Insights

In this article, Norman Marks inspects the concept of "risk appetite," challenging its validity and questioning its role in decision-making. Drawing from personal experiences and real-world examples, Marks argues that the traditional approach to defining and managing risk is overly simplistic and fails to capture the complexity of real-world risk. He critiques the common practice of quantifying risk as a single number and suggests that a more dynamic, objective-driven approach is needed. Rather than focusing on a static "risk appetite," Marks proposes that organizations should consider the likelihood of achieving their objectives, using risk as a factor in the decision-making process.

In the increasingly interconnected world of modern business, organizations rely more than ever on third-party relationships. While these partnerships offer significant opportunities for growth and innovation, they also expose businesses to a range of risks that can threaten resilience and success. As geopolitical tensions and economic uncertainties continue to rise, it is essential for companies to reassess and strengthen their third-party governance, risk management, and compliance strategies. This article expands on the insights from my previous piece, Navigating the Storm: Strengthening Third-Party Governance and Risk Management in Your Extended Enterprise, offering a deeper look into how businesses can build robust, proactive frameworks to navigate these challenges and ensure sustained success across their extended enterprise.

In this article by Tim Leech, he delves into the evolving roles of risk and internal audit functions, exploring how they can transition from their traditional, compliance-focused image to become key decision-support partners for management and the board. Drawing on his extensive experience, Tim outlines the need for change in how internal audit and risk functions operate, emphasizing the importance of aligning with mission-critical objectives to drive better decision-making and organizational success.

In this article by Norman Marks, he explores the critical intersection of Return on Investment (ROI) and risk management. The evolving landscape of risk management requires organizations to make informed decisions about how they treat and mitigate risk, ensuring that each investment aligns with strategic goals. In this piece, we’ll dive deeper into the concept of ROI as it relates to risk management and explore why every risk treatment should be evaluated not just for its effectiveness but also for the return on that investment.

In today’s fast-moving world, staying on top of regulatory requirements isn’t just a challenge, it’s a constant juggling act. As businesses face mounting compliance demands, they’re looking for ways to stay ahead of the curve, with speed, agility, and resilience. Enter RegTech. Positioned right at the intersection of technology and regulation, RegTech is becoming a game-changer in the Governance, Risk Management, and Compliance (GRC) space. It’s providing the tools that organizations need to not only keep up with—but get ahead of—an increasingly complex regulatory environment. As I dive into the intricacies of RegTech, I’ve shared some key insights in my original article on navigating this ever-evolving landscape.

The AMF's 2025 International Seminar wrapped up on March 20, leaving behind not just a digital trail but an invaluable conversation on the future of global financial regulation. Held in a 100% online format from March 10 to 20, the event brought together over 950 participants from 85 financial market authorities worldwide. It was a gathering of minds—regulators, experts, and thought leaders—all grappling with the growing complexities of financial markets in today’s fast-paced, tech-driven world.

In my previous articles, The Death of the CISO: A Eulogy & Reincarnation and Rise of the Digital Trust & Resilience Officer: Death of the CISO, Part 2, I introduced the evolving role of the Chief Information Security Officer (CISO), a shift that’s quickly becoming necessary across the digital landscape. The overwhelming response to these pieces—over 100,000 views on LinkedIn alone—showed that this transformation isn’t just a topic of interest, but one that resonates deeply across industries. While many remain attached to the CISO title, few deny that the role has grown far beyond its original scope.