So, what is risk-based compliance? It seems to be a must-have term on any compliance website, and certainly for compliance software vendors. But what does it mean? For many, compliance is not risk related. While they understand the law is in place to protect consumers, investors, and countries against a certain risk, there is no arguing. You simply implement it, and adhere.Read more
New release generally available: BWise 4.1 Service Pack 4.1
So now the latest BWise release is officially generally available. Its full name is BWise 188.8.131.52 (so service pack 4.1 of release 4.1). Sorry, a bit confusing numbering scheme, but the only thing you really need to know is that its again a great release. And yes, some bugs have been harmed in the process.Read more
Gartner Magic Quadrant for Enterprise Governance, Risk and Compliance 2013
So, Gartner published its Magic Quadrant on Enterprise Governance, Risk Management and Compliance (GRC) again. Always interesting to see how external analysts view the market. Good to see, the number of Leaders has gone down from 9 to 7, and of course even better for us that NASDAQ OMX BWise is among the leaders. And we intend to stay there, and we have some great plans to make that work.Read more
Conflict Minerals Just another compliance issue?
One of the hottest new topics in the regulatory landscape is the issue of Conflict Minerals. This is especially true in the US, but it also has a global impact throughout the supply chains of major corporations. The Conflict Minerals Statutory Provision, part of the comprehensive Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, is a more narrowly focused piece of legislation (Section 1502). This legislation will have deep and continuous implications for publically-traded companies headquartered or operating in the US. At its most fundamental the legislation means that companies need to be able to report that none of the products they sell include conflict minerals, ultimately specific minerals (often referred to as 3TG´s) from the Democratic Republic of Congo and the neighboring regions.Read more
How do IT Risks relate to Enterprise Risks?
Traditionally, IT risk management is treated as a somewhat separate silo in Enterprise Risk Management. This is caused by the organizational allocation of IT Risk, separate from other corporate risks. Another challenge is the risk language that is used in IT risk management, which is different from the language in Enterprise Risk Management. The ISO 31.000 standard for instance doesnt even include the term Vulnerability, whereas vulnerability is a pivotal term in most IT risk management methodologies. ISO 31.000 does use the word threat, once, but only in general terms. Threat is a key term in IT risk management. These terms can be translated to the business world, but they are generally only used in IT risk.Read more