This article explores the need for a holistic risk management framework to address the evolving AI use cases in healthcare. As part of our 2025 Integrated Risk Roadmap, we emphasize the critical role of IRM in ensuring that AI-driven innovations align with ethical standards, regulatory expectations, and patient trust.

Today, January 17, 2025, marks a turning point for the European financial sector as the Digital Operational Resilience Act (DORA) officially takes effect. This comprehensive EU regulation introduces a harmonized framework for managing ICT risks, requiring financial institutions and their ICT third-party service providers (TPSPs) to meet stringent requirements for governance, incident reporting, and resilience. This article explores the implications of DORA, highlights the four key objectives of IRM, and provides guidance for financial institutions as they navigate this new regulatory environment. For further insights, visit wheelhouseadvisors.com.

As the world of risk management evolves, Wheelhouse Advisors remains at the forefront of delivering insights, research, and actionable strategies to navigate the complexities of today’s dynamic risk landscape. In 2025, we will focus on four overarching themes corresponding to the key segments of the Integrated Risk Management (IRM) framework: Technology Risk Management (TRM), Operational Risk Management (ORM), Governance, Risk and Compliance (GRC), and Enterprise Risk Management (ERM). These themes will guide our content delivery through the IRM Navigator™ Reports, IRM Vendor Compass™ Ratings, The Risk Wheelhouse podcasts, and articles in The RiskTech Journal.

The EU’s NIS2 Directive represents a significant evolution in cybersecurity governance, and its ripple effects are set to transform compliance landscapes for companies worldwide. Despite uneven transposition across EU member states, NIS2's broader implications underscore the urgency for proactive risk management strategies. Companies can leverage Integrated Risk Management (IRM) solutions to turn these regulatory challenges into competitive advantages.

The clock is ticking for financial institutions and ICT suppliers as the EU’s Digital Operational Resilience Act (DORA) prepares to take effect on January 17, 2025. This ambitious regulatory framework aims to bolster the financial sector's resilience against cyber disruptions, mandating a series of stringent requirements on operational monitoring, incident reporting, and third-party risk management. Yet, the urgency of compliance efforts has uncovered a glaring challenge: organizations without Integrated Risk Management (IRM) systems risk falling short of these critical obligations.

The digital transformation of risk management has entered a new era with the emergence of AI agents, autonomous systems that promise to revolutionize how organizations approach integrated risk management (IRM). These sophisticated systems represent more than just an automation tool; they offer a fundamental shift in how organizations identify, assess, and respond to risks across their operations. As organizations face increasingly complex risk landscapes, AI agents provide the capability to handle this complexity while maintaining the comprehensive perspective essential to effective IRM.

Recent insights from the Gibson Dunn report, Cybersecurity Overview: A Survey of Form 10-K Cybersecurity Disclosures by the S&P 100 Companies, highlight key trends and practices among public companies. Integrated Risk Management (IRM) is increasingly recognized as the critical approach enabling organizations to meet these requirements while driving strategic value. In this analysis, we'll explore the evolving regulatory landscape, key trends in cybersecurity disclosures, and how IRM empowers organizations to align their cybersecurity strategies with enterprise-wide governance frameworks.

The 2024 edition of The RiskTech Journal provided a front-row seat to the critical shifts and emerging innovations transforming risk management. Through expert insights and in-depth analysis, the Journal detailed how organizations across industries are adapting to a dynamic risk landscape, using tools like Integrated Risk Management (IRM) frameworks and advanced technologies to stay resilient.

In financial services, generative AI (GenAI) has rapidly emerged as both a transformative opportunity and a formidable risk. According to a recent ORX survey, three-quarters of financial institutions now classify oversight of GenAI under operational risk. This pivotal shift highlights how GenAI is increasingly perceived as a broader business risk rather than merely a technology-specific challenge. For banks and other financial institutions, this development underscores the necessity of integrated risk management (IRM) frameworks to effectively navigate the complexities of AI adoption.

The financial landscape has been disrupted by a concerning surge in financial restatements among U.S. public companies. According to the Financial Times, 140 public companies reissued their financial statements in the first ten months of 2024 due to material accounting errors—a nine-year high. These restatements erode investor confidence and raise critical questions about the quality of financial reporting, the robustness of internal controls, and the effectiveness of corporate governance. Notable cases, such as Macy's misclassification of $132 million in delivery expenses and Archer Daniels Midland's overstated profits in its nutrition segment, underscore these errors' severe reputational and financial implications. This trend highlights systemic weaknesses that can no longer be overlooked. The rise in restatements calls for a comprehensive solution—one that Integrated Risk Management (IRM) technology and related RiskTech innovations are well-equipped to deliver.

