Every great mission eventually faces the same question: How do we know we are truly on course? On the bridge of a starship like the U.S.S. Enterprise, the crew does not rely on hope, intuition, or good intentions to answer that question. They rely on sensors, diagnostics, verification systems, and independent confirmation that the ship is…

There was a time when organizations could reasonably assume that the environment in which they operated would remain relatively stable. Markets moved slowly, regulation kept pace, and disruptions were occasional; not constant. Disruption occurred, but it was episodic rather than systemic. That world no longer exists.  Today’s enterprise operates in a more complex and rapidly changing environment. Geopolitics shift overnight, regulations expand across borders, and technology increases…

Governing the Extended Enterprise as a Living System There is a fundamental shift underway in governance, risk management, and compliance that many organizations have not yet fully internalized: the enterprise no longer ends at its legal boundary, brick and mortar walls, or traditional employees. The extended enterprise — the network of suppliers, cloud providers, agents,…

In nearly every organization I speak with, sustainability and ESG are now part of the conversation. Not just in annual reports or investor decks, but in strategy sessions, risk workshops, board discussions, and even operational resilience planning. The reasons vary — regulations, investor expectations, customer demands, talent attraction, reputational pressure — but the direction is unmistakable.…

I have reached a point in my research, advisory work, and ongoing dialogue with boards, executives, regulators, and technology providers where incremental language no longer feels responsible. The signals are too strong, the failures too visible, and the velocity of change too unforgiving. Digital risk and resilience are no longer peripheral concerns managed through documentation…

A Call to Action at an Architectural Inflection Point This article builds directly on last week’s analysis, GRC at the Architectural Crossroads: Why Legacy Platforms Must Rebuild to Survive, where I argued that many governance, risk management, and compliance platforms have reached the limits of architectures designed for a slower, simpler era. That piece examined why…

A View Earned Over Time I do not come to this perspective lightly, nor is it driven by the latest technology trend or marketing cycle. I have been immersed in GRC technology for more than twenty-six years. I defined the GRC acronym in 2002. I authored the first Forrester GRC Waves when the market was…

Orchestrating Stability, Trust, and Execution Integrity on the Most Pressurized Deck of the Enterprise There are few industries where the consequences of failure arrive as quickly — and as publicly — as they do in financial services. A manufacturing firm can experience a production disruption and recover over days. A retailer can absorb a supply…

Each year, when the World Economic Forum releases its Global Risks Report, I see leaders react in a familiar way. They circulate the visuals, discuss the rankings, highlight what feels immediate, and then quietly move on. It becomes a useful talking point — something we nod to as evidence that the world is “more complex” and…

As we move toward 2026, I find myself increasingly uneasy with how many organizations talk about operational resilience. Not because they are ignoring it, quite the opposite. Most financial institutions, and a growing number of organizations beyond financial services, have invested heavily in resilience over the past several years. Frameworks are in place. Programs exist.…

Resilience, When You Don’t Get to Choose the Disruption As 2025 draws to a close, many people around the world are entering a season of reflection. Whether marked by Christmas, Hanukkah, the New Year, or other traditions, this is a time when we pause, look back on what the year demanded of us, and consider…

For more than twenty years, risk management has been shaped by the gravitational pull of Sarbanes-Oxley. SOX arose from a genuine crisis of trust, and its intentions were honorable: to reinstate accountability, protect investors, and restore faith in financial reporting. But its unintended legacy has been far larger and far more limiting. Instead of elevating…