Governance, Risk and Compliance (GRC) is re-emerging as one of the most important components in the success of any company, the key to the integration of silos and the glue between the business and IT. Corporations, particularly those dealing with multiple jurisdictions, are facing an increasing number of regulations and internal policy requirements. To deliver a holistic view and manage performance, integrate departmental risk models and compliance needs, and understand the impact on company goals and strategy, a standards-based approach is a must-have.
The GRC-XML working group is developing a standard and common language for the representation, sharing, and processing of governance, risk, and compliance information through the establishment of GRC Taxonomy based on XBRL and XBRL GL. The need for a common controls and risk language is present within a single organization as well as between an organization and its external auditors, government regulators, industry associations, and business partners. The market encompasses a broad spectrum of unique systems and solutions to address all aspects of an organization including its people, facilities, IT infrastructure, business applications, corporate responsibilities, legal, regulatory and financial obligations. One of the goals of the GRC-XML program is to enable these disparate systems to share and leverage information efficiently without compromising accuracy and functionality.
In this webinar, we will address the issue of GRC and current trends and developments in the marketplace. We will provide an overview of GRC-XML and introduce some key use case scenarios to address GRC challenges, particularly in information technology (IT GRC) and enterprise integration. We will discuss the use of GRC-XML in Cloud Computing and the current effort extending GRC-XML to support Solvency II.
A framework of standard practices to help your organization achieve Principled Performance.Read more >
At this year's San Francisco BSides conference, BrightTALK gathered together thought leaders in the fields of IT security and GRC to get their perspectives on the challenges and opportunities facing their communities and industries in 2012.
After a series of enlightening interviews we've decided to bring the thought leaders back for an in-depth discussion. Join us for what will be a lively conversation among the top minds in their fields on cloud security, BYOD, PCI compliance and the GRC challenges that apply across them all.
Ron Ross, Computer Scientist, NIST Fellow (moderator)
Anton Chuvakin, Research Director, Gartner
Andrea Hoy, Director - International Board, ISSA International
Dr. Said Tabet, Chair of GRC-XML Project, OCEG
ISO 22301 details a quality, globally accepted, auditable BCMS standard. Like all ISO's, it results from expert work and is blessed by 160+ countries. Organizations can benefit from global acceptance, good practices, and management experience.
This webinar covers the overall need for automation to support ISO 22301, with an exploration of six major program management areas where software can be exceptionally helpful for the new standard, as follows:
• BIA and RA analysis (8.2.2, 8.2.3)
• Resources and planning (8.3.2, 8.4.4)
• Testing and exercise management (8.5)
• Crisis mgt/comms (8.4.2, 8.4.3)
• Audit reporting (9.2)
• Corrective actions (10.1)
A new challenge for many internal audit departments is auditing risk management. In this session, we will cover some high level principles and discuss a risk-based approach to the activity. Topics will include:
· The risk of poor risk management
· What do we audit risk management against?
· Why we need risk management, and what is the value it should provide?
· A review of the major risk management standards/frameworks
· Suggested evaluation steps
· Risk management maturity
A number of key business processes help organizations achieve Principled Performance, and
processes under the areas of governance, risk management and compliance are particularly
critical to its success. Because there is significant overlap in the activities that underlie and
support those broad areas, addressing them (and all others that contribute to Principled
Performance) in an integrated fashion allows a consistent view of information and efficient
application of resources that greatly enhance the power each individual process brings to the
organization. We call that integrated approach “GRC”.
Come hear OCEG President Carole Switzer discuss this important topic.
IT Governance with Lane Leskela of OCEGRead more >
The current economic climate cries out for technology standards at the core of information management. This round of financial losses are the result of weak governance and risk management failure. We’ve seen such tragedy before and we are in danger of repeating these mistakes. The time has come for the methods that help manage risks and enforce corporate policies to exploit a common software language (XML). In these challenging times, the critical work on common risk and compliance definitions for software is poised to bear fruit. This session will focus on the progress in XML for Governance, Risk and Compliance management and its potential for lowering costs and increasing process efficiency in every organization.Read more >