Michael Rasmussen

Strengthening Third-Party Risk Management and Governance Across the Extended Enterprise

In the increasingly interconnected world of modern business, organizations rely more than ever on third-party relationships. While these partnerships offer significant opportunities for growth and innovation, they also expose businesses to a range of risks that can threaten resilience and success. As geopolitical tensions and economic uncertainties continue to rise, it is essential for companies to reassess and strengthen their third-party governance, risk management, and compliance strategies. This article expands on the insights from my previous piece, Navigating the Storm: Strengthening Third-Party Governance and Risk Management in Your Extended Enterprise, offering a deeper look into how businesses can build robust, proactive frameworks to navigate these challenges and ensure sustained success across their extended enterprise.

Finding Your Way in the RegTech Landscape: Navigating a Complex Compliance World

In today’s fast-moving world, staying on top of regulatory requirements isn’t just a challenge, it’s a constant juggling act. As businesses face mounting compliance demands, they’re looking for ways to stay ahead of the curve, with speed, agility, and resilience. Enter RegTech. Positioned right at the intersection of technology and regulation, RegTech is becoming a game-changer in the Governance, Risk Management, and Compliance (GRC) space. It’s providing the tools that organizations need to not only keep up with—but get ahead of—an increasingly complex regulatory environment. As I dive into the intricacies of RegTech, I’ve shared some key insights in my original article on navigating this ever-evolving landscape.

Rising to the Challenge: The Digital Trust & Resilience Officer & the Evolution of the CISO

In my previous articles, The Death of the CISO: A Eulogy & Reincarnation and Rise of the Digital Trust & Resilience Officer: Death of the CISO, Part 2, I introduced the evolving role of the Chief Information Security Officer (CISO), a shift that’s quickly becoming necessary across the digital landscape. The overwhelming response to these pieces—over 100,000 views on LinkedIn alone—showed that this transformation isn’t just a topic of interest, but one that resonates deeply across industries. While many remain attached to the CISO title, few deny that the role has grown far beyond its original scope.

Bridging Global Business Strategies: How EU & US Regulatory Approaches Shape Corporate Success

In a world where regulations are constantly evolving, businesses must stay agile and informed to maintain compliance and drive innovation. The European Union (EU) and the United States (US) are two of the largest regulatory powerhouses globally, and understanding how their frameworks shape corporate strategy is crucial for any business with global ambitions. While both regions share common goals of promoting economic growth and corporate responsibility, their approaches to achieving these goals couldn’t be more different.

Why Focusing on Objectives is the Key to Successful GRC

If you’ve been keeping up with the evolving world of Governance, Risk, and Compliance (GRC), you may have come across my recent article that argues many GRC programs are fundamentally backward by focusing too much on compliance and risk before objectives. The article makes the case that true GRC should always start with clear organizational objectives, and everything else—risk, governance, and compliance—should support those goals. But why does this matter, and how can organizations better align their GRC strategies?

UK Corporate Governance Code Overhaul Forces Firms to Rethink Risk & Control

With the clock ticking down to the 2025 implementation of Provision 29 under the revised UK Corporate Governance Code (UK CGC), companies are in a race to align their risk management and internal controls with the new requirements. The mandate, which calls for boards to provide a declaration on the effectiveness of their risk frameworks, has sparked widespread discussion among compliance professionals, corporate leaders, and risk strategists.

Gazing into the Palantír of Risk: A Modern Approach to Navigating Emerging Risks

In J.R.R. Tolkien's The Lord of the Rings, the Palantír—a mystical seeing stone—gives its user the power to peer into distant lands and foresee possible futures. While this gift is fraught with danger in the story, it’s a fitting metaphor for today’s organizations facing a world of uncertainty. Just as the Palantír offers a glimpse into potential futures, modern risk management tools provide organizations with the ability to foresee emerging risks and prepare for the unexpected. In this article, we’ll explore how businesses can use a Palantír-like approach—combining foresight with strategic planning—to anticipate challenges and better navigate the evolving landscape of risk.