Technology does not give you good third-party risk management. Governance does. I’ve said this before about enterprise risk management, but it applies even more profoundly to what we now call… Continue reading Governing the Extended Enterprise: The TPRM Platform I Would Demand

I’ll be exploring this theme in depth at Gameday Ready, London – November 7, 9:00 am–1:00 pm GMT and during the Supplier Risk Resolution Workshop – November 10, 1:00 pm–4:00 pm GMT. Both… Continue reading The Inevitability of Failure: Building Resilience in a World of Uncertainty

Orchestrating Integrity, Performance, and Foresight from the Bridge of the Enterprise The strength of the ship lies not only in its hull or engines, but in how every system —… Continue reading GPRC for Risk, Compliance & Internal Control System

The past several weeks have been a whirlwind of engagement, ideas, and energy — and I wouldn’t have it any other way. Currently, this week is South Africa and continuing… Continue reading Choose Your Own Risk Adventure: From South Africa to a Fortnight in London

In just a few weeks, I’ll be in London for Gameday Ready — an immersive event designed to test how we think, decide, and adapt when the unexpected unfolds. It’s not a… Continue reading Gamification of Risk: The Art of Role-Playing in a Complex Risk World

Shields up! Red alert! On the bridge of the Enterprise, when an unknown anomaly threatens the ship, the crew does not panic — they orchestrate. Helm adjusts course, engineering reroutes… Continue reading GPRC for Operational Resilience: Navigating NIS2 and EU CER: The Expanding Mission of Resilience

When I stepped onto the keynote stage in Miami at Riskonnect Konnect 2025, it felt less like a ballroom and more like a bridge. The room hummed the way a… Continue reading CAPTAIN’S LOG: Choose Your Own Risk Adventure

Technology does not give you good risk management. Strategy does. Risk is everywhere—and that’s not a problem. As I say on the Risk Is Our Business podcast, the organization that is not taking… Continue reading If I Were a CRO: The Risk Platform I Would Demand (Through the Lens of an Analyst)

The Enterprise Bridge for Digital Trust in the European Union On the bridge of a starship, everything is connected. Navigation depends on sensors, sensors depend on power, power depends on… Continue reading GPRC for Operational Resilience: Delivering on DORA

This week I’m back in the United Kingdom—wall-to-wall engagements, packed rooms, and board-level urgency. Two themes are dominating every corridor conversation and every executive session: They’re not separate stories. They’re… Continue reading Not Your Father’s Information Security Program: Digital Risk & Resilience by Design

The week began with two very different conversations that echoed the same theme. One was with a major U.S. healthcare organization grappling with how to stay ahead of regulatory change.… Continue reading Policy Management and RegTech: Orchestrating Governance in an Age of Regulatory Uncertainty

Policies are more than documents on a shelf. They are the DNA of organizational integrity, the framework that defines culture, directs behavior, and provides accountability in times of scrutiny. When… Continue reading Policy Management by Design: From Chaos to Culture