It would be an understatement to say that the risks we deal with today are the same ones the world encountered in 1985, the year the Committee of Sponsoring Organizations of the Treadway Commission (COSO) was formed.

Mainframe computers still required their own climate controlled rooms, the Internet was a fledgling technology, Wall Street still moved paper stock and bond certificates between investment houses by bike couriers and R.E.M. was the hottest band at the time.

A lot has changed since …. except how risk management is practiced and therein lies the problem!

Science and technological advancements have made inroads…


Theorizing, Rhetorical Appeal, Mythologizing, Normative Networks & Educating

In 2014, the Committee of Sponsoring Organizations of the Treadway Commission, or COSO, commissioned a study by the University of New South Wales, Australian School of Business in Sydney, Australia to interview members of its board, consultants and other advisers who had been instrumental in formalizing the Enterprise Risk Management Integrated Framework to document the institutional work undertaken by COSO to create ERM. …


Manhattan Skyline

“Infusing the Human Element into Enterprise Risk Management”

This study is the first of its kind to examine advancements in risk performance of corporate board’s risk & audit committees and the risk function. The study includes an exhaustive lit review of corporate boards and enterprise-wide risk management.

The findings are provocative and explain the structural, legal and conceptual limitations that have hindered good risk management at the board and ERM level and provides insight into how to enhance risk management at the board and chief risk office level.

There were a few surprises in this study that help amplify the…


In 2015, I wrote an article, ”How COSO destroyed Risk Management” and critiqued what I saw as scope creep in the mandate of the Big Four accounting firms into enterprise risk management. Here is one excerpt from the article:

“COSO has lost sight of its original mandate from a narrow focus on developing an internal controls framework, emanating from an integrated [internal control] framework designed to understand the causal factors that can lead to fraudulent financial reporting to a broader and rather vague Enterprise Risk framework with little substance.”

Five years later this observation now seems prescient in its criticism…


CDC website of past pandemics

To better understand how complex issues of risk are framed social media offers a glimpse into divergent perspectives. In normal times, many of the debates on social media are harmless point-counterpoint arguments in a marketplace of ideas. However today’s social media is sprinkled with confusion, anger and misinformation that can be harmful. I, like many others, have been trying to make sense of how quickly the world has changed in response to the damage wrought by the novel coronavirus and how the discussions are framed.

As each country pursues different strategies to mitigate the pandemic a lack of coordination only…


“The only real mistake is the one from which we learn nothing.” ― Henry Ford

The novel coronavirus has conjured up terms like battle, war, and images of an invisible enemy, and like war, the global pandemic has created a fog. The fog of war is a military term that describes the difficulty of making decisions in the midst of conflict. As the novel coronavirus began to unfold in January and eventually declared a pandemic it quickly became clear that the adversary, the coronavirus, had the upper hand but less clear what the global response would be.

The scope and…


In many respects the General Data Protection Regulation (GDPR) is a bold experiment in the democratization of personal data. On the one hand, GDPR raises the bar for all organizations to protect confidential personal data across all platforms while simultaneously creating new rights for individuals to better control how data is shared, including for one’s own purposes. On the other hand, organizations have invested billions in cybersecurity with marginal improvements in the cyber paradox, a phenomenon that doesn’t fully explain why cybertheft and threats continue to increase unabated.

The current state of information security compliance is also muddled by complex…


Davos Switzerland

GRC is an acronym for governance, risk & compliance and is one of the biggest IT markets most have never heard of or is aware exists….except risk professionals! The term GRC is primarily a marketing nomenclature but it is designed to describe a technology platform used to manage risks in a variety of organizations.

I have followed the market for GRC solutions for more than 18 years and have developed one of the largest directories of GRC solutions on the internet at TheGRCBlueBook.com. 19 years ago this was a nascent market with few websites dedicated to covering risk technology. …


An Alternative Approach to Cybersecurity and Enterprise Risk Management

Cognitive governance is a radical departure from traditional risk management. James Bone explains the benefits and how the former complements the latter.

After the 2008 reckoning of the Great Recession and a 60 percent decline in market value, I became redundant and soon began to question the failings of risk management as a discipline and my own skills as a risk professional. If adversity is the mother of invention, my journey to “learn” risk management really began after almost 30 years of leadership positions in financial services.

What I have learned after more than 10 years of research suggests that…


Having spent the last ten or more years researching and writing about cognitive risks I was recently asked what is a cognitive risk consultant? I realized that I hadn’t explained this very well at all so here goes. It may also help to understand the path that I have taken to get here.

My foundational training started with Dr. W. Edwards Deming’s work which applied statistical variance to systems and systems thinking to human psychology. Later, informed by a laundry list of Nobel economists, behavioral science influenced how I managed teams, developed leaders of teams and built sustainable processes in…

James Bone

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store