Risk management and governance
With today's exponential advances in technology, CIOs, CTOs, CDOs and other IT leaders need critical advice on risk management and governance. Get news, guides and tips about technology-related compliance and data privacy issues, regulatory frameworks, limits on enterprise software development, cyber risk issues, metaverse dangers, cryptocurrency regulation and more.
Top Stories
-
Feature
28 Oct 2025
How tariffs affect corporate ESG initiatives
ESG initiatives, like all areas of business, are affected by President Trump's tariffs. Here's what CIOs need to know to keep the supply chain moving and ESG programs supported. Continue Reading
-
Tip
23 Oct 2025
Navigating UCaaS data sovereignty challenges
Data sovereignty regulations continue to increase. Organizations have to carefully plan their UCaaS deployments to ensure that data is protected correctly. Continue Reading
-
Tip
23 Oct 2025
How AI governance manages risk at scale for enterprises
Effective oversight of AI systems requires more than technology. It relies on defined roles, coordinated risk protocols and tight collaboration across data and model teams. Continue Reading
-
Definition
23 Oct 2025
What is a data governance policy?
A data governance policy is a documented set of guidelines for ensuring an organization's data and information assets are managed consistently and used properly. Continue Reading
-
Feature
22 Oct 2025
AWS cloud outage reveals vendor concentration risk
AWS's October 2025 outage underscored systemic cloud risk—driving IT leaders to rethink multi-cloud strategies, resilience testing and vendor oversight. Continue Reading
-
Tip
21 Oct 2025
How to present to the board of directors: 15 tips for a successful presentation
A board presentation can influence major decisions. Follow these 15 expert tips from Metrigy CEO and principal analyst Robin Gareiss to deliver a successful presentation. Continue Reading
-
Feature
20 Oct 2025
Salesforce breach: What IT leaders must know
A sophisticated attack on Salesforce users in October 2025 exposes vulnerabilities in SaaS ecosystems, forcing IT leaders to act on data, access and third-party risks. Continue Reading
-
Tip
16 Oct 2025
How to create a digital signature in Adobe, Preview or Word
Business executives can use different tools and methods to get digital signatures to close deals, but some important security features should also be considered. Continue Reading
-
Tip
09 Oct 2025
CIO playbook for treating work visas as enterprise risk
CIOs face major risks from changing visa policies. Formalizing immigration risk helps protect IT talent, ensure continuity and strengthen governance. Continue Reading
-
Definition
03 Oct 2025
What is data culture? A guide for data-driven organizations
Data culture is a set of principles regarding how an organization handles its data. Continue Reading
-
Feature
02 Oct 2025
ESG vs. CSR vs. sustainability: What's the difference?
Environmental, social and governance and corporate social responsibility are related but different concepts that can be combined to boost corporate sustainability. Continue Reading
-
Feature
02 Oct 2025
ESG vs. CSR vs. sustainability: What's the difference?
Environmental, social and governance and corporate social responsibility are related but different concepts that can be combined to boost corporate sustainability. Continue Reading
-
Feature
30 Sep 2025
Bulletproof IT: How CIOs safeguard the tech supply chain
As geopolitical tensions threaten IT supply chains, CIOs can diversify hardware, prioritize AI workloads and build redundancy. Continue Reading
-
Definition
23 Sep 2025
What is SOX compliance? A complete guide and checklist
SOX compliance entails adhering to the Sarbanes-Oxley Act of 2002, a U.S. law introduced to enhance investor protection by ensuring greater accuracy, transparency and accountability in public companies' financial reporting. Continue Reading
-
Definition
22 Sep 2025
What is regulatory compliance?
Regulatory compliance is an organization's adherence to laws, regulations, guidelines and specifications relevant to its business processes. Continue Reading
-
Definition
03 Sep 2025
What is information security (infosec)?
