Tagged: grc

GRC: Governance, Risk Management, Compliance. GRC typically encompasses activities such as corporate governance, enterprise risk management (ERM) and corporate compliance with applicable laws and regulations.


Could your cloud be deleted?

Are a username and password all that stand between you and total loss? Is your organisation’s IT health solely dependent on another company’s financial health? As part of deciding to embrace cloud services, you must be able to identify a new set of risks to business continuity that perhaps weren’t a concern previously. Here’s just two… Bankruptcy  You’ve decided to outsource your application to a SaaS (Software as a Service) or other public cloud provider.  In large scale SaaS contracts, considerable attention is rightly placed on Service Level Agreements (SLAs) to ensure the availability of the application to the business.  But what happens when an SLA can’t protect you? Have you considered  how your business may continue to function if your cloud service was withdrawn without notice,...


The risk within self audit risk assessments

No one knows the risks inherent to an asset better than those who work with the asset. That is why self audit has been around for years. It allows the audit team to get to the hidden details, while distributing the discovery phase of the workload to outside of the audit team. When I first started working with self assessment audits, the sessions were typically moderated by an experienced risk assessor. The moderator would ensure likelihoods and impacts were accurately recorded and (s)he would use an auditor’s experience to help interpret and guide the answers. Since then, Risk and Audit teams have been placed under increasing pressure to do more with less. I have noticed a trend to remove the moderator for the self-assessments, and take the self-assessor’s word...