Articles
Information management professionals gave our collective efforts a C grade last year. What can we do to improve that grade?
Continue reading...
While eliminating audit reports may be a step too far, thinking about their value and better ways to deliver that value can stimulate changes.
Continue reading...
“Risk” is a four-letter word, so why not see if we can find ways to express ourselves without using it.
Continue reading...
If risk management is to be meaningful, it needs to deliver actionable information to help people make informed and intelligent decisions.
Continue reading...
Leaders of an organization should be managing the business, not a list of potential harms.
Continue reading...
Which would you rather be when new information challenges arise: proactive or reactive?
Continue reading...
Moving to “explainable AI” will remove much of the mystery around AI, and, as a result will drive adoption of more AI-driven services.
Continue reading...
The recent attack on enterprise infrastructure underlines how important baseline security measures really are.
Continue reading...
We are not limited to a rigorously enforced standard for communicating in person. Why should we be limited when we are writing?
Continue reading...
One of internal audit's values is to tell management when the controls to manage risks and assure opportunities aren't working.
Continue reading...
Instead of risk management, can we think of it as success management or effective management? Because that's what it is.
Continue reading...
Practitioners need to have the courage to stimulate management to remove controls and other procedures that cost more than they are worth.
Continue reading...
Any discussions of IT-related risk should start with an understanding of the organization's business objectives and go from there.
Continue reading...
Pretty much every situation has several potential outcomes — some positive, some negative. Focusing only on the latter doesn't make business sense.
Continue reading...