*You might use terms like internal controls, SOX, CSOX, ICFR (Internal Control Over Financial Reporting), compliance, regulatory, or internal audit too.

For many of you, especially if you work in a larger or more established organization, your GRC program is probably at a mature state by now. That is a good thing (for the most part). But stability brings with it new challenges and opportunities, including the need to fight complacency, raise the bar in what we do, and meet the demands of today’s demanding economy and changing workforce.

This guide on Avoiding Risk is NOT a Strategy – How to Get More Value out of Your Governance, Risk, and Compliance Program is designed to help seasoned GRC professionals to take their programs to the next level through new energy, ideas, and enthusiasm. It shares a smorgasbord of some of our favorite GRC concepts covering topics including Entity Level Controls, *Design 2.0*, Risk Management Models, and 5 Principles for Better GRC.

We hope that you enjoy!

Please contact [email protected] if you have any comments or questions.