No organization is an isolated entity. It is part of an extended enterprise of suppliers,vendors, service providers and other third parties. This complex web of relationships drives efficiency and innovation, but it also introduces significant risk and resilience challenges. Ensuring the reliability, integrity, compliance and resilience of third-party relationships is no longer a best practice,……

In today’s rapidly evolving regulatory landscape, organizations face an increasingly complex and dynamic environment where managing compliance obligations demands agility, efficiency, effectiveness, resilience, and innovation. At the intersection of technology and regulation, RegTech has emerged as a pivotal component/segment within the broader Governance, Risk Management, and Compliance (GRC) market, offering transformative solutions that enable organizations……

In my previous post, The Death of the CISO: A Eulogy & Reincarnation, I argued that the traditional role of the Chief Information Security Officer (CISO) is evolving—or rather, undergoing a necessary transformation. The response was overwhelming, with over 100,000 views on LinkedIn alone, demonstrating that this shift is not only necessary but deeply resonant across……

Regulatory frameworks define how businesses operate, innovate, and ensure compliance in different jurisdictions. When comparing the regulatory landscapes of the European Union (EU) and the United States (US), a stark contrast emerges. While both regions aim to balance economic growth with governance, their priorities and methodologies differ significantly. Principles vs. Prescription: A Cultural and Regulatory……

Too many Governance, Risk Management, and Compliance (GRC) programs are fundamentally backward. Instead of starting with objectives, they focus on compliance checklists or risk registers, often relegating objectives to an afterthought (tags to a risk) — if they are considered at all. What many organizations practice is not true GRC but rather CRG (Compliance, Risk,……

Environmental, Social, and Governance (ESG) is a growing challenge for organizations to manage and report on. It has become a core part of corporate strategy, driven by values, stakeholder expectations, and regulatory requirements, such as the EU Corporate Sustainability Reporting Directive (CSRD) which impacts 50,000 firms that have to report annually. With over 1,100 data……

While the USA is going in different directions, and the EU considers streamlining and integrating requirements later this month, the global landscape of Environmental, Social, and Governance (ESG) reporting has fundamentally changed with the European Union’s Corporate Sustainability Reporting Directive (EU CSRD) first wave of corporate reports being published in 2025. Last week was intense……

What an exhilarating few weeks! My recent travels have taken me across the Middle East, London, Utrecht, and Stockholm, engaging with organizations and professionals across the governance, risk management, and compliance (GRC) landscape. The energy and focus on risk management, regulatory compliance, ESG, and corporate governance have been evident in every discussion, workshop, and meeting.……

Driving a car is a perfect analogy for understanding the principles of risk and resilience management. When we drive, we have an objective: a destination to reach. Similarly, in business, risk management begins with understanding objectives. According to ISO 31000, risk is defined as “the effect of uncertainty on objectives.” Achieving our goals—whether personal, organizational,……

As 2024 comes to a close, it’s been a year of significant activity and transformation in the Governance, Risk Management, and Compliance (GRC) space. This year marked another milestone in GRC 20/20’s journey, with a record number of engagements, RFP support and guidance to buyers, research inquiries, and strategic advisory sessions across the globe. With……

Winston Churchill once remarked, “True genius resides in the capacity for evaluation of uncertain, hazardous, and conflicting information.” In today’s complex and rapidly evolving world, this quote rings truer than ever. For organizations navigating governance, risk management, and compliance (GRC), the ability to assess and act upon uncertain, hazardous, and conflicting information is paramount to……

The regulatory landscape for Environmental, Social, and Governance (ESG), operational resilience, and third-party risk management (TPRM) is undergoing a profound transformation. Organizations across Europe—and those operating within European supply chains—are feeling the impact of the looming EU Corporate Sustainability Due Diligence Directive (CSDDD) as well as the EU Digital Operational Resilience Act (DORA). These regulations……