Information security (infosec) is a set of policies, procedures and principles for safeguarding digital data and other kinds of information. Continue Reading
-
Tip
27 Aug 2025
10-step guide for testing a backup and recovery plan
Failure is not an option when it comes to backing up data and recovering it if disaster strikes. Data backup testing can pinpoint potential problems in the recovery process. Continue Reading
-
Tip
27 Aug 2025
Project vs. program vs. portfolio management, explained
Project, program and portfolio management are related, but they represent three distinct disciplines. Learn about the responsibilities and goals of each and how they differ. Continue Reading
-
News
26 Aug 2025
Examining Elon Musk's xAI Lawsuit against OpenAI, Apple
While the lawsuit alleges anticompetitive practices and market monopolization, the case highlights the complexities of proving such claims. Continue Reading
-
Tip
26 Aug 2025
10 free IT strategic planning templates and examples for CIOs
As technology becomes a business differentiator, a well-thought-out IT strategy plan is more crucial than ever. These IT strategy templates help CIOs make IT a business driver. Continue Reading
-
News
25 Aug 2025
DOJ targets state laws in latest inquiry
In another effort to further President Donald Trump's deregulatory agenda, the DOJ is seeking public comment on state laws that burden U.S. businesses. Continue Reading
-
Tip
25 Aug 2025
Enterprise data governance: Frameworks and best practices
Data backup and recovery depend on a solid governance framework that includes procedures for data management, stewardship, quality monitoring, protection, security and compliance. Continue Reading
-
News
21 Aug 2025
U.S. could feel effects of EU AI Act as companies comply
The U.S. may be making a deregulatory push on AI, but the EU AI Act means large U.S. AI developers must comply with AI regulations that will affect their models regardless. Continue Reading
-
Feature
21 Aug 2025
Azure Local aims to answer shifting needs of the enterprise
Microsoft looks to provide a consistent Azure-style experience with its latest infrastructure offering for organizations that face challenges with data sovereignty and compliance. Continue Reading
-
News
15 Aug 2025
Trump shifts U.S. competition policy
While revoking former President Joe Biden's executive order on competition may make M&A more favorable for tech companies, it doesn't hand the industry a pass for future deals. Continue Reading
-
Definition
13 Aug 2025
What is conduct risk?
Conduct risk is the potential for a company's actions or behavior to harm its customers, stakeholders or broader market integrity. Continue Reading
-
Definition
13 Aug 2025
What is governance, risk and compliance (GRC)?
Governance, risk and compliance (GRC) refers to an organization's strategy, or framework, for handling the interdependencies of the following three components: corporate governance policies, enterprise risk management programs, and regulatory and company compliance. Continue Reading
-
Feature
13 Aug 2025
12 enterprise data backup challenges and how to overcome them
The virtues of backing up and securing data are well founded, but getting there is no easy feat. Storage capacity, floods of data and infrastructure costs are among the pitfalls. Continue Reading
-
Definition
12 Aug 2025
What are the COSO frameworks?
The COSO frameworks are documents that provide guidance on establishing internal controls and enterprise risk management (ERM) programs in organizations. Continue Reading
-
News
08 Aug 2025
Intel CEO's potential China links a warning for U.S. companies
President Donald Trump called for Intel CEO Lip-Bu Tan to resign, another signal of the administration's heightened focus on competition and support of domestic manufacturing. Continue Reading
-
Definition
08 Aug 2025
What is the three lines model and what is its purpose?
The three lines model is a risk management approach to help organizations identify and manage risks effectively by creating three distinct lines of defense. Continue Reading
-
Feature
08 Aug 2025
The cost of downtime and how businesses can avoid it
Disrupted operations cost businesses billions of dollars annually. Disaster planning, cyber resilience and monitoring system dependencies can help limit the damage. Continue Reading
-
Definition
07 Aug 2025
What is integrated risk management (IRM)?
Integrated risk management (IRM) is a set of proactive, businesswide practices that contribute to an organization's security, risk tolerance profile and strategic decisions. Continue Reading
-
Definition
06 Aug 2025
What is enterprise risk management (ERM)?
Enterprise risk management (ERM) is the process of planning, organizing, directing and controlling the activities of an organization to minimize the harmful effects of risk on its capital and earnings. Continue Reading
-
Feature
05 Aug 2025
Quantum computing technology pushes for IT advantage
Tech and funding issues remain. But work on error handling, an expanding software stack and the growth of quantum ecosystems are advancing the pursuit of 'quantum advantage.' Continue Reading
-
Feature
01 Aug 2025
Risk assessment matrix: Free template and usage guide
A risk assessment matrix identifies issues with the greatest potential for business disruption or damage. Use our free template to prioritize risk management plans. Continue Reading
-
Feature
30 Jul 2025
9 common risk management failures and how to avoid them
As enterprises rework their business models and strategies to meet various new challenges, risks abound. Here are nine risk management failures to look out for. Continue Reading
-
Podcast
29 Jul 2025
Interpreting the rapid evolution of generative AI systems
In the two years that 'Targeting AI' has covered the increasingly pervasive world of AI technology, generative AI has become one of the dominant memes in business and society. Continue Reading
-
Feature
29 Jul 2025
Traditional vs. enterprise risk management: How do they differ?
