2012年6月8日星期五

Everyone is an Internal Auditor

I feel like an analyst. For the past several weeks, I’ve been talking to GRC software vendors and consultants to get a feel for what needs to be covered in 2010.

Most vendors continually think about the problems and issues their customers confront; however, they tend to really dig into these challenges each autumn as they, too, prepare for the new calendar year.

These discussions and email exchanges have produced some interesting themes.

There’s (so much) more, as I’ll write about soon … ###


Here are some of the most exciting GRC ideas, problems, and/or practices I intend to cover in 2010 (and have already begun researching):

The Secret of Sustainable GRC: Why do some programs thrive while others peter out after the most recent regulatory mandate fades from the front pages? Is the secret sauce in the culture, the process, or the people — or all of the above?

Everyone is an Internal Auditor: Everyone could be, anyway — or a risk manager health blog, or a GRC manager. This idea health blog, uttered by a continuous auditing expert oakley mens sunglasses, underscores the importance of turning over more GRC work to the business.

All Employees Have their Own Risk Profile: This point resonated with me oakley mens sunglasses, in part, because it was made by an executive within one of the world’s largest software companies. The point he was making is as much about process as it is about people (interestingly, it’s not really about technology): When GRC processes lack clarity or definition, different individuals will respond to risk information differently. What might set off a five-alarm response from one manager may illicit nothing more than a yawn from a different (and perhaps better informed) manager. There has been a lot of talk and research about the importance of ethical organizational cultures this year. In these cultures, individual employees generally are empowered to make their own decisions. And, the research suggests oakley mens sunglasses, this works well. If so, how can culture account for the varying risk profiles – the risk appetites – of the individual?

Risk Reporting and Risk Quantification Remain Major Challenges: Don’t believe me? Take it from a vendor who just returned from a forum on enterprise risk management.




Related:

没有评论:

发表评论