As mentioned on my About page, I do in-depth research about compliance, audit, and risk management for various paying clients. The links below will take you to those papers, studies, and web pages.


Leveraging Your Corporate Culture for Better Performance, sponsored by I-Sight (October 2022)


Step-by-Step Guide to Elevating Your Compliance Program, sponsored by GAN Integrity (January 2019)


Trends in Internal Audit Technology, sponsored by MISTI and ACL (December 2018)


Calculating the ROI of Compliance Automation, sponsored by GAN Integrity (November 2018)


Strength in Numbers: The ROI of Compliance Program Hotline Reporting, sponsored by NAVEX Global (November 2018)


From FCPA to Reputation Risk: Importance of Internal Controls for the Extended Enterprise, sponsored by Aravo (October 2018)


Buyers Guide to Compliance Technology, sponsored by GAN Integrity (September 2018)


2018 Internal Audit Priorities Report, sponsored by MIS Training Institute and Experis


Cybersecurity and Vendor Risk: The Third-Party Oversight Challenge Is Here Now, sponsored by Aravo Solutions (March 2018)


New Revenue Recognition Standard: An audio white paper for compliance professionals, done with Tom Fox (February 2018)


Using the Fraud Triangle to Assess and Improve Internal Controls, sponsored by Workiva (September 2017)


Revenue Recognition and the Software Sector, co-authored with Calcbench (August 2017)


Measuring Non-GAAP Metrics: A Look at Adjusted Net Income, co-authored with Calcbench (June 2016)


What GRC Will Look Like by 2025, and How to Prepare for It Now, sponsored by NAVEX Global (June 2016)


Human Rights as Next Challenge in Supply Chain Risk, sponsored by Thomson Reuters (April 2016).


Building the Modern Risk Assurance Function: A four-part series published by the MIS Training Institute.

Rethinking Basic Principles of Risk Oversight (March 30). A look at the challenge of setting business objectives clearly enough that compliance, audit, and risk functions can build risk assurance functions and establish basic principles of risk oversight.

Avoiding Risk Assurance Turf Wars (April 20). How compliance and audit functions should think about the control environment to ensure a cooperative relationship, and then build “feedback loops” to help gather risk management data they need.

What We Worry About When We Worry About GRC (May 18). How compliance and audit executives should communicate with senior leadership and the board about risk management.

Taking a ‘Healthy Living’ Approach to Cybersecurity (June 22). The need for re-imagined risk assessments in the modern cybersecurity era, and how results of that assessment translate into new control activities and compliance challenges.

About Us

Technically, Radical Compliance is the personal blog of Matt Kelly, long-time writer and observer of the corporate compliance and GRC scene. I was a writer, editor, and publisher at Compliance Week, 2003 through 2015; some of you may know my from my career there. I also speak frequently at compliance conferences and other events, and will pretty much shoot the breeze on any compliance topic with anyone who asks.

Keep in Touch