Insights

In his most recent article, Tim Leech explores whether Chief Legal Officers (CLOs), Chief Risk Officers (CROs), and Chief Audit Executives (CAEs) have a legal duty to brief the board on its fiduciary responsibilities related to escalating MCOs and associated risks. By diving into the roles of these executives, Tim Leech highlights their obligations to ensure that boards are well-informed about the risks that need to be managed and monitored to protect the organization.

UnitedHealth Group is making waves in the healthcare sector with the launch of 1,000 artificial intelligence (AI) applications across its insurance, health services, and pharmacy units. This ambitious move, originally reported by the Wall Street Journal, to integrate AI into core business operations is a game-changer for the industry, offering potential to streamline workflows, enhance the customer experience, and support medical decision-making. However, as AI continues to shape the future of healthcare, its governance remains a critical concern, particularly when it comes to claims processing, data privacy, and ethical considerations.

In my previous article, Rethinking ESG: Rediscovering the Meaning of Stewardship, I explored the idea that ESG, at its core, is not a political tool or a passing trend but rather a commitment to stewardship—taking responsibility for the resources we use, the communities we affect, and the systems that govern our organizations. As we continue to see ESG become a focal point for both praise and criticism, it's essential that we reframe the conversation around its true meaning. In this follow-up, I’ll dig deeper into the layers of stewardship embedded within ESG, examining its practical application across the three pillars—environmental, social, and governance—and the critical role GRC (Governance, Risk, and Compliance) plays in making this vision a reality.

The House Financial Services Committee has advanced a proposal that would dismantle the Public Company Accounting Oversight Board (PCAOB). If enacted, the legislation would fold the PCAOB’s responsibilities into the Securities and Exchange Commission (SEC), prompting fears about the long-term stability of financial market oversight. The proposal has ignited a heated debate, with PCAOB Chair Erica Williams leading the charge against it, warning that the change could cause significant disruptions.

In this piece, Norman Marks addresses the evolving role of internal auditing in the face of rapid technological advancements, shifting business dynamics, and emerging risks. He challenges the profession to adapt, offering a pragmatic perspective on what auditors need to focus on today to remain valuable in the future.

Over the years, the term Integrated Risk Management (IRM) has increasingly become a focal point in discussions around governance, risk management, and compliance (GRC). While IRM gained limited traction in some circles, it’s important to remember that the concept of GRC is deeply rooted in a decades-long evolution, beginning with early work in risk management, compliance, and IT security. To understand where IRM fits, it's crucial to first understand how GRC came to be and why it continues to play a central role in managing risk and uncertainty to organizational objectives while ensuring integrity in organizations today.

In the vast and sprawling digital landscape, where our lives are lived in bits and bytes, we often forget how much of our personal data is at risk, until something shatters that illusion of safety. In the early months of 2025, that illusion was pierced when a massive data breach at X (formerly Twitter) exposed over 200 million user records. Names, email addresses, screennames, user IDs, and profile images, fragments of millions of lives, were laid bare for anyone to see.