Click here to access subscription content at The RTJ Bridge - The Premium Version of The RiskTech Journal
〰️
Click here to access subscription content at The RTJ Bridge - The Premium Version of The RiskTech Journal 〰️
The RiskTech Journal
The RiskTech Journal is your premier source for insights on cutting-edge risk management technologies. We deliver expert analysis, industry trends, and practical solutions to help professionals stay ahead in an ever-changing risk landscape. Join us to explore the innovations shaping the future of risk management.
IRM Navigator: The Operating Model for Integrated Risk Management
Many organizations have adopted ERM standards and clarified accountability, yet risk still fails to shape planning, capital allocation, and operational decisions. The gap is not conceptual. It is operational. Most programs have guidance on what effective risk management should achieve and who should perform key activities, but they lack an operating model that specifies how risk work is unified across domains and instrumented through business processes and technology.
Why DORA Metrics Belong in the Risk Committee Packet
Boards increasingly receive dashboards showing deployment speed, incident counts, and technology uptime. What is often missing is the recognition that software delivery performance is now a primary driver of enterprise risk. Every material change to products, services, data flows, and controls is executed through software delivery pipelines.
DORA metrics were created to measure delivery performance, but when viewed through an integrated risk lens, they function as early-warning indicators of change risk, operational resilience, and assurance quality. Boards that treat these metrics as engineering detail miss one of the clearest signals of whether risk controls are embedded or cosmetic.
The IRM Navigator™ Curve: A Faster Way to Classify Vendors and Clarify Your Risk Technology Roadmap
Most organizations still evaluate risk technology using surface features or maturity labels that do not reveal where a solution truly fits in the broader risk ecosystem. The IRM Navigator™ Curve provides a more reliable assessment. It combines the five IRM maturity levels with the four underlying investment domains to show how organizations advance from Risk Dysfunction to Risk Agency. This article introduces the curve in plain terms and provides a quick test that allows buyers to slot any vendor on the curve in less than two minutes.
Beyond the Firewall - Why Integrated Risk Management Is the Missing Layer in Cyber Defense
The recent revelation that Marks & Spencer—one of Britain’s most iconic retailers—suffered a cyberattack that could cost it up to £300 million in annual operating profit is a reminder that no amount of cybersecurity spending can fully inoculate a company from human error. The attack, reportedly traced to a third-party vendor and facilitated by social engineering, underscores a hard truth: cybersecurity is necessary, but not sufficient.
Despite boosting its cyber investment by 75% and quadrupling its team over the past two years, M&S was not spared. Nor were other well-known retailers like Harrods and the Co-op grocery group. These incidents reflect a deeper problem in the digital defense playbook—one that requires a broader, integrated approach to risk.
Integrated Risk Thinking: The Mindset That Unlocks the Power of the IRM Navigator™ Model
Today’s businesses face unprecedented complexity. Rapid technological advances, evolving regulatory environments, escalating cyber threats, and global operational challenges have rendered traditional risk management approaches obsolete. Siloed processes, reactive responses, and fragmented risk oversight are no longer enough to safeguard modern organizations.
Wheelhouse Advisors has identified that effective risk management in today’s landscape requires not only powerful tools and methods but, more importantly, a fundamentally new way of thinking. This strategic shift is what we call Integrated Risk Thinking (IRT)—the essential mindset that allows organizations to leverage risk as an integral part of strategy, decision-making, and competitive advantage.
To Visualize Risk, You Need Two Lenses—Essential Takeaways from the Mitratech Interact 2025 General Session
As today's business environment becomes more unpredictable, interconnected, and technologically driven, the traditional view of risk—focused primarily on controls, compliance, and containment—is no longer sufficient. Organizations must now see risk through a wider lens to avoid failure and inform success.
The central message was delivered during the general session "From Gatekeepers to Growth Partners: Embedding Risk at the Heart of the Organization" at the 2025 Mitratech Interact Conference in Dallas.
Moderated by Justin Silverman, Chief Product Officer at Mitratech, the session featured a dynamic dialogue between John A. Wheeler, CEO of Wheelhouse Advisors, and Andrea Elliott, Chief Compliance Officer at ACI Worldwide. They offered a forward-looking perspective on how organizations can evolve their risk practices to become more strategic, resilient, and business-aligned.
Flip the Risk Conversation Forward—Lessons from the Front Lines of Resilience
As operational complexity increases and business environments shift at a faster pace, organizations are under growing pressure to evolve their approach to risk. Risk management can no longer be reactive, control-focused, or functionally siloed. Instead, it must become proactive, performance-aligned, and strategically embedded. That was the focus of the breakout session "Holding the Line: Building Resilient Risk Programs in the Modern Era," presented at the 2025 Mitratech Interact Conference in Dallas.
The session was moderated by Ryan Fox, Director of GRC Solutions at Mitratech. It featured John A. Wheeler, CEO of Wheelhouse Advisors, and Andrea Elliott, Chief Compliance Officer at ACI Worldwide. The audience included legal, risk, and compliance leaders and practitioners seeking practical strategies to strengthen program maturity and build enterprise resilience.
When Encryption Isn't Enough—A Sidewalk Interview and a Global Wake-Up Call
I was in Washington, D.C., when the story broke. Reports surfaced that U.S. officials had used Signal—a consumer-grade encrypted messaging app—to coordinate sensitive military operations in Yemen. I was finishing a dinner meeting after a full day of engagements when my phone rang. It was the BBC reaching out for immediate commentary on a fast-developing national security story.