Click here to access subscription content at The RTJ Bridge - The Premium Version of The RiskTech Journal
〰️
Click here to access subscription content at The RTJ Bridge - The Premium Version of The RiskTech Journal 〰️
The RiskTech Journal
The RiskTech Journal is your premier source for insights on cutting-edge risk management technologies. We deliver expert analysis, industry trends, and practical solutions to help professionals stay ahead in an ever-changing risk landscape. Join us to explore the innovations shaping the future of risk management.
The Risk Ignored — Part 1: Revisiting the Origin Story of a Software Industry
Some of the biggest failures in modern risk management didn't happen because we lacked frameworks. They happened because we misunderstood risk and how it must be managed.
We've built controls. We've stood up compliance programs. We've adopted acronyms and bought technology platforms promising enterprise-wide oversight. Yet risk still slips through the cracks—not because it isn't documented, but because it isn't truly visible and understood.
I've spent 35 years helping organizations—from Fortune 100 giants to growing mid-market firms—face this reality. And the truth is this: risk management has always been more fragmented, political, and performative than most are willing to admit.
“The Risk Ignored” is a documentary-style series of articles I’ve created to give readers exclusive insights into what really happened in the last 25 years of risk management technology development.
Moving Beyond the GRC Mindset - Why Boards Must Rethink Risk for the AI Era
I’m often questioned—sometimes challenged and occasionally attacked—by professionals who are deeply invested in traditional Governance, Risk, and Compliance (GRC) approaches. For many, GRC isn’t just a framework or a set of tools—it’s an identity, a career foundation, and in many cases, a commercial interest. So when I suggest that risk management must evolve beyond legacy GRC models, I’m not just raising a strategic argument—I’m challenging a belief system.
But this is not about abandoning GRC. It’s about recognizing that GRC, in its traditional, siloed, compliance-first form, is no longer sufficient for today’s risk environment.
Bridging the Resilience Gap: Why Integrated Risk Management Outperforms Legacy GRC Solutions
A recent KPMG Risk & Resilience Survey (March 2025) has revealed a concerning reality: most U.S. organizations remain unprepared to handle increasing risk events and broad disruptions. The report highlights that two-thirds to nearly three-quarters of organizations face moderate to strong barriers to managing risk effectively. The survey findings confirm a critical gap in how organizations manage risk and, more importantly, where traditional Governance, Risk, and Compliance (GRC) technologies fall short.
The Myth of Internal Audit Independence: Why It’s Time to Evolve Beyond GRC Thinking
The debate over the true independence of internal audit (IA) has resurfaced with new urgency following the recent high-profile firings of multiple inspectors general (IGs). Government IGs in the United States operate in similar ways to IA in private-sector organizations. Given their similarity, these IG dismissals have sparked controversy within the IA community, with critics arguing they threaten government oversight and accountability. The situation underscores a long-standing issue: IA and IGs are not truly independent, and continuing to believe otherwise does more harm than good.
Beyond GRC: Why IRM is the Next Evolution in Risk Management
Governance, Risk, and Compliance (GRC) is no longer enough. The relentless pace of AI-driven cybersecurity threats, regulatory scrutiny, and digital transformation is rendering traditional GRC models obsolete. Organizations that still rely on static compliance checklists and fragmented risk functions are being left behind in an era that demands continuous, autonomous risk management.
The future of risk isn’t just about compliance—it’s about integration. Integrated Risk Management (IRM) is taking GRC to the next level by fusing it with Enterprise Risk Management (ERM), Technology Risk Management (TRM), and Operational Risk Management (ORM). This shift isn’t incremental; it’s a paradigm change that redefines how risk is managed in a hyper-connected world.
A Pivotal Moment for Integrated Risk Management: Lessons from Oracle's GRC Exit
Oracle's announcement to discontinue its Governance, Risk, and Compliance (GRC) solution by May 2025 marks a significant turning point in the Integrated Risk Management (IRM) landscape. This decision underscores the necessity for unified frameworks that encompass all risk domains: Governance, Risk, and Compliance (GRC), Enterprise Risk Management (ERM), Technology Risk Management (TRM), and Operational Risk Management (ORM). As businesses face increasingly complex regulatory environments and interconnected risks, the need for integrated approaches has never been greater.
Transitioning from Fragmented GRC to Integrated Risk Management: A Path Forward
The IRM approach replaces the traditional, siloed GRC model with a unified framework. By transitioning to IRM, organizations can enhance strategic decision-making, increase operational efficiency, and gain a complete view of risks across the enterprise. This transition is not just about adopting a new framework; it's about unlocking the value of risk management as a strategic asset.
Bridging the GRC Gap: How AI Turns Sci-Fi Dreams into Boardroom Realities
The podcast “GRC After Hours” is more than a discussion on Governance, Risk, and Compliance (GRC); it's an imaginative journey fueled by creative thinking and lively conversations about the world of risk management. Despite the inadvertently deceptive title reminiscent of an old late-night, adult-themed cable TV series, the podcast makes this complex topic surprisingly entertaining. In a recent episode, the conversation explored how AI can revolutionize risk management, much like the warp drive propels the Starship Enterprise to distant galaxies. With insights from Krista AI, the discussion highlighted how integrating advanced technology can turn sci-fi dreams into boardroom realities.
Why Gartner Believes GRC Tools Fall Short in Effective Risk Management
In the evolving landscape of risk management, the need for tools that can adapt to complex and multifaceted risk environments is becoming increasingly apparent. Recent insights from Gartner highlight a significant shift in the way organizations approach risk management, with traditional Governance, Risk, and Compliance (GRC) tools struggling to meet the demands of modern enterprise risk management (ERM) strategies.