Insights

In this article by Norman Marks, he explores the critical intersection of Return on Investment (ROI) and risk management. The evolving landscape of risk management requires organizations to make informed decisions about how they treat and mitigate risk, ensuring that each investment aligns with strategic goals. In this piece, we’ll dive deeper into the concept of ROI as it relates to risk management and explore why every risk treatment should be evaluated not just for its effectiveness but also for the return on that investment.

In today’s fast-moving world, staying on top of regulatory requirements isn’t just a challenge, it’s a constant juggling act. As businesses face mounting compliance demands, they’re looking for ways to stay ahead of the curve, with speed, agility, and resilience. Enter RegTech. Positioned right at the intersection of technology and regulation, RegTech is becoming a game-changer in the Governance, Risk Management, and Compliance (GRC) space. It’s providing the tools that organizations need to not only keep up with—but get ahead of—an increasingly complex regulatory environment. As I dive into the intricacies of RegTech, I’ve shared some key insights in my original article on navigating this ever-evolving landscape.

The AMF's 2025 International Seminar wrapped up on March 20, leaving behind not just a digital trail but an invaluable conversation on the future of global financial regulation. Held in a 100% online format from March 10 to 20, the event brought together over 950 participants from 85 financial market authorities worldwide. It was a gathering of minds—regulators, experts, and thought leaders—all grappling with the growing complexities of financial markets in today’s fast-paced, tech-driven world.

In my previous articles, The Death of the CISO: A Eulogy & Reincarnation and Rise of the Digital Trust & Resilience Officer: Death of the CISO, Part 2, I introduced the evolving role of the Chief Information Security Officer (CISO), a shift that’s quickly becoming necessary across the digital landscape. The overwhelming response to these pieces—over 100,000 views on LinkedIn alone—showed that this transformation isn’t just a topic of interest, but one that resonates deeply across industries. While many remain attached to the CISO title, few deny that the role has grown far beyond its original scope.

In this article by Tim Leech, we dive into the evolving role of internal audit and risk management functions. The 2025 North American Pulse of Internal Audit report has just been released, and it brings forth important observations that are crucial for understanding the current landscape of internal audit and risk management. The question arises over whether organizations should stick with the traditional model of Risk & Controls Enforcement, or should they shift towards providing decision support services that align with mission-critical objectives (MCOs) and risks?

The true purpose of every Chief Risk Officer (CRO) and Chief Audit Executive (CAE) should be to support management and boards in making informed, critical decisions. Unfortunately, this is not always the case today. Risk units and internal audit functions should be instrumental in guiding management and boards in the decision-making process, particularly when it comes to managing risks and uncertainties linked to mission-critical objectives (MCOs).

The Institute of Internal Auditors (IIA) recently released a Public Consultation Draft for its Third-Party Topical Requirement. At first glance, it may seem like a technical set of guidelines, but the stakes are high. As businesses increasingly rely on third-party relationships—whether with vendors, contractors, consultants, or others—internal auditors face growing challenges in managing these complex connections. The IIA’s draft aims to offer a more standardized, comprehensive approach to assessing and managing the risks tied to external partnerships. For organizations that regularly engage with third parties, the draft provides a clear framework designed to ensure that no critical risks go unnoticed.