Organizations today operate within an extended enterprise, a complex ecosystem of third-party relationships that span suppliers, contractors, outsourcers, service providers, and other business partnerships. One of the greatest governance, risk… Continue reading The Extended Enterprise: Tackling the Complexities of Third-Party Governance, Risk, and Compliance

The following article, Reframing Integrated Risk Management: A Historical Perspective on GRC’s Evolution, was originally published by Michael Rasmussen on our sister site, www.GRCreport.com . . . Key Takeaways Deep… Continue reading Reframing Integrated Risk Management: A Historical Perspective on GRC’s Evolution

This past week in London was truly a whirlwind of GRC insights, discussions, and deep dives into the future of risk and resilience management. Across multiple events and countless conversations,… Continue reading GRC Reflections from London – Risk & Resilience Management in a Dynamic Extended Enterprise

“But he hasn’t got anything on!”—The Emperor’s New Clothes, Hans Christian Andersen The Fable and the Analogy Hans Christian Andersen’s tale of “The Emperor’s New Clothes” tells of a vain… Continue reading The ServiceNow Emperor Has No GRC Clothes (Or Needs a Better Tailor)

In recent years, Environmental, Social, and Governance (ESG) initiatives have become a lightning rod in political discourse. Critics have reduced ESG to ideological talking points—especially on issues such as climate… Continue reading Rethinking ESG: Rediscovering the Meaning of Stewardship

In today’s rapidly evolving world, the risk landscape is changing faster than ever. We’ve witnessed firsthand the mounting challenges organizations face with an increasingly complex web of regulatory requirements, cyber… Continue reading Regulatory Complexity, Operational Resilience, Cyber Risk, and AI: Key GRC Imperatives for 2025

The global business landscape today is a complex web of interconnected organizations—the extended enterprise. This interconnectedness delivers unprecedented opportunities for growth, efficiency, and innovation. However, it simultaneously amplifies risk exposure,… Continue reading Navigating the Storm: Strengthening Third-Party Governance and Risk Management in Your Extended Enterprise

In the past several months, my family has faced a deeply personal challenge — my wife’s battle with breast cancer. Observing her journey through six rounds of chemotherapy, with upcoming… Continue reading Navigating Uncertainty: What My Wife’s Cancer Revealed About Strategic, Environmental, and Operational Resilience

A small, obscure, and misguided segment of the analyst community promotes Integrated Risk Management (IRM) as a replacement for Governance, Risk Management, and Compliance (GRC). This group incorrectly portrays GRC… Continue reading Putting IRM in its Proper GRC Context

No organization is an isolated entity. It is part of an extended enterprise of suppliers,vendors, service providers and other third parties. This complex web of relationships drives efficiency and innovation,… Continue reading Proactive third-party risk management: A governance-based strategy

In today’s rapidly evolving regulatory landscape, organizations face an increasingly complex and dynamic environment where managing compliance obligations demands agility, efficiency, effectiveness, resilience, and innovation. At the intersection of technology… Continue reading Navigating the RegTech Universe: Charting a Path Through a Maze of Offerings

In my previous post, The Death of the CISO: A Eulogy & Reincarnation, I argued that the traditional role of the Chief Information Security Officer (CISO) is evolving—or rather, undergoing a… Continue reading Rise of the Digital Trust & Resilience Officer: Death of the CISO, Part 2