It’s tempting to think of Enterprise Risk Management (ERM) as the central hub of your risk program. However, stopping at ERM limits an organization’s ability to fully manage risk and… Continue reading Why Your GRC Program Should Cover More Than Just ERM: The Critical Link to Operational Resilience

The compliance technology and broader GRC solution landscape are more complex than ever, and becoming a better buyer means more than just asking the right questions—it requires cutting through the… Continue reading Becoming a Better Compliance Technology Buyer: Cutting Through the Noise

Risk management, for many organizations, is an exercise in analyzing the past—looking at what went wrong and how it can be avoided in the future. Too often, it’s as though… Continue reading Navigating the Multiverse of Risk: Building Agility into Our Approach to Risk Management

The modern regulatory landscape is evolving at an unprecedented pace. Organizations across industries are facing a deluge of new regulations, amendments to existing laws, and enforcement actions that can overwhelm… Continue reading Automating Compliance: A Necessity for Modern Compliance

In J.R.R. Tolkien’s legendary Middle Earth saga, with The Lord of the Rings movies and the current Rings of Power series, the Palantír—a magical seeing stone—grants its user the ability… Continue reading Gazing into the Palantir of Risk: A Tolkien-Inspired Journey into Emerging Risks

In the realm of organizational governance, there is often confusion between risk management and compliance management. While both functions are integral to the overall health and sustainability of an organization,… Continue reading Risk Management vs. Compliance Management: Understanding the Distinction

It’s not enough to have the right policies in place — you have to embed those policies into the fabric of your organization. In today’s fast-paced and interconnected business world, ensuring… Continue reading People and Policy: Building Compliance and Ethics into Your Company’s DNA

Risk management is an evolving discipline, especially in today’s interconnected world, where risks are no longer isolated. They often have cascading effects, where one risk can trigger or amplify others,… Continue reading Germany’s IDW PS 340 Auditing Standard: Understanding Risk Correlation

How Poor Risk Management Sunk the Unsinkable, and Lessons Learned in Identifying Blind Spots in the Modern Threatscape The story of the Titanic is one of the most infamous disasters… Continue reading The Titanic: A Case Study in Flawed Risk Management

In the rapidly evolving landscape of governance, risk management, and compliance (GRC), information security is undergoing a significant transformation. This evolution reflects the growing complexity and interconnectedness of digital risks… Continue reading A New Era: Embracing the Role of Digital Risk & Resilience

For many years, the global compliance landscape was dominated by a checkbox-driven approach, primarily led by the United States. Compliance programs in the U.S. focused on prescriptive rules, and adherence… Continue reading Increased Demand for Evidence-Based Compliance: EU Surpasses the USA

Risk management, when done effectively, is both an art and a science, requiring a careful balance of top-down strategic insight in the context of the organization’s objectives and bottom-up operational… Continue reading The Tunnel of Eupalinos: a Blueprint for Connecting Strategic and Operational Risk & Resilience