Click here to access subscription content at The RTJ Bridge - The Premium Version of The RiskTech Journal
〰️
Click here to access subscription content at The RTJ Bridge - The Premium Version of The RiskTech Journal 〰️
The RiskTech Journal
The RiskTech Journal is your premier source for insights on cutting-edge risk management technologies. We deliver expert analysis, industry trends, and practical solutions to help professionals stay ahead in an ever-changing risk landscape. Join us to explore the innovations shaping the future of risk management.
AI Risk: What Every Board Member Needs to Know
Artificial Intelligence (AI) is a double-edged sword, offering both unprecedented opportunities and complex challenges. As boards and executives grapple with the rapid advancements in AI, they must navigate a landscape fraught with both promise and peril. This article aims to equip board members with key AI insights from a recent report by the National Association of Corporate Directors (NACD) and the Data & Trust Alliance, as well as a keynote address by John A. Wheeler at AuditBoard's Audit+Beyond event.
The Convergence of Cybersecurity and Operational Risk: Lessons from the Clorox Breach
The Clorox cyberattack, which led to a whopping 20% drop in shares since August, highlights the ripple effect a cybersecurity incident can have on operational processes. Here, a technology-centered vulnerability impacted the company's operational capabilities, and consequently, its market value. Such setbacks not only disrupt the daily functioning of an organization but can tarnish its reputation and erode stakeholder trust.
How Integrated Risk Management Helps Businesses Comply with California's New Climate Laws
California is setting a new regulatory precedent with the passage of Senate Bill 253 (SB 253) and Senate Bill 261 (SB 261), collectively aimed at enforcing climate-related disclosures among large companies. These pioneering laws pave the way for a national wave of similar regulations, including pending rules from the Securities and Exchange Commission (SEC). In the midst of this regulatory shift, Integrated Risk Management (IRM) emerges as a crucial methodology for comprehensively managing the complexities of climate-related disclosure.
Synchronized Visions: How Deloitte and Wheelhouse Advisors Illuminate the Future of IRM
As I survey the current literature and thought leadership on integrated risk management (IRM), it becomes increasingly clear that this discipline is entering a pivotal era. Both Wheelhouse Advisors and Deloitte have recently offered robust frameworks illuminating different facets of IRM.
From Brakes to GPS to Telematics: The Evolution of Modern Internal Audit
In the rapidly evolving landscape of risk management, the role of internal audit is shifting from merely being the "brakes" or a "navigation system" within an organization to something far more dynamic and nuanced. Drawing on the technology of telematics systems, which blend telecommunications and informatics to guide insurance risk assessment, this article explores how internal audit can similarly offer data-driven insights without intruding on managerial autonomy. As we venture into this new era, internal audit's role isn't just about guiding or stopping; it's about gathering, analyzing, and integrating data to inform risk management.
The ESG Controller in the Age of Regulatory Shifts and Integrated Risk Management
The rapid evolution of the ESG Controller role underlines the pressing need for organizations to standardize and validate their ESG reporting processes. Recent data from AuditBoard reveals substantial gaps in ESG program readiness, further emphasizing the critical function of ESG Controllers in mitigating compliance risks. Integrated Risk Management technology offers a pathway to bridge these gaps, ensuring that companies are compliant and better positioned to navigate an increasingly complex regulatory landscape.
Beyond Traditional Boundaries: The Shift from GRC to Integrated Risk Management - An EY Perspective
Risk management is stepping beyond traditional boundaries, and the shift from GRC to Integrated Risk Management (IRM) is central to this new era. But what does this mean for today's organizations, and how can we make the transition effectively?
Bridging the Security Gap: Integrated Risk Management’s Response
In response to recent comments by Palo Alto Networks CEO Nikesh Arora on the need for rapid, modernized cybersecurity defenses, John A. Wheeler emphasizes the crucial role of Integrated Risk Management (IRM). John draws from his extensive expertise to highlight the four key benefits of IRM: a unified view, intelligent resource allocation, streamlined compliance, and strategic future-proofing, addressing both the challenges and solutions in today’s evolving threat landscape.
Charting the Future of Risk: The 2023 IRM Navigator™ Technology Market Reports
Risk management has become a paramount concern for organizations across industries in an era of rapid technological advancement, globalization, and ever-shifting regulatory landscapes. The growing business complexity and interconnectivity demand an integrated approach, propelling Integrated Risk Management (IRM) into the spotlight. IRM is no longer an option but necessary, shaping the contours of resilience, compliance, performance, and assurance.
