Insights

In this article, Graeme Keith expands on the evolving terrain of quantitative risk modeling, charting how ambiguity, complexity, and scope shape the decisions organizations must make in uncertain environments. Building on his earlier work on modeling uncertainty and enterprise-scale decision making, Keith explores the fundamental axes that define the mathematical landscape, unpacking how trends, structural uncertainty, instability, and nonlinear dynamics challenge traditional approaches while revealing where established methods still hold power and where new paradigms are essential.

Comunicaciones Celulares (better known as Comcel), the company behind TIGO Guatemala, has wrapped up a Foreign Corrupt Practices Act investigation that has managed to outlast joint-venture partners, ownership structures, and even an earlier DOJ case closure. The company’s newly finalized deferred prosecution agreement brings more than $118 million in fines and forfeiture, and a close to a decade-long saga that proves, once again, that FCPA matters rarely fade quietly into the night just because companies hope they will.

In a recent article, Norman Marks asks a pointed question that’s becoming increasingly urgent across boardrooms, risk teams, and C-suites alike—are organizations truly leveraging the potential of AI, or are they still circling the runway while competitors take off? Drawing on new insights from Google AI and McKinsey’s latest 2025 survey, Marks explores whether companies are moving fast enough, cautiously enough, or strategically enough to turn AI from hype into real enterprise value, and what it means for practitioners who risk being left behind.

In this article, Graeme Keith explores how enterprise leaders can move beyond traditional risk matrices and adopt a simple, quantitative approach to modeling operational risk across complex organizations. By breaking down how to structure uncertainties, estimate losses, align assessments with decision-making, and aggregate risks into meaningful enterprise-wide insights, he illustrates how even basic quantitative inputs can transform the usefulness and credibility of enterprise risk management programs.

SAI360’s latest white paper uses the January 31, 2025 Barclays outage as a clear reminder that digital service failures can rapidly escalate into financial disruption and lasting reputational harm

In this piece, Ayoub Fandi breaks down why so many enterprise GRC programs struggle with the gap between documented controls and real-world execution. He explains how control orchestration closes that gap by shifting GRC from a paperwork exercise to an operational engine, one that drives consistent execution, strengthens security posture, and delivers clearer, real-time visibility into what’s actually happening across the organization.

Third-party risk teams have spent the last few years preparing for a world where ESG reporting would continually grow in scope, depth, and regulatory expectation. Companies were told to map emissions throughout their supply chains, understand human-rights risks in their upstream tiers, and gather detailed data from suppliers that had never before been part of formal reporting channels. For better or worse, the direction felt clear.