A Structural Break, Not a Cycle By the end of this decade, the governance, risk management, and compliance (GRC) market will be almost unrecognizable. Not because a few new tools… Continue reading Risk Is Our Business: Why the GRC Market of 2030 Will Look Nothing Like Today

Technology does not give you good third-party risk management. Governance does. I’ve said this before about enterprise risk management, but it applies even more profoundly to what we now call… Continue reading Governing the Extended Enterprise: The TPRM Platform I Would Demand

I’ll be exploring this theme in depth at Gameday Ready, London – November 7, 9:00 am–1:00 pm GMT and during the Supplier Risk Resolution Workshop – November 10, 1:00 pm–4:00 pm GMT. Both… Continue reading The Inevitability of Failure: Building Resilience in a World of Uncertainty

Orchestrating Integrity, Performance, and Foresight from the Bridge of the Enterprise The strength of the ship lies not only in its hull or engines, but in how every system —… Continue reading GPRC for Risk, Compliance & Internal Control System

The past several weeks have been a whirlwind of engagement, ideas, and energy — and I wouldn’t have it any other way. Currently, this week is South Africa and continuing… Continue reading Choose Your Own Risk Adventure: From South Africa to a Fortnight in London

In just a few weeks, I’ll be in London for Gameday Ready — an immersive event designed to test how we think, decide, and adapt when the unexpected unfolds. It’s not a… Continue reading Gamification of Risk: The Art of Role-Playing in a Complex Risk World

Shields up! Red alert! On the bridge of the Enterprise, when an unknown anomaly threatens the ship, the crew does not panic — they orchestrate. Helm adjusts course, engineering reroutes… Continue reading GPRC for Operational Resilience: Navigating NIS2 and EU CER: The Expanding Mission of Resilience

When I stepped onto the keynote stage in Miami at Riskonnect Konnect 2025, it felt less like a ballroom and more like a bridge. The room hummed the way a… Continue reading CAPTAIN’S LOG: Choose Your Own Risk Adventure

Technology does not give you good risk management. Strategy does. Risk is everywhere—and that’s not a problem. As I say on the Risk Is Our Business podcast, the organization that is not taking… Continue reading If I Were a CRO: The Risk Platform I Would Demand (Through the Lens of an Analyst)

The Enterprise Bridge for Digital Trust in the European Union On the bridge of a starship, everything is connected. Navigation depends on sensors, sensors depend on power, power depends on… Continue reading GPRC for Operational Resilience: Delivering on DORA

This week I’m back in the United Kingdom—wall-to-wall engagements, packed rooms, and board-level urgency. Two themes are dominating every corridor conversation and every executive session: They’re not separate stories. They’re… Continue reading Not Your Father’s Information Security Program: Digital Risk & Resilience by Design