As we move further into the digital era, organizations face an increasingly complex landscape of risks—from brand reputation challenges to AI governance and cybersecurity concerns. To help professionals, and executives navigate these evolving threats, I am publishing my research categories for 2025/2026, highlighting the areas that will demand attention, insight, and innovation over the next two years.
In an era defined by disruption, resilience is no longer a side conversation in boardrooms, it is the conversation. Cyber incidents, technology outages, geopolitical instability, and supply chain fragility are not “if” events; they are “when” events. Regulators, investors, and customers all demand that you show us not only that you can take the hit, but that you can recover, adapt, and continue to deliver.
In a recent social media post, I laid out what I see as the joint purpose of risk groups and internal audit. The response reinforced what I’ve long believed—that governance works best when accountability is simple, logical, and aligned with fiduciary duty.
In this article, Jason Busch unpacks Albania’s bold experiment to fight procurement corruption with an AI “minister,” weighing its potential to trim graft against the country’s deep-rooted traditions of bribery, backroom deals, and bureaucratic stalling.
In Norman Marks’ latest piece, he emphasizes why boards, CEOs, and auditors should place their attention on the controls that matter most—those tied directly to enterprise objectives. Drawing on decades of experience, Marks underscores that auditing should be future-focused and risk-based, centering on the design and operation of critical internal controls rather than just data testing.
EY’s latest Global Risk Transformation Study draws a sharp line between organizations merely enduring volatility and those converting it into strategic momentum. In today’s NAVI world (nonlinear, accelerated, volatile, interconnected) the margin between thriving and stumbling is defined not by luck, but by leadership mindset and structural alignment.
The numbers don’t lie. 96% of S&P 500 companies have experienced data breaches. 41.8% of fintech breaches can be traced back to third-party vendors. 68% of UK fintechs report rising fraud cases, with losses reaching as much as £5 million.These aren’t isolated incidents; they are symptoms of a systemic issue. As organizations become more reliant on third-party ecosystems, the costs of insufficient Third-Party Risk Management (TPRM) have never been greater.