Traditional risk management and enterprise risk management are similar in their aim to mitigate risks that can harm a company. But there are differences between them. Continue Reading
-
News
28 Jul 2025
Domestic manufacturing policy emphasizes U.S. tech, products
Bringing manufacturing back to the U.S. might be a lofty goal for some products, but companies like Apple are making moves to source some components for products locally. Continue Reading
-
Feature
28 Jul 2025
Top enterprise risk management certifications to consider
Certifications are essential to many careers. Here are some useful enterprise risk management certifications for risk managers, IT professionals and other workers. Continue Reading
-
Feature
23 Jul 2025
ISO 31000 vs. COSO: Comparing risk management standards
ISO 31000 and the COSO ERM framework are the two most popular risk management standards. Here's what they include and some of their similarities and differences. Continue Reading
-
News
22 Jul 2025
Federal research funding cuts could slow tech innovation
With massive funding cuts proposed at both federal research agencies and U.S. universities, U.S. R&D investment is poised to fall behind China and the EU. Continue Reading
-
Tip
21 Jul 2025
Risk prediction models: How they work and their benefits
Accurate risk prediction models can aid risk management efforts in organizations. Here's a look at how risk models work and the business benefits they provide. Continue Reading
-
Tip
18 Jul 2025
How to create a risk management plan: Template, key steps
A risk management plan provides a framework for managing business risks. Here's what it includes and how to develop one, plus a downloadable plan template. Continue Reading
-
Feature
18 Jul 2025
CISO role in ASM could add runtime security, tokenization
Runtime security and tokenization stand to play a bigger role in attack surface management, a development that could influence security leaders' responsibilities. Continue Reading
-
News
16 Jul 2025
AI training, copyright issues headline U.S. Senate hearing
U.S. senators blasted companies, including Meta and Anthropic, for training AI models on copyrighted content, including pirated books and other materials. Continue Reading
-
Tip
16 Jul 2025
12 best practices to keep in mind for SLA compliance
SLAs outline the criteria for acceptable performance from a service provider. Learn best practices CIOs and IT leaders should follow when creating an SLA with a service provider. Continue Reading
-
Tip
15 Jul 2025
AI in risk management: Top benefits and challenges explained
AI can improve the speed and effectiveness of risk management efforts. Here are the potential benefits, use cases and challenges your organization needs to know about. Continue Reading
-
News
14 Jul 2025
U.S. pushes back on China, invests in rare earth resources
U.S. officials are increasingly concerned about China's dominance over critical minerals used in advanced technologies. Continue Reading
-
News
10 Jul 2025
Tariffs could hamper U.S. manufacturing growth
The Trump administration's fluctuating position on tariffs is creating pricing unpredictability for U.S. businesses and manufacturers. Continue Reading
-
Tip
10 Jul 2025
What CISOs need to know about AI governance frameworks
AI offers business benefits but poses legal, ethical and reputational risks. Governance programs manage these risks while ensuring responsible use and regulatory compliance. Continue Reading
-
Tip
07 Jul 2025
How to avoid greenwashing as a marketer
Greenwashing can erode customer trust and damage a brand's reputation. To avoid it, organizations can offer evidence to support their claims and earn sustainability certifications. Continue Reading
-
Feature
07 Jul 2025
12 top enterprise risk management trends in 2025
Trends reshaping risk management include use of GRC platforms, risk maturity models, risk appetite statements and AI tools, plus the need to manage AI risks. Continue Reading
-
Definition
02 Jul 2025
What is the principle of least privilege (POLP)?
The principle of least privilege (POLP) is a concept in computer security that limits users' access rights to only what is strictly required to do their jobs. Continue Reading
-
Definition
01 Jul 2025
What is risk management? Importance, benefits and guide
Risk management is the process of identifying, assessing and controlling threats to an organization's capital, operations and financial performance. Continue Reading
-
Definition
30 Jun 2025
What is the ISO 31000 Risk Management standard?
