The RTJ Bridge - The Research Platform Created by the Publishers of The RiskTech Journal
The RTJ Bridge is an independent research platform delivering institutional-grade IRM market intelligence, vendor competitive assessments, and strategic risk technology analysis. Built by the analyst who created the Integrated Risk Management category at Gartner, The RTJ Bridge gives risk leaders, technology executives, and solution providers the same caliber of competitive intelligence that major analyst firms charge $25,000 to $50,000+ per year to access.
Subscribers to The RTJ Bridge receive full access to:
IRM50 OnWatch Vendor Assessments — Competitive analysis of leading IRM vendors as market events unfold, covering platform strategy shifts, M&A impact, earnings signals, and positioning changes.
Autonomous IRM and AI Governance Research — Original research on how agentic AI is reshaping risk management operating models, from production deployment patterns to the structural implications for vendor platforms and enterprise programs.
Analyst Firm and Market Critiques — Independent assessments of research from Gartner, Forrester, and other major analyst firms, viewed through the IRM Navigator Model to identify gaps, validate signals, and challenge conventional positioning.
Board Governance and Audit Committee Intelligence — Research on oversight effectiveness, emerging risk response gaps, audit committee workload challenges, and the disconnect between risk reporting and executive action.
M&A and Strategic Alliance Analysis — Same-week analysis of acquisitions, partnerships, and PE investment moves reshaping the IRM competitive landscape, with implications for buyers, vendors, and investors.
Regulatory, ESG, and Sustainability Risk — Research on how evolving regulatory frameworks (SEC cyber disclosure, EU CSRD/CSDDD, AI regulation) affect enterprise risk programs and technology requirements.
IRM Navigator™ Market Intelligence — Strategic previews and deep dives from the IRM Navigator Model, the only independent model built specifically to evaluate integrated risk management maturity and vendor alignment.
Cyber Risk, Insurance, and Third-Party Risk — Analysis of cyber risk quantification, insurance market dynamics, and the convergence of third-party risk management into enterprise IRM programs.
Subscribe to get access now
The RTJ Bridge is an independent IRM research platform published by Wheelhouse Advisors. Subscribers receive ongoing access to vendor competitive assessments, AI disruption analysis, M&A and partnership impact research, and IRM Navigator™ market intelligence. This is the only research platform built and led by the analyst who created the Integrated Risk Management category, a market now valued at over $61 billion and projected to reach $133 billion by 2031.
Not All SaaS Is Equal: IRM50 AI Disruption Risk Index
The enterprise software market is pricing AI disruption risk as if all SaaS platforms face the same structural threat. They do not. AI disruption risk varies fundamentally across platform categories based on architectural role, and the market's failure to distinguish between them is producing systematic mispricing. The IRM50 AI Disruption Risk Index introduces a three-category framework that makes those distinctions explicit, and the implications for capital allocation are significant.
The IRM50 AI Disruption Risk Index: Which Vendors Are More Durable in the Age of Autonomous IRM?
The IRM50 AI Disruption Risk Index covers the fifty vendors that define the IRM and GRC market: platform leaders like ServiceNow and Riskonnect, Big Four firms including Deloitte, EY, KPMG, and PwC, and specialized platforms like OneTrust, Archer, MetricStream, and AuditBoard. What sets this index apart is its methodology. Vendors are not ranked by market share or feature count, but by structural position across two dimensions that determine AI durability: compliance-artifact dependency and autonomous risk capability.
That distinction matters urgently right now. Global software stocks sold off sharply in February 2026 on AI disruption concerns. Morgan Stanley flagged downstream risk to the $1.5 trillion U.S. leveraged loan market. Blackstone now requires AI disruption risk assessment on the first two pages of every deal memo. Boards, executives, and investors who treat market leadership and structural durability as interchangeable are taking on risk they have not measured. This index measures it.
