by French Caldwell | May 1, 2013 | 1 Comment
I just returned from the MetricStream GRC Summit in Las Vegas where I presented a keynote on risk management and performance. The summit was very well planned, organized, and executed. The speakers and panel participants talked not just theory but provided practical examples of the benefits and challenges of using GRC technologies to improve their [...]
Category: GRC Risk Management Uncategorized Tags:
by French Caldwell | February 6, 2013 | Comments Off
Even as the economic recovery gains momentum, risk management and compliance are still growing in importance. This trend should continue until there is a shift politically and culturally toward deregulation. In the Gartner CEO survey, regulatory risk was ranked as the number one business risk, and in the Gartner Forbes Board survey, risk management, legal [...]
Comments Off
Category: compliance Legal IT Risk Management Tags:
by French Caldwell | January 25, 2013 | 1 Comment
I’ve read through new draft guidance from U.S. financial services regulators on the use of social media. What struck me most is that instead of taking a compliance and control point of view, it talks instead of risks, and the need to ensure that social media risks are included in your risk management program. That’s [...]
Category: compliance public policy Risk Management Social Technology Tags:
by French Caldwell | January 3, 2013 | 1 Comment
I had a good discussion with Erik Heidt today about IT GRC management tools. We were talking about why there is an IT GRCM market that is distinct from the EGRC platform market. It’s clear that there is a separate market — vendors like Agiliance, RSAM, Lockpath and Modulo are IT GRC specific. The buyer [...]
Category: Applications compliance Cybersecurity GRC Risk Management Tags:
by French Caldwell | October 31, 2012 | 2 Comments
I expect to hear a lot of stories about social technology keeping people connected in the aftermath of Sandy — just as after Katrina. However, I am also expecting these stories to take a twist — we will hear about how neighbors organized self-relief efforts using social media. Social media has been playing a part [...]
Category: public policy Risk Management Social Technology Tags: crisis management, disaster, Public Policy, social
by French Caldwell | October 24, 2012 | Comments Off
I’m here at Orlando Symposium talking to a good colleague, Neil McDonald, and I ask Neil, “Why don’t IT service providers, who complain so much about the intrusiveness and costs of customer inquiries, inspections and audits of their security controls, just provide their customers an IT GRC dashboard? That way customers can see for themselves [...]
Comments Off
Category: Cloud GRC Risk Management Tags: cloud, Risk Management, vendor risk management
by French Caldwell | October 12, 2012 | Comments Off
In the last week I’ve had two calls with companies deciding how to respond to the cybersecurity letter that Sen. Rockefeller sent to the CEOs of Fortune 500 companies. The deadline to respond is 19 October. CEOs are not required to respond, and with the demise of the Cybersecurity Act of 2012, it’s tempting not [...]
Comments Off
Category: Cybersecurity public policy Risk Management Tags: cybersecurity, Public Policy, Risk Management
by French Caldwell | October 10, 2012 | 1 Comment
Dear Michael – Good to hear from you. Thanks for sending me your latest blog post. I have to say though that when you rant you really do go ballistic — you want to throw six months of my work on the compost pile — ooh, that hurts. But I get it, it’s not me; [...]
Category: Applications compliance GRC Risk Management Tags: compliance, GRC, Risk Management
by French Caldwell | August 13, 2012 | Comments Off
Living inside the capital beltway, you meet all kinds of people that have jobs that just don’t have any equivalency anywhere else: Like the lady I talked to last week who provides advice on safety issues associated with the modernization program for the nation’s nuclear weapons stockpile. I mentioned to her a recent GAO report [...]
Comments Off
Category: GRC public policy Risk Management Strategic Planning Tags:
by French Caldwell | August 3, 2012 | Comments Off
IT – The Existential Threat With the growing number of business failures attributable to IT, it’s getting hard to keep up with them all. Who can forget the IT-enabled bungling of the Facebook IPO. And now we have the Knight Capital hash – where a mistake in a high frequency trading program has created an [...]
Comments Off
Category: public policy Risk Management Strategic Planning Uncategorized Tags:
