What is Provision 29? The New UK Internal-Controls Declaration is Here

Does your risk management and internal framework really work? Some companies working in the United Kingdom will need to start proving it. Starting with accounting periods that open either on or after 1 January 2026, every company in either the FCA’s commercial companies or closed-ended investment fund categories must make a statement in its annual report confirming whether its risk management and internal control framework ...

What Is Integrated Enterprise Risk Management and Why Do You Need It?

Integrated enterprise risk management unites every strand of risk. From strategic, operational, financial, regulatory, cyber, to third-party, all forms of risk become streamlined under one data architecture. When things become more centralized, a streamlined workflow ensues. Instead of juggling separate spreadsheets, dashboards, and point solutions, teams instead tap into a shared information hub featuring a single source of truth. One that feeds real-time insight to ...

Amid Cyber Breaches, Operational Safety Saves the Day

When ransomware halts production lines and phishing attacks cripple control systems, cybersecurity alone isn’t enough. It's merely a start. What's next? Organizations need operational safety as their last line of defense. Operational safety ensures that people, processes, and equipment alike keep running effectively and efficiently, even under attack. From regulatory shocks to climate events to supply-chain failures, operational safety protocols shore up continuity when IT ...

By |2025-07-01T18:29:34+00:00June 24th, 2025|Governance, Risk & Compliance: GRC|

Avoid Conflicts of Interest with AI Compliance Companion

When Emma opened her inbox and found a voucher for a weekend retreat from a past vendor she froze, unsure of what to do next. Was it a friendly gesture or a red flag? This scenario is a common one, but too often it’s left unaddressed by traditional Ethics & Compliance training programs. Standard Conflicts of Interest (COI) trainings list rules, but fall short when ...

By |2025-06-12T18:49:52+00:00June 12th, 2025|Ethics & Compliance Learning|

How to Streamline Third-Party Compliance Training

When it comes to data breaches, hackers, supply chain snafus, and bad actors getting hold of your organization's most critical data, knowledge is power. Ignoring third‑party compliance training invites audits and fines. Consider the recent data breach involving PowerSchool that involved a costly ransom and sparked multiple class action lawsuits. Did you know? Healthcare is the industry most impacted by third-party breaches. Forty-one percent ...

By |2025-06-05T15:40:14+00:00June 3rd, 2025|Ethics & Compliance Learning|

What Are CMS Regulations for Hospitals and How To Stay Compliant

Centers for Medicare & Medicaid Services (CMS) regulations for hospitals and other healthcare organizations define the federal requirements providers must follow to receive Medicare and Medicaid reimbursement. These rules govern patient safety, billing accuracy, infection control, privacy, and electronic health records (EHRs). Conditions of Participation (CoPs) refers to the specific health and safety standards organizations must maintain. Additionally, hospitals also closely monitor regulations related to ...

PowerSchool Data Breach: Lessons for GRC Leaders about the Newest Third-Party Risks

The PowerSchool data breach has become a defining example of third-party risk failure in education and EdTech. It's a harsh wake-up call for ethics, Governance, Risk, and Compliance (GRC) teams. What Caused This Data Breach? On December 28, 2024, PowerSchool confirmed a compromised credential had been used to access its PowerSource customer portal—a system that supports school staff across 17,000 districts and serves over 55 ...

What Makes a Business Leader Crisis-Capable?

In times of crisis, every decision matters. Crisis-capable leaders go beyond simple decision-making. They build teams that can respond strategically, not just react. They rely on emotional intelligence, foster respect through transparency, and genuinely care about their team members. Together, these elements create a foundation for resilience and decisive action.  Below are four attributes crisis-capable leaders have:  1. Crisis-Capable Leaders Leverage Team Strengths When a crisis ...

By |2025-05-12T15:07:37+00:00November 20th, 2024|Ethics & Compliance Learning, Governance, Risk & Compliance: GRC|