Click here to access subscription content at The RTJ Bridge - The Premium Version of The RiskTech Journal
〰️
Click here to access subscription content at The RTJ Bridge - The Premium Version of The RiskTech Journal 〰️
The RiskTech Journal
The RiskTech Journal is your premier source for insights on cutting-edge risk management technologies. We deliver expert analysis, industry trends, and practical solutions to help professionals stay ahead in an ever-changing risk landscape. Join us to explore the innovations shaping the future of risk management.
The Risk Ignored — Part 1: Revisiting the Origin Story of a Software Industry
Some of the biggest failures in modern risk management didn't happen because we lacked frameworks. They happened because we misunderstood risk and how it must be managed.
We've built controls. We've stood up compliance programs. We've adopted acronyms and bought technology platforms promising enterprise-wide oversight. Yet risk still slips through the cracks—not because it isn't documented, but because it isn't truly visible and understood.
I've spent 35 years helping organizations—from Fortune 100 giants to growing mid-market firms—face this reality. And the truth is this: risk management has always been more fragmented, political, and performative than most are willing to admit.
“The Risk Ignored” is a documentary-style series of articles I’ve created to give readers exclusive insights into what really happened in the last 25 years of risk management technology development.
No Manager, No Strategy—Why GRC Alone Can’t Win the Risk Game
If Governance, Risk, and Compliance (GRC) is like a team without a manager, IRM is the system that brings structure, alignment, and leadership to the field. Without a manager, even talented players operate in silos—doing what they think is best individually but without strategic coordination or shared purpose. That’s the reality in many organizations today: siloed compliance, governance, and risk functions acting without integration.
IRM provides the playbook and the leadership. It integrates GRC with Enterprise Risk Management (ERM), Operational Risk Management (ORM), and Technology Risk Management (TRM) to form a unified team—managed strategically, guided by data, and aligned around shared enterprise objectives.
When Encryption Isn't Enough—A Sidewalk Interview and a Global Wake-Up Call
I was in Washington, D.C., when the story broke. Reports surfaced that U.S. officials had used Signal—a consumer-grade encrypted messaging app—to coordinate sensitive military operations in Yemen. I was finishing a dinner meeting after a full day of engagements when my phone rang. It was the BBC reaching out for immediate commentary on a fast-developing national security story.
The Limits of Legacy GRC — Seven Reasons It Fails Modern Risk Management
In the corridors of risk management conferences and behind closed doors at technology vendor meetings, there's a reluctant acknowledgment that few are willing to voice publicly — traditional Governance, Risk, and Compliance (GRC) platforms are struggling to meet the demands of today's dynamic risk landscape. As someone who has spent decades consulting with both GRC vendors and their customers, I've heard the whispered confessions from technology providers who recognize these limitations but fear alienating their long-standing clients by admitting them openly.
The Great Risk Revolution—Why GRC Alone Can't Save Your Organization
In boardrooms across the globe, a quiet revolution is underway. Organizations that once viewed risk management primarily through the lens of Governance, Risk, and Compliance (GRC) are discovering—often the hard way—that yesterday's frameworks are increasingly inadequate for today's complex threat landscape.
Consider this. When the World Economic Forum recently surveyed global executives, the most pressing concerns they identified—from AI disruption to supply chain vulnerabilities—weren’t neatly contained within traditional GRC boundaries. These risks cascade across organizational silos, render conventional approaches obsolete, and demand a fundamentally different way of thinking about organizational resilience.
The Challenges of AI Agents and Why Risk Management Matters
Artificial intelligence (AI) agents are being promoted as game-changers for businesses, helping automate tasks, reduce costs, and improve efficiency. However, recent research from CB Insights shows that many companies using AI agents face three significant problems: unreliable performance, complex integration with existing systems, and lack of uniqueness among different AI solutions. These issues highlight why businesses need Integrated Risk Management (IRM)—a structured way to handle risks related to AI, including security, compliance, and performance challenges. Without proper oversight, AI agents can cause more harm than good.
Bridging the Resilience Gap: Why Integrated Risk Management Outperforms Legacy GRC Solutions
A recent KPMG Risk & Resilience Survey (March 2025) has revealed a concerning reality: most U.S. organizations remain unprepared to handle increasing risk events and broad disruptions. The report highlights that two-thirds to nearly three-quarters of organizations face moderate to strong barriers to managing risk effectively. The survey findings confirm a critical gap in how organizations manage risk and, more importantly, where traditional Governance, Risk, and Compliance (GRC) technologies fall short.
The Digital Risk Paradox - Why Corporate Digitalization Could Be Your Biggest Liability
Digital transformation has long been heralded as the corporate world's silver bullet—promising efficiency, resilience, and competitive advantage. However, emerging research suggests a more unsettling reality: the rush to digitalize may create as many risks as it mitigates.
Citi's $81 Trillion Error Highlights Urgent Need for Stronger Integrated Risk Management
The startling news that Citigroup mistakenly credited a client’s account with $81 trillion instead of a mere $280 underscores a critical weakness pervasive in today’s financial institutions: insufficiently robust integrated risk management (IRM) systems. This incident, termed a “near miss” by Citi, reveals deep-seated operational vulnerabilities that continue to plague banks, despite considerable investment and regulatory scrutiny.
What the Public Sector Can Learn from the Private Sector’s Embrace of Integrated Risk Management
While risk management is not new to government institutions, the public sector lags behind the private sector in adopting a truly integrated approach. The world’s leading corporations have embraced IRM as a critical framework for anticipating threats, enhancing resilience, and driving long-term value creation. It is time for the public sector to take a page from the private sector’s playbook.