Are You Ready for the ISO Standard on Compliance Management?

 The new ISO standard 19600 should get your attention.

Group Decision-Making

We recently had a question about our suggested approach to group decision-making. We thought that our response might be of interest to our community.

Requirements-driven Knowledge Management

We recently came across the International Atomic Energy Agency's ( definition of knowledge management (KM).

Risk Assessment Bibliography

Doug Hubbard of Hubbard Decision Research recently published a list of interesting sources (on the Society of Information Risk Analyst listserve) that he has used in his work writing on various risk assessment methods a

Is your Risk Assessment Approach Too Simplistic?

We just spotted this article in Coprporate Risk & Insurance’s risk magazine:


What comes after executive education?

Many of us within our GRC community often brainstorm on the best steps to take when a firm is just starting to consider investing in a GRC program initiative or system of record.

PCAOB and SEC are Keeping Watch

It's amazing that after 12 years of collective experience with SOX-related audits of Internal Controls over Financial Reporting (ICFR) that companies and external auditors are struggling. Look at this factoid:

Vendor / Product Assessment & Recommendations

We often assess GRC vendors and their "pure" enterprise-class GRC applications (including applications oriented towards Internal Audit and Security) using a proven process that has a number of mission-critical business ob

Regulatory Compliance for the Smaller Company

Here's a LinkedIN GRC comment from Sanjay N:, "A lot of the attention is on the Compliance management problems of the larger companies but the challenge for the smaller companies with their limited s

RuleSphere Driving Video Standards for Knowledge Management

Over the past year, I have been heavily researching, the best tools that would allow us, as educators, to drive our knowledge management practice cap

SIFMA Publishes Recommendations for Effective Cybersecurity Regulatory Guidance

SIFMA Publishes Recommendations for Effective Cybersecurity Regulatory Guidance


Release Date: October 20, 2014

Why PRA My Org?

Why is a Predictive Risk Analytics (PRA) Initiative so important in driving strategic shareholder value?

Lean Thinking and GRC Program Initiatives

Having had a lean manufacturing background in my past has helped me to apply lean thinking concepts to a variety of industry problems no matter whether they are found in the "front office",  the "back office" or at a prog

Nassim Taleb’s book:Antifragile

If you have not had a chance to read Nassim Taleb's book; "Antifragile", here's some quotes to get you psyched up:


Is Global Finance Ready for the Next Crisis?

Based on our prior blog entry on Complexity Portfolio Theory (CPT), we thought that those individuals who are focused on this application area should check out this interesting article on stock and other market appraisal which signa

Complexity Portfolio Theory

We have been getting a lot of questions on the relationship of Predicitve Risk Analytics (PRA) and complexity management to portfolio assessment.

Develop Your Business Radar - Recommendations By IMA and ACCA

In the Institute of Management Accountants (IMA) Accountancy Futures Academy, a best practices document.

Reengineering ERM

As you may be aware we are advocates of reengineering under-performing Enterprise Risk Management (ERM) programs.

Cyber Security as a Matter of Resilience

--Cyber Security as a Matter of Resilience (September 22, 2014) Experts say that the cyber security conversation is better served by focusing on resilience rather than on

Decluttering Makes Great Business Sense

We'd like to pass this interesting article along to you. The author is Schumpeter and the source is The Economist.

Audit Work Program for Complexity Management

Do you have a need to enhance your Enterprise Risk Management (ERM) program?

New White Paper; "Predictive Risk Analytics; The Internal Auditor's Guide to Complexity Management”

Our new 6 page white paper may be of interest to you. It is entitled; "Predictive Risk Analytics; The Internal Auditor's Guide to Complexity Management”.

Cyber Security as a Matter of Resilience

--Cyber Security as a Matter of Resilience (September 22, 2014) Experts say that the cyber security conversation is better served by focusing on resilience rather than on

Complexity Management Research

We recently became aware of a research study that was conducted in 2011 by Lighthouse Global on the subject of complexity management. If you'd like a copy please contact us.

Predictive Risk Analytics (PRA) and MPP; Press Release

We have some interesting new news regarding our Partner Ontonix and our joint ability to apply Ontonet Predictive Risk Analytics (PRA) software to extremely complex problems which require different compute processing strategies and technologies.

New Development in Predictive Risk Analytics (PRA) Market

I want to alert you to an interesting new development in the Predictive Risk Analytics (PRA) marketplace.

Workflow Automation for Small Organizations

It is amazing to us how the web is changing how we conduct work, virtually, with team members.

GRC Special Interest Groups (SIG's)

Is your organization looking for experienced web 2.0 developers to create your own virtual platform for hosting meetings, project works, document publishing and a whole range of other collaborative activities?

The True Costs of GRC

The GRC Sphere has a mission. This is to help the industry to define the true costs of GRC. GRC activities span many areas and there has been quite a lot of difficulty in defining them.

GRC Sphere's Tag Line

We recently have added the tag line; "Come for our rich content; Stay for our awesome communities". This statement needs a little explaining.