Risk management is an evolving discipline, especially in today’s interconnected world, where risks are no longer isolated. They often have cascading effects, where one risk can trigger or amplify others,… Continue reading Germany’s IDW PS 340 Auditing Standard: Understanding Risk Correlation

How Poor Risk Management Sunk the Unsinkable, and Lessons Learned in Identifying Blind Spots in the Modern Threatscape The story of the Titanic is one of the most infamous disasters… Continue reading The Titanic: A Case Study in Flawed Risk Management

In the rapidly evolving landscape of governance, risk management, and compliance (GRC), information security is undergoing a significant transformation. This evolution reflects the growing complexity and interconnectedness of digital risks… Continue reading A New Era: Embracing the Role of Digital Risk & Resilience

For many years, the global compliance landscape was dominated by a checkbox-driven approach, primarily led by the United States. Compliance programs in the U.S. focused on prescriptive rules, and adherence… Continue reading Increased Demand for Evidence-Based Compliance: EU Surpasses the USA

Risk management, when done effectively, is both an art and a science, requiring a careful balance of top-down strategic insight in the context of the organization’s objectives and bottom-up operational… Continue reading The Tunnel of Eupalinos: a Blueprint for Connecting Strategic and Operational Risk & Resilience

Denmark is often lauded for its high quality of life, progressive social policies, and exemplary governance. However, there is something more subtle yet profoundly impactful that one notices when visiting… Continue reading Ethics, Compliance & Risk Culture in Denmark: A Model of Orderliness and Mindfulness

In today’s rapidly evolving business landscape, risk management is no longer just about avoiding pitfalls—it’s about navigating the uncertain waters of opportunity and danger with agility and resilience. The modern… Continue reading Beyond the Heatmap: Rethinking Risk Management for the Modern Age

Effective policy management is critical to maintaining organizational integrity, compliance, and operational efficiency. Yet, many organizations remain trapped in outdated, manual processes that create a mess of confusion, inefficiency, and… Continue reading Modernizing Policy Management: The Urgent Need for Automation

In today’s interconnected world, the relationships that businesses forge with third parties are akin to friendships—built on trust, integrity, and resilience. Just as strong friendships require shared values, ethical behavior,… Continue reading Strengthening the Bonds of the Extended Enterprise: A Unified Approach to Third-Party Risk Management

I am sure this will be controversial, many love their role and title. First, some perspective . . . my career started in IT security. I cut my GRC teeth… Continue reading The Death of the CISO: A Eulogy & Reincarnation

I love feudal Japan! After my love for medieval Europe is my love for feudal Japan. Perhaps they are on par with each other as both of these eras excite… Continue reading Seven AI Samurai of GRC: Protecting the Organization

This past week has seen a global risk event in the Crowdstrike/Microsoft outage that illustrates the need for organizations to address risk and resilience management . . . Risk management… Continue reading Understanding the Interrelationship of Risk and its Impact on Operations