The ISO 31000 Risk Management framework is an international standard that provides organizations with guidelines and principles for risk management. Continue Reading
-
Tip
30 Jun 2025
Change management in business continuity
Change management and business continuity share a common goal: Preventing future disruptions. Find out where change management fits into business continuity planning here. Continue Reading
-
Feature
30 Jun 2025
Enterprise cybersecurity: A strategic guide for CISOs
CISOs and others responsible for safeguarding an organization's systems, networks and data need to manage day-to-day threats while also planning strategically for what's ahead. Continue Reading
-
News
26 Jun 2025
In an FTC antitrust win, Meta could face divestitures
The FTC argues that Meta acquired Instagram and WhatsApp to eliminate competition in social media networks. If the FTC wins its case, Meta could be forced to sell those products. Continue Reading
-
News
25 Jun 2025
Google settlement may affect DOJ antitrust remedies
Google faces numerous antitrust challenges and has agreed to spend $500 million revamping its regulatory compliance structure in a settlement with shareholders. Continue Reading
-
News
24 Jun 2025
Trump wants to axe rules affecting business competition
As the FTC and DOJ work to assess what rules to cut, lawmakers disagree on how deregulation will affect U.S. markets. Continue Reading
-
Definition
24 Jun 2025
What is risk avoidance?
Risk avoidance is the elimination of hazards, activities and exposures that can negatively affect an organization and its assets. Continue Reading
-
Definition
23 Jun 2025
What is pure risk?
Pure risk refers to risks that are beyond human control and result in a loss or no loss, with no possibility of financial gain. Continue Reading
-
Definition
23 Jun 2025
What is residual risk? How is it different from inherent risk?
Residual risk is the risk that remains after efforts to identify and eliminate some or all types of risk have been made. Continue Reading
-
Tip
23 Jun 2025
How to choose a cybersecurity vendor: 12 key criteria
Choosing a cybersecurity vendor entails a two-phase approach: shortlisting vendors using clear requirements, then conducting thorough evaluations based on key criteria. Here's how. Continue Reading
-
Definition
20 Jun 2025
What is the Risk Management Framework (RMF)?
The Risk Management Framework (RMF) is a template and guideline organizations use to identify, eliminate and minimize risks. Continue Reading
-
Definition
20 Jun 2025
What is risk assessment?
Risk assessment is the process of identifying hazards that could negatively affect an organization's ability to conduct business. Continue Reading
-
Definition
17 Jun 2025
What is market concentration?
Market concentration refers to how a market is distributed among competing companies. Continue Reading
-
Feature
17 Jun 2025
ERM implementation: How to deploy a framework and program
Enterprise risk management helps organizations proactively manage risks. Here's a look at ERM frameworks that can be used and key steps for implementing a program. Continue Reading
-
Definition
16 Jun 2025
What is ESG reporting? Importance and how to get started
ESG reporting is a type of corporate disclosure that details an organization's environmental, social and governance (ESG) promises, efforts and progress. Continue Reading
-
Tip
16 Jun 2025
What is a compliance audit? (with an example checklist)
A compliance audit is critical for finding any potential compliance gaps in an organization's operations. Here's what companies can do to prepare for them. Continue Reading
-
Definition
16 Jun 2025
What is operational risk?
Operational risk is the risk of losses caused by flawed or failed processes, policies, systems, people or events that disrupt business operations. Continue Reading
-
Tip
13 Jun 2025
How to write a risk appetite statement: Template, examples
A risk appetite statement defines acceptable risk levels for an organization. Here's what it includes and how to create one, with examples and a downloadable template. Continue Reading
-
Tip
13 Jun 2025
CISO's guide to building a strong cyber-resilience strategy
Cyber-resilience strategies that integrate BCDR, incident response and cybersecurity enable CISOs to build frameworks that help their organizations effectively handle cyberattacks. Continue Reading
-
News
12 Jun 2025
Policymakers assess nuclear energy for AI data centers
Big tech vendors are recognizing the energy demands of their AI services, causing them to make significant energy investments. Continue Reading
-
Tip
11 Jun 2025
IoT compliance standards and how to comply
To address IoT security concerns, it's critical for IT leaders to adhere to IoT compliance standards. Learn more about IoT compliance and its IT-relevant standards. Continue Reading
-
News
10 Jun 2025
U.S. will need policy to navigate EU rules
Protecting U.S. tech companies from the EU's regulatory regime will present a challenge to U.S. officials, who have pursued antitrust cases against big tech. Continue Reading
-
Definition
10 Jun 2025
What is financial risk management?
Financial risk management is the continuous process of recognizing, evaluating and mitigating potential threats to an individual's or organization's financial health. Continue Reading
-
Definition
10 Jun 2025
What is a risk management specialist, and what does one do?
A risk management specialist is a role appointed within organizations to identify potential risks that might negatively affect the business. Continue Reading
-
News
05 Jun 2025
UK backdoor order to Apple raises bipartisan concerns
U.S. officials fear that gaps in existing law may enable countries to target U.S. companies with data access requests that harm user privacy and security. Continue Reading
-
Definition
05 Jun 2025
What is third-party risk management (TPRM)?
