CastleHill Managed Risk Solutions Blog

Capturing the "First and a Half" Line of Defense

Posted by Timothy Carbery on Dec 5, 2018 4:06:49 PM

The concept and definition for the First, Second and Third Line of Defense roles have been established for many years. However, the neat categorization of the lines of defense rarely cover the intermediate “First and a half” Line of Defense that operates between the First and Second Line. As a risk management service provider and a broad GRC transformation and advisory firm, CastleHill actively performs in that intermediary role for our clients. Recently, we have both been witnessing and driving an evolution of the First and a half Line of Defense responsibilities across our clients that is raising the risk identification bar and helping to reduce the noise. Though we partner with many different GRC technology providers we must drive consistency across those tools, implementations, and frameworks to achieve our required level of efficiency. To reduce the reliance on our First and a half Line of Defense and increase the effectiveness of our client’s risk frameworks,  we needed to institute a change of approach to achieve the desired value and insights from the risk management processes and investments.

Read More

Topics: GRC, Platforms & Software, Insider, Policy and Procedure Management

Managing Regulatory Changes – Thankless Job or Hidden Gem

Posted by Joseph Santangelo on Feb 12, 2018 12:02:11 PM

Managing Regulatory Changes – Thankless Job or Hidden Gem

Read More

Topics: Risk Management, GRC

Do You Really Know Where Your Data Resides?

Posted by Michael Duggan on Aug 3, 2017 2:10:00 PM

What you don’t know can hurt you. With the constant pressure of streamlining and creating cost-effective operations, outsourcing of core processing and data management to domestic third-parties by the banking and insurance industries has been common practice for many years. Although this practice is common and in most cases quite necessary, it is still important for an organization to ask the question of where their customer’s data will be stored when leveraging a third party.   

Read More

Topics: GRC

Evaluating Governance, Risk, and Compliance (GRC) for Protected Health Information

Posted by Michael Duggan on May 2, 2017 11:44:52 AM

How Do Your Risk & Compliance Programs Stack Up?Do you know where your healthcare organization stands when it comes to evaluating and managing your Governance, Risk, and Compliance (GRC) for Protected Health Information (PHI)?

Read More

Topics: GRC, healthcare

Evaluating Your GRC Capability

Posted by Michael Duggan on Apr 17, 2017 4:28:55 PM

In Risk Management, sometimes you need to step back and evaluate the organizational landscape. You do this to understand what changes have taken place that either improved capability and capacity or diminished overall effectiveness. Engaging in this exercise will provide fresh perspective and the opportunity to understand where gaps exist, allowing you to prioritize activities going forward that remediate some of the observed shortfalls. So, why don’t more risk professionals do this? Well, we could make a long list of reasons, all of which are legitimate, but probably really cynical and unhelpful.

Read More

Topics: GRC