Governance, Risk Management, and Compliance: It Can't Happen to Us--Avoiding Corporate Disaster While Driving Success

I really like this book. It is an easy ready and a great reference for anyone who wants to understand Enterprise Risk Management (ERM) and governance. In addition, it is a nice resource for Board Members who want to understand their role on overseeing risk and how risk impacts the business. The author is recognized and demonstrates solid knowledge.

👍🏼

The book was an easy read and one that you can go through without putting down. As a risk professional, it was a great reminder of somethings, but also provided enough subject matter expertise that I learned some new ideas and ways of thinking about other things that I already knew. Highly recommend this for any new or mid-level risk managers.

Good.....insightful read

Although its intended audience is primarily senior corporate executives and board members, this book delivers on its stated purpose and jacket promotions and serves as an excellent how-to manual for any security manager.Governance, Risk Management, and Compliance deals with the principles that result in long-term success for organizations large or small. The author presents the three top success indicators of an organization--effective organizational governance, proactive response to risk management issues, and strict adherence to compliance procedures. These define an ethical organization, and security managers need to master them.According to the author, governance, risk management, and compliance (GRC) activities are too often thought of as insignificant "plumbing" in the depths of an organization, but in reality, it is these very activities that often determine whether a company wins or loses in a marketplace. Senior management teams may be overly confident that the pitfalls and failings of peers and subordinates can't possibly happen in their companies, on their watch. However, the high-profile failings of the big oil companies, real-estate moguls, and financial institutions are vivid examples cited by the author to prove his case.The book points out common pitfalls to bottom-line success, such as becoming intractably overcommitted to one strategy, being reluctant to acknowledge past mistakes, and creating an environment that makes it difficult to raise concerns about critical issues. With the author's clear guidance on aligning processes and technology with organizational strategy, goals, and values, the book explains how to help protect a company from financial and reputational risk, costly litigation, and government intervention.The author takes the novel stance that risk management is not about what has happened, nor about the problems that need to be dealt with, but about what could happen and the urgent need for proactively managing the risk. He wisely reminds the reader that the single most significant driver for a company's culture and subsequent success is not the code of conduct or other policies, but the actions of senior management in carrying out GRC.One modest weakness about the book is that the author doesn't hesitate to name the failures but refrains from identifying the large companies who are most successful in applying the book's principles.Reviewer: William S. Cottringer, Ph.D., is executive vice-president for employee relations with Puget Sound Security. He has held security management positions in the military and public and private sectors since 1962. He is the author of eight books and more than 500 professional articles. He has been an active member of ASIS for more than 20 years.

Nearly all governance, risk management and compliance materials available to executives are written either from such a lofty altitude that they convey only unhelpful generalities and no way forward, or so far down in the weeds that they generate a dizzying mass of discouraging detail. Rick Steinberg's central role in the creation of COSO and his decades of practical experience and published commentary have given him a unique appreciation of what executives really need to know to inspire and guide their organizations forward in the crucial areas of corporate process and engagement. Rick's book is a must-read for executives and their advisors so that they can face governance, risk management and compliance from a constructive intellectual and process perspective with due regard for the actual circumstances in which their predecessors, colleagues and competitors have and will no doubt again and again fall into the traps of the ill-conceived and ill-prepared.

The elements of strong corporate governance are lucidly explained by author Rick Steinberg with the right balance between conceptual and practical. Too often books in this field are so conceptual as to be close to useless, or so academic as to bear little relation to the complexities of a fast moving real-life corporation. It also indicates an understanding of the costs and effort to get it right, the tradeoffs that must be made, and the scarcity of executive and Board time and comprehension, of complex fast-moving corporate entities. The inclusion of analysis of some of the current controverisies over Board practices--BP and HP for example--render it more alive and timely than many more stultifying entries. As a Chairman or CEO for over 25 years, I can appreciate the scope and practicality of this guide.

I was looking for a good baseline to understand the GRC market.