The RTJ Bridge - The Research Platform Created by the Publishers of The RiskTech Journal

The RTJ Bridge is an independent research platform delivering institutional-grade IRM market intelligence, vendor competitive assessments, and strategic risk technology analysis. Built by the analyst who created the Integrated Risk Management category at Gartner, The RTJ Bridge gives risk leaders, technology executives, and solution providers the same caliber of competitive intelligence that major analyst firms charge $25,000 to $50,000+ per year to access.

Subscribers to The RTJ Bridge receive full access to:

IRM50 OnWatch Vendor Assessments — Competitive analysis of leading IRM vendors as market events unfold, covering platform strategy shifts, M&A impact, earnings signals, and positioning changes.
Autonomous IRM and AI Governance Research — Original research on how agentic AI is reshaping risk management operating models, from production deployment patterns to the structural implications for vendor platforms and enterprise programs.
Analyst Firm and Market Critiques — Independent assessments of research from Gartner, Forrester, and other major analyst firms, viewed through the IRM Navigator Model to identify gaps, validate signals, and challenge conventional positioning.
Board Governance and Audit Committee Intelligence — Research on oversight effectiveness, emerging risk response gaps, audit committee workload challenges, and the disconnect between risk reporting and executive action.
M&A and Strategic Alliance Analysis — Same-week analysis of acquisitions, partnerships, and PE investment moves reshaping the IRM competitive landscape, with implications for buyers, vendors, and investors.
Regulatory, ESG, and Sustainability Risk — Research on how evolving regulatory frameworks (SEC cyber disclosure, EU CSRD/CSDDD, AI regulation) affect enterprise risk programs and technology requirements.
IRM Navigator™ Market Intelligence — Strategic previews and deep dives from the IRM Navigator Model, the only independent model built specifically to evaluate integrated risk management maturity and vendor alignment.
Cyber Risk, Insurance, and Third-Party Risk — Analysis of cyber risk quantification, insurance market dynamics, and the convergence of third-party risk management into enterprise IRM programs.

Subscribe to get access now

The RTJ Bridge Subscription

$79.99

Every month

The RTJ Bridge is an independent IRM research platform published by Wheelhouse Advisors. Subscribers receive ongoing access to vendor competitive assessments, AI disruption analysis, M&A and partnership impact research, and IRM Navigator™ market intelligence. This is the only research platform built and led by the analyst who created the Integrated Risk Management category, a market now valued at over $61 billion and projected to reach $133 billion by 2031.

✓ IRM50 Vendor Intelligence

✓ Autonomous IRM and AI Governance Insights

✓ Analyst Firm Critiques

✓ M&A, PE, and Alliance Intelligence

✓ IRM Category Creator Perspective

A ship's bridge with a person standing inside, seen through large glass windows, on a white vessel with round portholes and safety railing.

John A. Wheeler 8/27/25 John A. Wheeler 8/27/25

The Risk Ignored, Part II Chapter 5: The Academic Reckoning

In Part I of The Risk Ignored, we followed the rise and fall of GRC. Born in the aftermath of the Sarbanes-Oxley Act, it was codified by Archer, PwC, and Michael Rasmussen, and quickly became the acronym that defined a market. Yet by the late 2000s, GRC was collapsing under its own weight. The very acronym that promised coherence came to mean everything and, in practice, nothing at all.

The story of The Risk Ignored Part II: The Seeds of Integration begins here. The collapse of GRC and the inadequacy of compliance-first ERM created a void. The question, for both scholars and practitioners, was what comes next.

John A. Wheeler 6/3/25 John A. Wheeler 6/3/25

The Risk Ignored – Part I, Chapter 4. The Irony of Risk Intelligence: When GRC’s Founders Became IRM’s Followers

When Risk Culture Meets Rocket Fuel

In early 2007, SunTrust’s board appointed a new CEO. The new CEO had been waiting in the wings since SunTrust acquired his bank that was heavily weighted toward mortgage banking. Unlike his predecessor, he saw risk not as a discipline but as a throttle—something to push forward, not manage. His first strategic move was aggressive: set a Big Hairy Audacious Goal (BHAG) – a term ironically made famous by Jim Collins’ book “Built to Last”. The SunTrust BHAG, as defined by the new CEO, was to more than double the mortgage portfolio within twelve months to compete head-on with Wall Street’s securitization giants.

To hit that target, underwriting controls were systematically dismantled. Incentives for mortgage originators surged dramatically, creating an environment ripe for aggressive lending and shortcuts. When I saw these changes, I foresaw the inevitable crash. As the senior executive overseeing Internal Audit, Compliance, and Risk Management, I confronted both the CEO and his protégé—the head of mortgage banking—in a tense meeting. The mortgage head literally writhed in his seat with anger; I had never seen anything like it.

John A. Wheeler 5/15/25 John A. Wheeler 5/15/25

The Risk Ignored – Part I, Chapter 3. The Acronym That Built a Market and the One That Rescued It

As many industry shifts do, it began in a quiet room with a big idea. One conversation was with a Big Four consulting firm eager to formalize its newest offering. Another was with a risk software vendor in search of identity and traction. Sitting across the table from both in 2002 was Michael Rasmussen, then an analyst at Giga Information Group.

What he encountered in those two briefings wasn't just a common theme but a shared phrase. The software vendor and PwC had already begun using "Governance, Risk, and Compliance" to describe their offerings. Rasmussen helped bring it to life—not as a framework, not as an architecture, but as a market category. And almost overnight, that name became an industry.

John A. Wheeler 5/2/25 John A. Wheeler 5/2/25

The Risk Ignored – Part I, Chapter 2. The Risk That Created the Category

It didn't take long. The software market found its opportunity once the Sarbanes-Oxley Act was signed into law. Vendors who had once built their businesses on knowledge management—rooted in workflow automation, document control, and internal collaboration—suddenly had something they'd never had before: urgency.

SOX 404 didn't just create a mandate. It created a narrative.

By late 2003, PwC—a global audit and consulting firm—had appointed a Governance, Risk & Compliance (GRC) Practice Leader, becoming the first major firm to formalize GRC as a branded consulting offering. OpenPages, an enterprise software vendor specializing in compliance and risk management, issued a press release marketing its platform as a "GRC solution." Analysts took the bait. And seemingly overnight, what had been a faltering product category now had a fresh label, a growing audience, and a new group of buyers scrambling to meet audit requirements.

The acronym spread faster than the architecture.

And the risk, ironically, wasn't what these platforms were solving—it was what they were failing to acknowledge.

John A. Wheeler 4/25/25 John A. Wheeler 4/25/25

The Risk Ignored – Part I, Chapter 1. The Software That Lost Its Market

It’s a metaphor older than the software industry and time itself: the emperor with no clothes. But before the emperor stood exposed, his clothes began to fray—tattered garments passed off as innovation, stitched together by marketing promises and untested assumptions. That’s the story we’re telling here, not just of the naked moment but of the unraveling that came before it.

In the early 2000s, that unraveling began with knowledge management. Later, it would continue under a new name: GRC.