Risk Management Guides, Frameworks & Practitioner Resources
Geopolitical Risk Assessment: How to Analyze, Monitor, and Mitigate Geopolitical Threats
ESGESG Risk Management: How to Identify, Assess, and Report Environmental, Social, and Governance Risks
Operational ResilienceOperational Resilience Framework: Building Resilience Beyond Business Continuity
GRCGRC Framework: How to Build an Integrated Governance, Risk, and Compliance Program
Risk Pulse
View all data →US Effective Tariff Rate
Highest since 1947. IEEPA ruling may reduce to 6.0% in 2026.
Suez Canal Container Traffic
Collapse since Houthi attacks. Still 49% below pre-crisis levels.
Asia-US Transit Time Increase
Cape of Good Hope rerouting extends SE Asia to US East Coast shipping.
ISSB Adopting Jurisdictions
Sustainability disclosure standards now live across 36 jurisdictions globally.
Latest Analysis
View all articles →
Risk Management in Pharmaceutical Companies: FDA, EHS, and Clinical Risk
Risk management in pharmaceutical companies is essential for protecting patient safety, ensuring FDA compliance, and preventing costly recalls and drug shortages. This comprehensive guide covers FDA, EHS, and clinical risk frameworks that every pharmaceutical leader needs in 2026. In February 2024, a single US sterile-injectables facility went offline after an FDA inspection cited environmental monitoring ... <a title="Risk Management in Pharmaceutical Companies: FDA, EHS, and Clinical Risk" class="read-more" href="https://riskpublishing.com/risk-management-in-pharmaceutical-companies/" aria-label="Read more about Risk Management in Pharmaceutical Companies: FDA, EHS, and Clinical Risk">Read more</a>
Model Risk Management: SR 11-7 Guidance and Validation Framework
In 2012, JPMorgan Chase’s Chief Investment Office lost $6.2 billion through positions built on a flawed Value-at-Risk (VaR) model. The internal review revealed that the model had been modified to halve the reported risk, and the model change process bypassed the bank’s independent validation function. The “London Whale” incident became the defining case study for ... <a title="Model Risk Management: SR 11-7 Guidance and Validation Framework" class="read-more" href="https://riskpublishing.com/model-risk-management-sr-11-7-guidance/" aria-label="Read more about Model Risk Management: SR 11-7 Guidance and Validation Framework">Read more</a>
Risk Management for Private Equity: Due Diligence, Portfolio Risk, and ERM
Risk management for private equity is essential for protecting portfolio value and meeting regulatory requirements. In June 2023, a mid-market PE firm closed a $340 million acquisition of a healthcare technology company. Sixty days post-close, a ransomware attack encrypted patient records across the portfolio company’s entire network. The incident response cost $8.2 million, regulatory fines ... <a title="Risk Management for Private Equity: Due Diligence, Portfolio Risk, and ERM" class="read-more" href="https://riskpublishing.com/risk-management-for-private-equity/" aria-label="Read more about Risk Management for Private Equity: Due Diligence, Portfolio Risk, and ERM">Read more</a>
Energy Sector Risk Management: NERC CIP, Operational Resilience, and Climate
On February 2021, Winter Storm Uri brought the Texas power grid within four minutes of a total collapse that would have left 26 million people without electricity for weeks. The subsequent analysis revealed cascading failures across generation, transmission, and gas supply infrastructure. ERCOT’s post-event review identified 4,000+ individual unit outages, and the economic damage exceeded ... <a title="Energy Sector Risk Management: NERC CIP, Operational Resilience, and Climate" class="read-more" href="https://riskpublishing.com/energy-sector-risk-management-nerc-cip/" aria-label="Read more about Energy Sector Risk Management: NERC CIP, Operational Resilience, and Climate">Read more</a>
Cyber Risk Quantification in Financial Services: FAIR Model Applied
Cyber risk quantification in financial services has become an urgent priority. In January 2024, the IMF’s Managing Director Kristalina Georgieva issued an unusually direct warning: the financial sector urgently needs cyber risk quantification capabilities because ‘extreme losses from cyber incidents are increasing’ and the sector’s interconnectedness means one institution’s breach can cascade across the system. ... <a title="Cyber Risk Quantification in Financial Services: FAIR Model Applied" class="read-more" href="https://riskpublishing.com/cyber-risk-quantification-in-financial-services/" aria-label="Read more about Cyber Risk Quantification in Financial Services: FAIR Model Applied">Read more</a>