The Future of Cybersecurity: Navigating NIST CSF 2.0 with IRM
In the complex and ever-changing cybersecurity landscape, the NIST Cybersecurity Framework (CSF) 2.0 emerges as a beacon for organizations striving to manage and mitigate cybersecurity risk. Integrated Risk Management (IRM) technology plays a pivotal role in this journey, bridging the gaps between various risk management disciplines and fully integrating cybersecurity risk with Enterprise Risk Management (ERM).
Four IRM Tips for Conquering the Biggest Accounting Experiment in 100 Years
We must go beyond the traditional Governance, Risk Management, and Compliance (GRC) approach focusing on compliance risk to address these new sustainability risk disclosure requirements. While GRC is a critical component of risk management, focusing solely on it can limit our view of specific regulatory mandates, often missing the "bigger picture" of strategic risk. Integrated Risk Management (IRM), on the other hand, incorporates GRC but goes further. Here are four tips to help companies succeed.
Decoding the New SEC Cybersecurity Rules: Material Incident Reporting and Risk Management Disclosures
The Securities and Exchange Commission (SEC) recently adopted new rules to enhance and standardize public companies’ cybersecurity incident reporting and risk management disclosures. These rules, effective in December, represent a significant shift in the regulatory landscape. Companies must act now to ensure they are prepared, and Integrated Risk Management (IRM) can play a crucial role in this process.
Navigating Cybersecurity: The SEC's New Disclosure Rules and the Role of Integrated Risk Management
In response to the escalating significance of cybersecurity threats in today’s digital era, the Securities and Exchange Commission (SEC) has set the stage for a major transformation in corporate cybersecurity disclosures. Integrated Risk Management (IRM) can serve as the perfect ally to companies as they adapt to these changes.
The Dunning-Kruger Effect in Humans and Its Echo in AI: How IRM Can Help
Artificial Intelligence (AI) has become pervasive in our society, transforming how we work, communicate, and solve problems. However, it’s not immune to the cognitive biases that its human creators hold. An intriguing example is the Dunning-Kruger effect, a cognitive bias in humans that can inadvertently permeate AI systems, posing unique risks.
Integrated Risk Management: The New Frontier in COSO-Driven Sustainability Reporting
In contrast to the traditional GRC approach, an Integrated Risk Management (IRM) approach offers a more comprehensive and strategic perspective on sustainability reporting. It provides a structured approach to managing the broad spectrum of risks associated with sustainability, including performance, resilience, assurance, and compliance risks.
3 Ways IRM Offers a Path Forward for Fragmented Risk Disciplines - Including GRC
In the dynamic world of business, organizations are constantly exposed to myriad threats and risks. To tackle these challenges, companies traditionally deploy different risk management disciplines tailored to address specific facets of risk. These disciplines include Operational Risk Management (ORM), Information Technology Risk Management (ITRM), Enterprise Risk Management (ERM), and Governance, Risk and Compliance (GRC). GRC is most often the outlier among these risk management disciplines due to its legacy nature as a standalone function. While this was accepted in the past, it is a significant barrier to more effective ways of managing risk.
Turning Risk into Opportunity: The Threefold Path of IRM
In today's increasingly complex and interconnected digital business environment, managing risks effectively is paramount. Integrated Risk Management (IRM) has emerged as a strategic approach to this challenge, founded on three critical pillars—framework, metrics, and technology.
Integrated Risk Management: The Power of the 3 C's
Managing risk is an integral part of success in any business. The ever-increasing complexity of global markets and unprecedented speed of technological changes necessitates a robust risk management strategy. Over the years, I have come to realize that the cornerstone of an effective integrated risk management (IRM) approach rests on three critical factors, which I like to call the 3 C's: Collaboration, Context, and Communication.
Risk Management Reinvented: The Bold Leap from GRC to IRM and the Masterminds Behind It
The landscape of risk management is continuously evolving, with Integrated Risk Management (IRM) emerging as the successor to traditional Governance, Risk, and Compliance (GRC) approaches. In this article, we will discuss the shift from GRC to IRM, explore the broader applications of IRM, and highlight the contributions of John A. Wheeler, the “Godfather of IRM” and Michael Rasmussen, the “Father of GRC”.