The Integration Trap for GRC: Why "Integrated GRC" Platforms Create Visibility Without Control
Every major GRC vendor claims integration as a core capability. The claims hold up. They also stop short. The gap between what these platforms integrate and what organizations actually need creates a structural vulnerability Wheelhouse Advisors calls The Integration Trap for GRC. Seven vendors examined. Five trap patterns identified. Twelve evaluation questions to expose integration gaps before deployment. Available now to RTJ Bridge subscribers.
Why ROI Calculators Miss the Mark on IRM
Integrated risk management (IRM) is routinely forced into an ROI framing that does not fit its economic reality. ROI implies attributable incremental cash flows. Integrated risk management more often delivers dividends, meaning distributed benefits that improve enterprise outcomes without consolidating into a single return stream. This matters because many ROI calculators in market are not integrated risk management native.
The ROI calculators are commonly legacy GRC instruments, siloed by compliance use case, optimized for cost-of-compliance narratives, and weak at quantifying cross-domain integration value, loss mitigation value, and AI trust constraints. Public positioning reinforces this bias through language that centers measurement around the GRC program rather than enterprise-wide outcomes. AI amplifies the gap. As AI moves from feature to operating model, the trust dividend becomes a gating factor for scale. Standards and regulatory regimes increasingly emphasize trustworthiness, transparency, accountability, and information obligations.
Aon GRMS Survey 2025: Integrated Risk Management Moves From Slogan to System
Aon’s 2025 Global Risk Management Survey frames the environment as a system of overlapping risks that cannot be managed effectively in silos. The “Top 10 Global Risks” chapter states that organizations that adopt a proactive, integrated approach can turn complexity into opportunity. This aligns directly with the IRM Navigator™Model and its PRAC objectives, Performance, Resilience, Assurance, and Compliance, operated as one cadence rather than separate projects.
The Risk Ignored, Part II Chapter 5: The Academic Reckoning
In Part I of The Risk Ignored, we followed the rise and fall of GRC. Born in the aftermath of the Sarbanes-Oxley Act, it was codified by Archer, PwC, and Michael Rasmussen, and quickly became the acronym that defined a market. Yet by the late 2000s, GRC was collapsing under its own weight. The very acronym that promised coherence came to mean everything and, in practice, nothing at all.
The story of The Risk Ignored Part II: The Seeds of Integration begins here. The collapse of GRC and the inadequacy of compliance-first ERM created a void. The question, for both scholars and practitioners, was what comes next.
Identity's Moment of Reckoning: What Palo Alto Networks' Acquisition of CyberArk Means for the IRM Market
Palo Alto Networks announced the strategic acquisition of identity security leader CyberArk for approximately $25 billion on July 30, 2025, reshaping the competitive landscape for Integrated Risk Management (IRM). Leveraging insights from Wheelhouse’s proprietary IRM Navigator™ Model and the IRM Navigator™ Viewpoint Report (2025 Edition), this note analyzes critical implications for IRM, IRM-adjacent, and legacy Governance, Risk, and Compliance (GRC) providers. IRM vendors and service providers must decisively respond to accelerating consolidation trends driven by cybersecurity leaders expanding into integrated risk management domains.
From Scripting to Studio: Diligent’s ACL AI Bet
Diligent’s launch of ACL AI Studio—an AI-powered extension to its long-standing audit analytics suite—comes at a time of increasing scrutiny over the practical value of artificial intelligence in risk and compliance software. Unveiled during this week’s IIA International Conference, the product promises to empower audit, compliance, and risk professionals to run advanced analytics through natural language rather than traditional scripting. But beneath the surface-level innovation lies a more complex story about legacy adaptation, GRC market pressures, and the widening gap between analytics potential and real-world IRM needs.
When One Link Breaks the Chain
UNFI, Whole Foods, and the Broader Crisis of Single-Point Fragility in the Age of Integrated Risk
A silent node in the North American supply chain collapsed on June 7, 2025. Its name: United Natural Foods Inc. (UNFI), the primary distributor for Whole Foods and a dominant force in food logistics. A cyberattack forced UNFI to take its systems offline. Overnight, deliveries halted. Shelves emptied. Shares fell. And just like that, a backend dependency became a front-page disruption.