Supply Chain Risk Management: ISO 28000 and NIST Practitioner Guide
When the CrowdStrike outage hit in July 2024, Fortune 500 companies absorbed more than $5 billion in direct losses within days. The incident did not originate inside any of those companies’ supply chains in the traditional sense; it came through a single software update pushed by a trusted cybersecurity vendor. For risk managers who had ... <a title="Supply Chain Risk Management: ISO 28000 and NIST Practitioner Guide" class="read-more" href="https://riskpublishing.com/supply-chain-risk-management-iso-28000/" aria-label="Read more about Supply Chain Risk Management: ISO 28000 and NIST Practitioner Guide">Read more</a>
Operational Risk Management in Banking: Basel Framework and Three Lines
Operational risk management in banking faces critical challenges as institutions struggle to close the gap between policy and practice. In January 2024, a $2.6 billion unauthorized trading loss at a major European bank exposed what regulators had warned about for years: the gap between documented operational risk controls and actual front-line practice. The bank’s risk ... <a title="Operational Risk Management in Banking: Basel Framework and Three Lines" class="read-more" href="https://riskpublishing.com/operational-risk-management-in-banking-basel/" aria-label="Read more about Operational Risk Management in Banking: Basel Framework and Three Lines">Read more</a>
Healthcare Risk Management Framework: HIPAA, Patient Safety, and ERM
In September 2024, Change Healthcare, a subsidiary of UnitedHealth Group, confirmed that a ransomware attack had compromised the personal data of over 100 million patients, making it the largest healthcare data breach in U.S. history. The attackers exploited a single set of credentials lacking multi-factor authentication. For weeks, pharmacies could not process prescriptions. Hospitals deferred ... <a title="Healthcare Risk Management Framework: HIPAA, Patient Safety, and ERM" class="read-more" href="https://riskpublishing.com/healthcare-risk-management-framework/" aria-label="Read more about Healthcare Risk Management Framework: HIPAA, Patient Safety, and ERM">Read more</a>
CPS 234 vs NIST CSF: Cyber Risk Framework Comparison for Multinationals
The debate over CPS 234 vs NIST CSF matters most when real breaches expose framework gaps. In September 2022, Australian telecommunications giant Optus disclosed a data breach affecting 9.8 million customers, roughly 40% of the Australian population. APRA-regulated entities that relied on Optus infrastructure scrambled to assess their own exposure, and many discovered an uncomfortable ... <a title="CPS 234 vs NIST CSF: Cyber Risk Framework Comparison for Multinationals" class="read-more" href="https://riskpublishing.com/cps-234-vs-nist-csf-cyber-risk-framework/" aria-label="Read more about CPS 234 vs NIST CSF: Cyber Risk Framework Comparison for Multinationals">Read more</a>
NIST AI RMF Implementation Guide: From Framework to Practice
This NIST AI RMF Implementation Guide provides a practical roadmap for operationalizing AI risk management. In March 2024, a Fortune 500 financial services firm deployed a generative AI model to automate customer credit assessments. Within six weeks, regulators flagged the model for producing systematically biased outcomes against applicants in three protected demographic groups. The remediation ... <a title="NIST AI RMF Implementation Guide: From Framework to Practice" class="read-more" href="https://riskpublishing.com/nist-ai-rmf-implementation-guide-from-framework/" aria-label="Read more about NIST AI RMF Implementation Guide: From Framework to Practice">Read more</a>
Explore by Desk
Enterprise Risk Management
ERM frameworks, risk appetite, risk registers, AI risk, operational risk
Business Continuity
ISO 22301, BIA, BCP templates, DRP, exercises, crypto BCM
Cyber & InfoSec
NIST CSF, CIS Controls, CRAMM, ransomware, incident response
Risk Assessment
Methodologies, frameworks, quantitative analysis, sector-specific
ESG Risk
ISSB, CSRD, climate risk, double materiality, Scope 1-3
Geopolitical Risk
Sanctions, tariffs, trade war, country risk, supply chains
Operational Resilience
DORA, impact tolerances, IBS mapping, resilience testing
GRC
Governance frameworks, compliance, audit, OCEG, Three Lines