Insights

In my recent post, I suggested that risk management and internal audit would better serve management, boards, and stakeholders if they operated from a shared purpose. The idea is straightforward: both functions should focus on ensuring leadership receives reliable, decision-useful information about the uncertainties that affect the organization’s mission critical objectives. If they did that consistently, organizations would make better decisions and achieve better outcomes.

In this article, Graeme Keith explores what it really means to build a risk model that is genuinely useful in practice rather than simply mathematically impressive. He emphasizes that effective models must be embedded in real decision-making processes, aligned with clear objectives, and developed collaboratively with stakeholders. The focus is on modeling as a creative, iterative, and context-driven exercise that prioritizes understanding causal relationships and supporting informed action.

In his latest piece, Norman Marks breaks down a critical gap he continues to see across GRC and ERM programs: the absence of a true top-down, objective-focused approach. While many organizations and software platforms emphasize identifying risks first and then mapping them to objectives, Marks argues that this bottoms-up structure misses what matters most. To understand risk and opportunity in a meaningful way, he explains, organizations must start with their enterprise objectives, strategies, and goals, and then determine what could hinder or enable their achievement.

In this article, Ayoub Fandi breaks down why so many organizations still treat GRC as a yearly project tied to audits rather than as a strategic product that continuously delivers value. By reframing GRC as something that evolves, improves, and serves real users across the business, he illustrates how organizations can reduce manual effort, improve their security posture, and align risk management with decision-making. The goal is to move beyond compliance checklists, and instead build a living, continuous GRC program that drives resilience and supports the business every day, not just during audit season.

If you are driving down the highway at 65mph (104.6kph), a broken-down truck in the middle of the road ahead is a serious source of risk. You might consider it the #1 entry in your list of top risks (if you were to put such a list together as you were driving). But what if you can’t see it?

The conversation began with a question posed in a recent post, “Are professional institutes and regulators rejecting AI research and logic because they don’t want to change?”

Ben & Jerry’s is an activist brand. It operates under a unique mission-driven board configuration that sets it apart from most subsidiaries of large corporations. Although owned by Unilever, the company maintains a semi-independent board specifically tasked with safeguarding its social mission, which includes environmental sustainability, human rights, and ethical business practices. This hybrid governance model combines traditional corporate oversight with dedicated representatives who ensure that Ben & Jerry’s activism and ethical commitments remain central to its decision-making. The board includes independent directors, Unilever representatives, employee voices, and social mission advocates, creating a structure designed to balance profitability with purpose, a rare approach in the corporate world.