The RiskTech Journal
The RiskTech Journal is your premier source for insights on cutting-edge risk management technologies. We deliver expert analysis, industry trends, and practical solutions to help professionals stay ahead in an ever-changing risk landscape. Join us to explore the innovations shaping the future of risk management.
The NC State ERM Summit Just Proved the COSO Survey Right
Last week, more than 110 enterprise risk management practitioners gathered at NC State's Poole College for the 2026 ERM Roundtable Summit. The case studies they shared were compelling. The programs they described were mature, relationship-driven, and genuinely effective at connecting risk functions across large, complex organizations. They also illustrated, with striking precision, exactly why the COSO/Crowe survey published earlier this year found that only 7 percent of ERM programs are seen as strategic partners by the business.
That is not a criticism of the practitioners. It is a diagnosis of where most ERM programs sit on the maturity curve, and what the next investment must accomplish to move beyond it.
Why Your ERM Program Cannot Get a Seat at the Strategy Table
Every chief risk officer reading this knows the conversation. The CEO asks what the top three strategic risks are this quarter. The answer comes from a quarterly risk register refresh and a heat map. The CEO nods, thanks the CRO, and moves on. Nothing changes.
The new COSO/Crowe practitioner guide, From Guidance to Action: Exploring Practical Enterprise Risk Management, just put a number on how widespread this pattern is. Ninety-three percent of enterprise risk management programs are stuck on the wrong side of the strategy conversation, and the reason is not what most risk leaders have been told.
Security Complexity Is Strangling Your Bottom Line—IRM Platforms Can Save It
By now, it’s obvious: complexity has become the Achilles’ heel of cybersecurity and enterprise risk management (ERM). In a recent study from the IBM Institute for Business Value—Capturing the Cybersecurity Dividend: How Security Platforms Generate Business Value—researchers found that companies juggle an average of 83 different security solutions, sourced from 29 distinct vendors. Beyond the technology overload lies a crucial lesson for risk leaders: more point solutions do not necessarily translate into better protection.
Why ERM and GRC Are Failing—And How IRM Can Fix It
The old approach—managing risk in silos with disconnected ERM and GRC teams—is no longer sustainable. Forward-thinking organizations are transitioning to Integrated Risk Management (IRM), a framework that unifies ERM, GRC, Technology Risk Management (TRM), and Operational Risk Management (ORM). IRM aligns risk oversight with business objectives, enabling organizations to proactively anticipate, mitigate, and leverage risk.
Companies that fail to adopt IRM will struggle to keep up with regulatory changes, technological disruptions, and board expectations. The time for IRM is now.
Transitioning from Fragmented GRC to Integrated Risk Management: A Path Forward
The IRM approach replaces the traditional, siloed GRC model with a unified framework. By transitioning to IRM, organizations can enhance strategic decision-making, increase operational efficiency, and gain a complete view of risks across the enterprise. This transition is not just about adopting a new framework; it's about unlocking the value of risk management as a strategic asset.
The Siloed Nature of ERM: A Barrier to Comprehensive Risk Management
A recent report by the Association International Certified Professional Accountants (AICPA) and North Carolina State University’s ERM Initiative highlights a critical challenge in enterprise risk management (ERM): its isolation from other risk disciplines. Despite the growing complexity and volume of corporate risks, only 37% of organizations report having complete ERM processes, with 30% rating their risk management “mature” or “robust”.
2024 Risk Management Insights: What Every Board Member Needs to Know
Understanding the dynamics of risk management is critical for audit committees and boards of directors in the ever-evolving corporate governance landscape. The recent CAQ-Deloitte 2024 Audit Committee Practices Report and Wheelhouse Advisors' 2024 IRM Navigator™ Annual Viewpoint Report provide comprehensive insights into these dynamics. These reports highlight the increasing significance of Enterprise Risk Management (ERM) and Integrated Risk Management (IRM) technology, shedding light on their critical roles in navigating today's complex risk environment. This article delves into the key findings of these reports, exploring how IRM technology bridges the gap between ERM, Operational Risk Management (ORM), Technology Risk Management (TRM), and Governance, Risk, and Compliance (GRC).
The Maestro of IRM: Conducting the Masterpiece of Modern Risk Management
In the intricate world of risk management, where every decision plays a crucial part in the overall performance of a business, envisioning the integrated approach of governance, risk, and compliance (GRC) alongside Technology Risk Management (TRM), Operational Risk Management (ORM), and Enterprise Risk Management (ERM) as a symphony orchestra offers a compelling narrative.
Why Gartner Believes GRC Tools Fall Short in Effective Risk Management
In the evolving landscape of risk management, the need for tools that can adapt to complex and multifaceted risk environments is becoming increasingly apparent. Recent insights from Gartner highlight a significant shift in the way organizations approach risk management, with traditional Governance, Risk, and Compliance (GRC) tools struggling to meet the demands of modern enterprise risk management (ERM) strategies.