Posts

A Short Account of GRC Software

The GRC software market has several different sections, ranging from full-fledged integrated GRC platforms to specific point solutions, and each of these can help a company deal with many different problems or tasks. The joining point of all of these different products is that they help answer the questions that the caveman asked eons ago: “How best to manage risk?” and “How best to integrate these risk management solutions into a productive business model while maintaining corporate integrity at the highest regulatory levels (direct translations from cavemen are rarely this coherent)?”

Focusing on What Matters: Lessons from a Former Auditor, Part 2

I am what you might call a late bloomer. It took a while, but I finally feel like I’m coming into my own with this whole “being a professional” thing. I share this because in my early days as an internal auditor I didn’t really grasp the concept of why we were doing what we did, let alone how we were helping drive a risk-focused culture in our organization.

And the Survey Says… | Trends: The Future of Internal Audit

Onspring recently conducted a survey, reaching out to audit professionals to find out about future trends in the internal audit field. Putting together tangible questions that deliver concrete results on current practices in internal audit and risks that may impact the field in the future was our target, and that was accomplished.

Tell Me a GRC Story!

In my role leading the Solutions team at Onspring, I have the distinct honor of being one of our company’s primary storytellers. When your primary responsibility is helping clients piece together the various, individual aspects of their GRC programs—risk assessment software, compliance and control, and other solutions—into a compelling narrative about the overall health of the organization, you quickly realize that this analogy is apt.

Make a Move with Your Risk Management

The concept of a risk management system—what it is and consists of—is something that is often misunderstood or misinterpreted. A big challenge many companies face is evolving the management of their risk and dealing with it properly as it changes. While risk itself is a recurring instance for most companies, the problem is not just dealing with different risks, but having a universal definition of what they are and also specifically having a risk identification plan.

The Process Ownership Conundrum

When our customers are establishing ERM and Policy Management programs within Onspring, the question of “who owns these risks/policies/controls?” comes up time and time again. Unfortunately, finding the right people to own process-level or content-level items can be quite challenging.

How to Build Your Risk Register

One term you’ll hear while standing around the water cooler with a bunch of risk management professionals (don’t we all?) is risk register. The basic definition is simple: A repository of all risks that could impact a project, a legal entity or an entire enterprise. But when you get beyond the basic definition, you’ll find plenty of variation in the details. To gain a better understand of what a risk register is, why it exists and what information it should contain, I interviewed Evan Stos, a GRC consultant who has helped more than 60 Fortune 500 companies gain control of audit, risk, compliance and information security processes. Here are a few insights from our conversation.

Reading Roundup: Vendor Management

Managing relationships with third-party providers is a major concern in the banking, healthcare, retail and tech industries…and beyond. We’ve gathered recent news, insights and opinions on vendor risk management, contract management, third party assessments and more. Help yourself to this week’s reading roundup!

How to Manage Global Partnerships: A Case Study

We love it when clients use our platform in creative ways. Mark Barak, general counsel at Aronson Security Group (ASG), is a prime example. He started using Onspring in 2016 to manage legal matters, but when a need arose for greater efficiency and visibility in the company’s partner relationships, Mark put the platform to work in new ways.

Driving in the Rain: How to Handle the Unpredictable Through Effective Enterprise Risk Assessment

One thing is certain: the unexpected will occur. Storms will pop up and our skills and coping mechanisms will be tested. Organizations must identify where they are exposed, apply an appropriate response for addressing the risk, and implement a mechanism to constantly monitor and reassess the risk and their response to it. Otherwise, we risk getting stuck by the side of the road in a driving rain.

“How Do You Compare to GRC Vendor X?”

When I’m asked the “How do you compare?” question or one of its many derivatives, I simply respond as follows: “To be honest, I don’t really have any experience with Product X, and anything I’d tell you would just be hearsay, so I can’t honestly make that comparison. Instead I’d like to hear about your goals and objectives so we can figure out a way to leverage Onspring to help you accomplish them in the best way possible.” Period.

How to Be Lazy Where It Counts

When you develop software, there are many stages of the design phase that are highly critical to the final product. Too often, companies are in a rush to push feature releases or changes to their products that are “box checkers.” They’re trying to compare themselves to a competitor in a favorable light, without actually thinking about the problem in depth, or not considering things such as long-term performance and usability.