But this isn't a grocery story. It's a structural parable. When a single upstream dependency goes dark, every industry—from manufacturing to finance, healthcare to logistics—learns the same hard lesson: concentration breeds collapse.
The era of just-in-time is colliding with the era of just one point of failure. And unless risk leaders elevate Integrated Risk Management (IRM) from a compliance afterthought to a strategic command center, the next outage won't just break continuity—it will break companies.
When the AI Black Box Blows Up
Builder.ai’s Collapse and the Unspoken Risk of Third-Party AI Dependencies
In May 2025, Builder.ai—a self-styled “AI software factory” based in London—collapsed into insolvency. Its promise had captivated global investors: a revolutionary platform that used artificial intelligence to build bespoke software with the ease of ordering a pizza. The startup raised over $500 million from Microsoft, the Qatar Investment Authority, SoftBank, and Insight Partners. In 2023, it was valued at over $1.3 billion.
But beneath its glossy demos and bold claims, Builder.ai was held together by human coders, creative accounting, and possibly fabricated revenue. As reported by the Financial Times, Microsoft and other top-tier investors are now grappling with the realization that they may have backed a business that not only overstated its AI capabilities—but systematically inflated its financials.
Builder.ai is not merely a failed startup. It is a warning shot to any organization that depends on third-party AI providers without meaningful oversight or technical verification. The question that now must be asked across boardrooms and IT departments alike:
If Microsoft—with all its engineering prowess—could be misled, what chance does a mid-sized business have?
Operational Intelligence — How IRM Solves Connected Risk Failures
Agility and resilience are everything when is comes to digital business today. Risk events once considered unlikely—global cyber disruptions, third-party failures, data breaches, operational breakdowns—now occur with alarming frequency. As these risks grow more interconnected, traditional Governance, Risk and Compliance (GRC) frameworks, often built around static risk registers and slow reporting cycles, are no longer sufficient.
Risk management is evolving from a reactive back-office control utility into a strategic engine of operational intelligence. Enabled by advancements in risk technology, analytics, and real-time data integration, modern Integrated Risk Management (IRM) platforms are helping organizations detect emerging operational risks earlier, connect siloed insights, and embed resilience into the core of enterprise decision-making.
This article previews that transformation—and offers a forward look at what’s coming in the IRM Navigator™ ORM Report – Q2 2025, which evaluates key trends, capabilities, and vendors shaping the future of operational risk management (ORM).
ServiceNow’s Risk Expansion: What the CIMCON Partnership Reveals About the Future of IRM
On the final day of the RSA Conference 2025, ServiceNow unveiled a strategic partnership with CIMCON Software. This announcement may appear modest at first glance, but it has profound implications for the future of integrated risk management.
Integrating CIMCON’s technology into ServiceNow’s IRM platform extends its reach into two complex and under-managed domains: End User Computing (EUC) and AI model risk. Both represent decentralized, often undocumented elements of the modern digital enterprise. Historically, these domains have eluded traditional GRC platforms—falling outside structured risk workflows and beyond the reach of legacy tooling.
With this move, ServiceNow is not simply expanding features. It is expanding the definition of what an IRM platform must be.
The Risk of Unheard Warnings — How Suppressed Signals Trigger Operational Failures
Today, the loudest failures often follow the quietest warnings. Not because no one saw them coming—but because someone did, and the system failed to listen.
Operational risk is no longer defined solely by failures in processes, systems, or external disruptions. Increasingly, it stems from something far harder to quantify: the failure to recognize, interpret, and elevate early signals of internal misconduct, breakdowns in oversight, or cultural deterioration. These signals are often present long before a public scandal, a regulatory penalty, or a financial collapse. But too often, they go unheard.
This article examines the phenomenon of risk signal suppression—why organizations ignore the earliest warnings of operational failure, how this risk materializes inside complex institutions, and what forward-looking ORM programs must do to identify and act on weak signals before they become systemic threats.