In today's hyperconnected world, cyberattacks have become existential threats capable of reducing even the most established businesses to insolvency. Recent high-profile cases, such as the collapse of National Public Data and the bankruptcy of Stoli Group's U.S. subsidiaries, highlight how cyber breaches and ransomware attacks devastate systems and create cascading impacts that extend far beyond the initial compromise. These incidents serve as cautionary tales about the interconnected nature of operational, financial, and reputational risks in the digital age.

The risk management landscape is transforming as technology evolves to meet the demands of increasingly complex business environments. A new open-source tool from Anthropic, the Model Context Protocol (MCP), could represent the pivotal technology that unlocks the potential of autonomous Integrated Risk Management (IRM) systems. MCP may revolutionize how organizations deploy AI-driven IRM solutions by providing seamless, universal connectivity to diverse datasets. At the heart of this transformation is the emergence of AI agents, which stand to benefit significantly from MCP's capabilities.

The cyber threat landscape is changing rapidly, with artificial intelligence (AI) serving as both a powerful tool for defense and a formidable weapon for attackers. In a recent interview with The Wall Street Journal, Amazon's Chief Information Security Officer, CJ Moses, revealed a staggering increase in daily cyber threats faced by the company. Over the past six to seven months, Amazon has witnessed an escalation from 100 million to an average of 750 million cyber-attack attempts per day. This exponential rise underscores the urgent need for organizations to implement Integrated Risk Management (IRM) strategies to protect their assets in an increasingly complex digital environment.

Artificial intelligence (AI) is ushering in a new era that promises to redefine the global economy and risk management landscape. Recent projections by IDC estimate that AI will contribute a staggering $19.9 trillion to the global economy by 2030, driving 3.5% of the worldwide GDP. For every dollar invested in AI, an impressive $4.60 is expected in economic returns. Simultaneously, KPMG International's 2024 Future of Risk report reveals that 61% of executives anticipate a significant increase in risk levels over the next three to five years.

As organizations like Ahold Delhaize increasingly rely on technology for inventory management, e-commerce, and logistics, cyber disruptions can extend beyond IT systems to affect global supply chains and customer trust. This event serves as a wake-up call for businesses globally to adopt an Integrated Risk Management (IRM) approach to ensure performance, resilience, assurance, and compliance in an interconnected digital landscape.

Audit committees are under increasing scrutiny as the complexity and scope of risks facing organizations expand. The 2024 Audit Committee Transparency Barometer from the Center for Audit Quality (CAQ) highlights a growing demand for greater accountability in overseeing financial reporting and emerging areas like cybersecurity and Environmental, Social, and Governance (ESG) risks. To meet these demands and build investor confidence, audit committees must shift toward more strategic and integrated approaches to risk management.

Risk managers are now more involved than ever in integrating Enterprise Risk Management (ERM) with other risk domains and the business at large. However, the accelerating demands of AI introduce complexities that cannot be ignored. Integrated Risk Management (IRM) technology emerges as a critical tool, providing greater visibility and understanding of risks to drive actionable change.

The IRM approach replaces the traditional, siloed GRC model with a unified framework. By transitioning to IRM, organizations can enhance strategic decision-making, increase operational efficiency, and gain a complete view of risks across the enterprise. This transition is not just about adopting a new framework; it's about unlocking the value of risk management as a strategic asset.

In my previous article on Autonomous Integrated Risk Management (IRM), I explored how AI agents are driving IRM into a new era of automation. With industry leaders like ServiceNow and Salesforce making significant strides in the AI agent market, we are witnessing a transformative moment for business technology. These advancements signal a shift in automation capabilities and present a massive opportunity to develop AI agents specifically for autonomous IRM capabilities.

As sustainability reporting becomes increasingly critical for businesses, preparers are faced with new challenges and opportunities. The voluntary application of the International Sustainability Standards Board (ISSB) Standards, specifically IFRS S1 and IFRS S2, offers a framework for companies to disclose sustainability-related financial information, even ahead of regulatory mandates. To support companies, the IFRS Foundation has published Voluntarily applying ISSB Standards—A guide for preparers. This guide published provides companies a pathway to communicate their progress in aligning with these standards, supporting investor decision-making by offering transparent, comparable, and reliable information on sustainability risks and opportunities.