The Strait of Hormuz and What It Should Be Telling Every Risk Manager The Strait of Hormuz is twenty-one miles wide at its narrowest point. Approximately twenty percent of the world's oil and significant volumes of liquefied natural gas transit it every day. It is the s... 20 June 2026
Beyond Duty of Care: The Protective Obligation That Travels Across Legal Systems Duty of care is typically understood as a legal concept — a standard of care that an organisation owes to those it employs or sends into harm's way, enforceable through negligence law in the relevant ... 20 June 2026
Regulatory Compliance Is Not Risk Management Regulatory compliance is one of the most persistent sources of confusion in enterprise risk management. The confusion is not about what regulatory compliance requires — that is usually well-understood... 20 June 2026
What 30 Years of Risk Leadership Actually Teaches You (That the Frameworks Cannot) Three decades is a long time in any professional field, and the field of risk management has changed substantially in the period I have been working in it. The frameworks have evolved. The technology ... 20 June 2026
Intelligence Collection for Risk Practitioners: Moving Beyond Open Source Intelligence in the risk practitioner context is a term that is used loosely and understood inconsistently. It is applied to everything from Google News alerts to comprehensive all-source analytical a... 20 June 2026
AI in Risk Management: What It Can Do, What It Cannot, and What That Means for Accountability The application of artificial intelligence to risk management functions has expanded rapidly, accelerated by the public availability of large language models and the integration of AI capabilities int... 20 June 2026
Where Travellers Actually Get Hurt: The Data Organisations Ignore When They Assess Travel Risk Organisations assess travel risk by reference to country ratings, threat categories, and the headline incidents they know about. They look at terrorism threat levels, general crime statistics, and pol... 20 June 2026
Supply Chain Risk: Why Most Organisational Risk Frameworks Miss the Exposure That Actually Matters Supply chain risk has been in mainstream risk management discourse for several years — accelerated by pandemic-related disruptions, high-profile ransomware attacks on critical suppliers, and the incre... 20 June 2026
Crisis Management Planning That Actually Works When a Crisis Arrives Crisis management plans fail. Not because they are badly written — most are competently drafted. They fail because they are written for a crisis that does not exist, in conditions that do not resemble... 20 June 2026
What Boards Actually Need to Know About Enterprise Risk (And Rarely Do) Boards are responsible for risk oversight. Most boards perform this responsibility through an Audit and Risk Committee that receives periodic reporting — a risk register, a heat map, key risk indicato... 20 June 2026
Security Culture Is Not a Values Statement. It Is Behaviour Under Pressure. Security culture is routinely described in values terms — respect, integrity, vigilance, accountability. It appears in codes of conduct, induction programmes, and annual reports. It is the subject of ... 20 June 2026
The Expert Witness Standard: What Organisations Discover When Risk Management Is Examined Most organisations that have faced significant litigation involving their risk management have been surprised by what the expert witness process reveals. Not by the existence of the process — most leg... 20 June 2026