The G in GRC

Governance: Corporate, Cyber, Data, and Technology

(G) overnance, (R) isk, and (C) ompliance

Governance

A complex interconnected system of leadership and management practices, processes, functions, and structures to achieve objectives.

Risk

An integrated system to identify, assess, evaluate, and prioritize financial, legal, strategic, and security risks or what could go wrong.

Compliance

An integrated system to identify, evaluate, and prioritize regulatory requirements, internal policies, and industry standards.

Corporate Governance

The US passed the Foreign Corrupt Practices Act (FCPA) in 1977,
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) was established in 1985,
COSO published the "Internal Control-Integrated Framework" in 1992,
OECD published the "Principles of Corporate Governance" in 1999, and subsequent releases,
The US passed the Sarbanes-Oxley Act of 2002,
COSO published an update to the "Internal Controls - Integrated Framework" in 2013,

The above only represents the US advances in Corporate Governance.

Cyber Governance

Data Governance

Technology Governance

A fascination with how the moving parts come together

Over the years, I have been fascinated by how some organizations understood governance more than others. It was not about their bylaws, charters, or policies. It was in their DNA—something so engrained in how the organization operated.

Cyber Security Reality for so many

About

Perspective

Contact Me