The whole issue of mandatory auditor rotation--often referred to as term limits for auditors--has been discussed ad nauseam in recent months.

Supervision has been a big enforcement priority for years, and there has been more than a few failure to supervise charges.

It's no secret that companies are increasingly relying on third parties for core business processes.

There's no shortage of consulting firms pitching GRC solutions these days, and most of them will talk about integrated approaches, inevitably using the term holistic.

Jamie Dimon was recently asked if the bank's $2 billion trading loss was the result of any broken laws or SEC rules.

The Association of Certified Fraud Examiners issued its first comprehensive report on the costs, methodologies and perpetrators of fraud within organizations in 1996. Since then, it has published six more follow-up studies.

When we talk about risk management in this publication, we're often talking about IT risk management and financial reporting risk management, which are no doubt important.  But the whole idea of risk management has expanded greatly.

When the discussion turns to compliance, we often hear a variation on the following: All those GRC programs implemented at tremendous cost will not mean a thing if the company doesn't work hard to instill a culture of compliance and ethics.

Deals in the governance, risk management and compliance (GRC) software market were all the rage the last two years.

In some ways, we've only scratched the surface when it comes to Big Data applications.

Many of you probably do not recall that Section 342 of Dodd-Frank requires the establishment of 20 Offices of Minority and Women Inclusion at regulatory agencies.

After the Wal-Mart FCPA scandal erupted in headlines around the world, media outlets reported that the company had named a FCPA compliance officer.

The Public Company Accounting Oversight Board (PCAOB) has shown a commendable willingness under chairman James Doty to wade into controversial areas that has put the board in some crosshairs.

It's been noted before that the appellate court ruling that struck down the so-called proxy access rule, which had previously been hailed as a major "reform" passed as part of Dodd-Frank, was the shot heard around the economy.

Companies skimp on security software at their peril these days. This is of course good news for the top security vendors, which all enjoyed a terrific 2011

The whole idea of corporate compliance can be overwhelming, as the new rules seem to crop up frequently at the federal and state levels and existing rules seem to constantly shift.

The Wal-Mart scandal over alleged Foreign Corrupt Practices Act violations--detailed by the New York Times--continues to  reverberate, as federal prosecutors step up their investigation.

In the heavily-regulated financial services industry, strong content management systems are essential to strong governance, risk management and compliance (GRC) programs.

The intent of David Nosol may seem familiar to many of you.

We've long suggested that while fraud by outside criminals gets the majority of media coverage, the threat of internal fraud is just as pressing and perhaps even more consequential.

The poster boy of the crime-doesn't-pay, post-Enron era was Jeff Skilling, the hard charging CEO of the firm who was sentenced to 24 years in prison for fraud.

In many ways, the GRC industry has made great gains over the past few years, especially as premier vendors and independent companies alike continue to enjoy success.

In a truly arresting investigative report, the New York Times lays bare a shocking program of company-authorized bribery at Wal-Mart, a company which has touted its high ethical standards, and a weak subsequent internal probe.

Few industries have suffered like the financial services industry has recently.

Back in October, the SEC issued CF Disclosure Guidance: Topic #2, which was all about corporate disclosure obligations regarding cyber-security risks and cyber-incidents.