Building GRC on a Cybersecurity Foundation

By Matt Kelly | January 19, 2026
data analytics

Businesses are drowning in a deluge of three things: cybersecurity risk, regulatory compliance demands, and risk management frameworks. So when I moderated a webinar recently on how you could simplify all that effort by building your GRC program on a foundation of strong cybersecurity, I took lots of notes. First, what do we even mean…

Read More

Governing Third-Party AI Risks

By Matt Kelly | August 21, 2025
third-party risk

Earlier this week I attended a GRC conference in New York, York, which meant plenty of talk about challenges in cybersecurity, data management, internal control, and (of course) artificial intelligence. One interesting session explored how to manage the risks of third-party AI models within your enterprise. As usual, I took lots of notes, and pass…

Read More

Notes From #RISK Conference

By Matt Kelly | July 10, 2025
risk

This week I had the good fortune to attend the #RISK New York conference, a two-day event where 300-ish audit, risk, and compliance professionals gathered to talk shop about the evolving challenges of GRC and risk management. We had lots to discuss and I took lots of notes, so let me jot down a few…

Read More

Talking AI and ‘Model Risk’

By Matt Kelly | January 22, 2025 |
AI

Today we have a heads up for all you compliance officers in the financial services sector: Radical Compliance and Forensic Risk Alliance will be hosting a webinar on Jan. 29 exploring the risks of artificial intelligence, and the new governance and risk management methods you’ll need to develop to keep those AI risks in check.…

Read More