becomes exponentially more complex. Learn how one organization has taken control of vendor risk management with automation, structure and real-time reporting.
By Dave Hulsen, Co-Founder of RFP360 – Gardening is one thing, but what about our growing businesses and the third-parties we engage to help us flourish? As I thought about the numerous vendors we rely on, I started to think about what “pesky” vendors might be choking out our true partners (i.e. the ones that are truly critical to our success). If any of our vendors are increasing the amount of risk we manage to unacceptable levels, we need to identify them.
Managing risk within the confines of your own business is hard enough. When you tack on risk associated with vendor relationships, the complexity only grows. As business leaders, we have to carefully manage vendor relationships to protect our customers, employees and stakeholders, but the process can be daunting.
With each release, I make time to analyze the key features and perform updates across our full suite of Internal Audit, Risk Management and Compliance solutions. As I do this, I’ll be sharing my thoughts, ideas and insights here on the blog, if only to help spark ideas for our clients on how they, too, can use Onspring to the fullest.
One thing is certain: the unexpected will occur. Storms will pop up and our skills and coping mechanisms will be tested. Organizations must identify where they are exposed, apply an appropriate response for addressing the risk, and implement a mechanism to constantly monitor and reassess the risk and their response to it. Otherwise, we risk getting stuck by the side of the road in a driving rain.