by French Caldwell | October 24, 2012 | Comments Off
I’m here at Orlando Symposium talking to a good colleague, Neil McDonald, and I ask Neil, “Why don’t IT service providers, who complain so much about the intrusiveness and costs of customer inquiries, inspections and audits of their security controls, just provide their customers an IT GRC dashboard? That way customers can see for themselves [...]
Comments Off
Category: Cloud GRC Risk Management Tags: cloud, Risk Management, vendor risk management
by French Caldwell | October 12, 2012 | Comments Off
In the last week I’ve had two calls with companies deciding how to respond to the cybersecurity letter that Sen. Rockefeller sent to the CEOs of Fortune 500 companies. The deadline to respond is 19 October. CEOs are not required to respond, and with the demise of the Cybersecurity Act of 2012, it’s tempting not [...]
Comments Off
Category: Cybersecurity public policy Risk Management Tags: cybersecurity, Public Policy, Risk Management
by French Caldwell | October 10, 2012 | 1 Comment
Dear Michael – Good to hear from you. Thanks for sending me your latest blog post. I have to say though that when you rant you really do go ballistic — you want to throw six months of my work on the compost pile — ooh, that hurts. But I get it, it’s not me; [...]
Category: Applications compliance GRC Risk Management Tags: compliance, GRC, Risk Management
by French Caldwell | February 8, 2011 | 1 Comment
Arguably if you are an authoritarian leader who is threatened to be deposed, you view social media that your opponents use to organize protests as a threat. On the other hand, if your supporters can use it to organize counter-protests, then you might see it as an opportunity — perhaps this explains why Egyptians saw [...]
Category: Risk Management Tags: governance, Public Policy, reputational risk, Risk Management, strategy, Systemic Risk
by French Caldwell | January 25, 2011 | Comments Off
Aunt Elsie never went to the grocery store. She’d call in her grocery list over the phone, and the grocer would deliver. One day in the 1950s, Aunt Elsie called my grandmother and said, “Emily, do you ever shop at a supermarket?” My grandmother said of course she did, and Aunt Elsie asked to accompany [...]
Comments Off
Category: Risk Management Tags: governance, GRC, opportunity, performance, Risk, Risk Management
by French Caldwell | January 21, 2011 | Comments Off
In the drugstore the other day, my wife was searching for Tylenol Cold and Flu. She insists that’s the only thing that works when she has a cold and with the onset of winter she wanted to make sure the medicine cabinet was stocked. We searched and searched, but where almost any Tylenol product was [...]
Comments Off
Category: Risk Management Strategic Planning Tags: crisis management, Public Policy, reputational risk, Risk Management
by French Caldwell | January 12, 2010 | 6 Comments
I’ve been involved in some discussions recently around GRC that remind me about the arguments around KM — as to whether it is a valid term or not. The antagonists argue that GRC does more harm than good. They argue that the term creates market confusion, that the vendors that claim to offer GRC solutions [...]
Category: Uncategorized Tags: compliance, governance, GRC, knowledge management, Risk Management, strategy
by French Caldwell | January 10, 2010 | 3 Comments
While most GRC market watchers were analyzing the EMC-Archer deal, another perhaps even more telling merger was occuring. The CEOs of BPS and Resolver, two small Canadian enterprise GRC platform vendors, brought their two companies together. BPS’ market focus has been large companies, while Resolver has focused on small to mid-size companies. The combination of [...]
Category: Uncategorized Tags: compliance, GRC, Risk Management
by French Caldwell | October 27, 2009 | 1 Comment
Jeffrey Wheatman, Guest Blogger Last week, after grueling but exciting five days at Gartner Symposium in Orlando I found myself sitting on my return flight back to the home office. I cracked open my brand-new copy of Freakonomics, which is a book I have long had on my list and never quite got around to [...]
Category: Uncategorized Tags: Risk Management
by French Caldwell | October 11, 2009 | 8 Comments
What is the most important role of the IT department in managing enterprise risks? Is it to just manage IT’s own risk, with a focus on security? Is it to get better alignment of IT services to business needs? Is it to advise the general counsel, the chief financial officer, and other business executives on [...]
Category: Uncategorized Tags: knowledge management, Risk Management
