Michael Rasmussen

In the world of governance, risk management, and compliance, policies are not just procedural formalities—they are the bedrock upon which organizations build their operational integrity. Properly designed and implemented, policies ensure that processes, transactions, and behaviors align with the organization’s objectives, mitigating risks and upholding values. But as vital as they are, policies can also be a double-edged sword: when poorly managed, they expose organizations to significant legal liabilities.

In the ever-evolving landscape of digital technology, the European Union has taken a bold step towards ensuring universal access with the European Accessibility Act (EAA). Enacted in June 2019, this groundbreaking legislation represents a paradigm shift in how businesses approach digital accessibility, extending far beyond the scope of its predecessor, the 2016 Web Accessibility Directive.

When it comes to operational resilience and continuity, as well as broader GRC, many options for solutions are available in the market. Selecting the right solution is critical, as many choices lead organizations down the road of complexity and cost—not just in implementation, but also in ongoing maintenance, management, and user experience. Organizations need operational resilience and continuity solutions that are highly resilient, efficient (in both human and financial capital), effective, integrous, accountable, and agile to the needs of dynamic and distributed businesses.

ESG (Environmental, Social & Governance) pressure is mounting from multiple fronts for organizations to implement ESG reporting. ESG has the momentum and force to become a significant measurement of an organization's integrity.

The decision by Meta, Facebook's parent company, to withhold its latest multimodal artificial intelligence (AI) model from the European Union marks a significant moment in the ongoing dialogue between Silicon Valley innovation and European regulation. This move, following a similar decision by Apple, underscores the growing challenges tech companies face in navigating the EU's evolving regulatory landscape.

"No man is an island, entire of itself; Every man is a piece of the continent, a part of the main." - English Poet John Donne's Devotions Upon Emergent Conditions (1624) found in the section Meditation XVII.

Consider this example: one organization was spending 200 hours building a report for the board on risk events that have happened. All the information was trapped in spreadsheets that they had to aggregate, tabulate, and build this report from. Every year, another 200 hours—it now takes them a minute. The last year they did it this way, they found out they had risk issues that started eleven months back. That is not managing risk: that is reacting to it well after the fact.