Third-party risk management (TPRM) is a comprehensive framework for identifying, assessing, and mitigating risks associated with using external vendors, suppliers, partners and service providers. Continue Reading
-
Feature
05 Jun 2025
What is vendor risk management (VRM)? A guide for businesses
Vendor risk management identifies, assesses and mitigates risks from third-party vendors to protect companies from data breaches, operational disruptions and compliance violations. Continue Reading
-
Tip
05 Jun 2025
Compliance stakeholders and how to work with them
Stakeholders' involvement can strengthen an organization's compliance program. Learn best practices for engaging key stakeholders in compliance initiatives. Continue Reading
-
Feature
05 Jun 2025
Top 5 steps in the risk management process
Implementing an effective risk management process is a key part of managing business risks. Follow these five steps to ensure a successful process. Continue Reading
-
Tip
04 Jun 2025
A guide to risk registers: Benefits and examples
Risk registers document, prioritize and track an organization's risks, providing a holistic view of the risks and a ready way to communicate risk strategies. Continue Reading
-
Tip
04 Jun 2025
Learn how to harness strategic risk and improve your operations
Organizations face factors beyond their control that can prevent them from meeting their long-term goals. Learn about the building blocks behind a cohesive strategic risk strategy. Continue Reading
-
Tip
04 Jun 2025
What is risk monitoring? Definition and best practices
In today's complex environment, risk monitoring provides systematic identification and analysis of threats, enabling organizations to address issues proactively. Continue Reading
-
Definition
04 Jun 2025
What is scenario analysis?
Scenario analysis is a risk management and strategic planning process used to evaluate the risk and potential effects of a future event. Continue Reading
-
Tip
02 Jun 2025
Organizational vs. operational resilience
Organizational and operational resilience are two critical components of BCDR. Learn the differences between the two and how to establish them for peak resilience. Continue Reading
-
Feature
02 Jun 2025
Risk maturity model: How it works and how to use one
Explore risk maturity models and assessment tools for enhancing enterprise risk management. Improve ERM programs to mitigate risk and gain a competitive edge. Continue Reading
-
Tip
30 May 2025
Key steps to developing a healthy risk culture
Some companies fail to communicate that risk is every employee's business. For others, top leadership is the impediment. Here's how to build a strong risk culture. Continue Reading
-
Tip
30 May 2025
What is risk identification? Importance and methods
Risk identification is a crucial first step in risk management, enabling organizations to document and prepare for potential threats and opportunities. Continue Reading
-
Definition
30 May 2025
What is risk acceptance?
Risk acceptance is a risk management strategy in which a business acknowledges and accepts the existence of a particular risk, but does not take action to reduce or eliminate it. Continue Reading
-
Definition
30 May 2025
What is fourth-party risk management (FPRM)?
Fourth-party risk management (FPRM) is the process of identifying, assessing and mitigating risks that originate from the subcontractors and service providers that an organization's third-party vendors use. Continue Reading
-
Feature
30 May 2025
13 types of business risks for companies to manage
Knowing the types of risks businesses commonly face and their applicability to your company is a first step toward effective risk management. Continue Reading
-
Feature
29 May 2025
What is risk transfer? Methods, examples and strategic tips
Risk transfer shifts potential financial liability from one party to another through insurance contracts, legal agreements or financial tools to protect organizations from losses. Continue Reading
-
Definition
28 May 2025
What is a compliance framework?
A compliance framework is a structured set of guidelines that details an organization's processes for maintaining accordance with established regulations, specifications or legislation. Continue Reading
-
Definition
28 May 2025
What is a risk manager? Roles and responsibilities
A risk manager is a professional responsible for identifying and mitigating dangers to an organization's operations, reputation, safety, security and financial health -- any aspect with a potential negative impact on the company. Continue Reading
-
News
22 May 2025
U.S. policy moves reflect big tech issues with state AI laws
House Republicans proposed a 10-year moratorium on state AI rules, reflecting a concern among tech companies about the growing patchwork of state AI and data privacy measures. Continue Reading
-
Feature
22 May 2025
Risk appetite vs. risk tolerance: How are they different?
Risk appetite and risk tolerance are related, but they don’t mean the same thing. Not knowing the difference can cause big problems for your risk management program. Continue Reading
-
News
20 May 2025
Court to weigh divestiture in Google ad tech antitrust case
Forcing Google to divest assets in the DOJ's advertising market antitrust case against it will present a challenging issue to the court during the upcoming remedies trial. Continue Reading