Geopolitical Risk Assessment: How to Analyze, Monitor, and Mitigate Geopolitical Threats
ESGESG Risk Management: How to Identify, Assess, and Report Environmental, Social, and Governance Risks
Operational ResilienceOperational Resilience Framework: Building Resilience Beyond Business Continuity
GRCGRC Framework: How to Build an Integrated Governance, Risk, and Compliance Program
Risk Pulse
View all data →US Effective Tariff Rate
Highest since 1947. IEEPA ruling may reduce to 6.0% in 2026.
Suez Canal Container Traffic
Collapse since Houthi attacks. Still 49% below pre-crisis levels.
Asia-US Transit Time Increase
Cape of Good Hope rerouting extends SE Asia to US East Coast shipping.
ISSB Adopting Jurisdictions
Sustainability disclosure standards now live across 36 jurisdictions globally.
Latest Analysis
View all articles →
SOX Compliance Risk Assessment Template
Key TakeawaysCompanies spend an average of $1.4 million annually to meet SOX Section 404 requirements, with costs proportionally more burdensome for smaller filers (GAO-25-107500).A top-down risk assessment (TDRA) aligned to PCAOB AS 5 and COSO 2013 is the required methodology for scoping SOX internal control testing.The template provided maps all five COSO components and 17 ... <a title="SOX Compliance Risk Assessment Template" class="read-more" href="https://riskpublishing.com/sox-compliance-risk-assessment-template/" aria-label="Read more about SOX Compliance Risk Assessment Template">Read more</a>
SOC 2 Type II Audit Guide: Requirements, Cost, and Timeline
Key Takeaways A first-time SOC 2 Type II audit costs between $30,000 and $150,000 all-in, depending on organization size, scope of Trust Services Criteria, and auditor selection. The end-to-end timeline spans 6-18 months for first-time engagements, with the observation period alone requiring a minimum of 3 months. Security is the only mandatory Trust Services Criterion; ... <a title="SOC 2 Type II Audit Guide: Requirements, Cost, and Timeline" class="read-more" href="https://riskpublishing.com/soc-2-type-ii-audit-guide-requirements-cost/" aria-label="Read more about SOC 2 Type II Audit Guide: Requirements, Cost, and Timeline">Read more</a>
FCA/PRA Operational Resilience vs DORA: Comparison Guide
Key Takeaways The UK (FCA/PRA) framework takes a holistic, outcomes-based approach covering all disruption types, while DORA is prescriptive and focused specifically on digital/ICT operational resilience. UK rules center on important business services (IBS) and impact tolerances; DORA is built around five pillars: ICT risk management, incident reporting, resilience testing, third-party risk, and information sharing. ... <a title="FCA/PRA Operational Resilience vs DORA: Comparison Guide" class="read-more" href="https://riskpublishing.com/fca-pra-operational-resilience-vs-dora-comparis/" aria-label="Read more about FCA/PRA Operational Resilience vs DORA: Comparison Guide">Read more</a>
Important Business Services Mapping: Step-by-Step Guide
Key Takeaways Important business services mapping identifies the services whose disruption would cause intolerable harm to customers, markets, or the firm itself. UK regulators (PRA, FCA) required firms to complete IBS mapping and testing within impact tolerances by 31 March 2025, with full operational resilience compliance due by March 2025. A structured six-step process moves ... <a title="Important Business Services Mapping: Step-by-Step Guide" class="read-more" href="https://riskpublishing.com/important-business-services-mapping-step-by-ste/" aria-label="Read more about Important Business Services Mapping: Step-by-Step Guide">Read more</a>
Impact Tolerance Setting: A Practitioner Methodology
Key Takeaways Impact tolerances define the maximum tolerable disruption to an important business service before intolerable harm occurs to consumers, markets, or financial stability. The PRA and FCA required UK firms to remain within impact tolerances by 31 March 2025; DORA imposes similar expectations across the EU from January 2025. A robust methodology uses five ... <a title="Impact Tolerance Setting: A Practitioner Methodology" class="read-more" href="https://riskpublishing.com/impact-tolerance-setting-a-practitioner-method/" aria-label="Read more about Impact Tolerance Setting: A Practitioner Methodology">Read more</a>
Operational Resilience vs Business Continuity: Key Differences
Key Takeaways Business continuity focuses on recovering known functions after specific disruptions; operational resilience builds adaptive capacity to absorb any shock and keep delivering critical services. The UK PRA/FCA operational resilience rules reached full compliance on 31 March 2025, while the EU DORA regulation has been enforceable since January 2025, driving global convergence. Impact tolerances ... <a title="Operational Resilience vs Business Continuity: Key Differences" class="read-more" href="https://riskpublishing.com/operational-resilience-vs-business-continuity-k/" aria-label="Read more about Operational Resilience vs Business Continuity: Key Differences">Read more</a>
DORA Incident Classification and Reporting: Timelines and Templates
Key Takeaways DORA mandates a structured four-stage incident reporting process: initial notification (4 hours from classification), initial report (24 hours from detection), intermediate report (72 hours), and final report (1 month after resolution). Incident classification hinges on six materiality criteria defined in Delegated Regulation (EU) 2024/1772, including client impact, economic loss exceeding EUR 100,000, service ... <a title="DORA Incident Classification and Reporting: Timelines and Templates" class="read-more" href="https://riskpublishing.com/dora-incident-classification-and-reporting/" aria-label="Read more about DORA Incident Classification and Reporting: Timelines and Templates">Read more</a>
DORA Third-Party Risk Register Template
Key Takeaways DORA Article 28 requires every EU-regulated financial entity to maintain a Register of Information (RoI) covering all ICT third-party contractual arrangements, with mandatory annual reporting to competent authorities. The ESA template structures the RoI across 15 interlinked tables with over 60 mandatory data fields, covering provider identity, contract terms, criticality assessments, data locations, ... <a title="DORA Third-Party Risk Register Template" class="read-more" href="https://riskpublishing.com/dora-third-party-risk-register-template/" aria-label="Read more about DORA Third-Party Risk Register Template">Read more</a>
DORA ICT Risk Management Framework: Articles 5-16 Implementation Guide
Key Takeaways DORA ICT risk management (Articles 5-16) became mandatory for approximately 22,000 EU financial entities on 17 January 2025, with enforcement actions now live across all member states. The framework follows a five-phase lifecycle: Governance (Art. 5), Identification (Art. 8), Protection and Prevention (Art. 9), Detection (Art. 10), and Response and Recovery (Art. 11-12). ... <a title="DORA ICT Risk Management Framework: Articles 5-16 Implementation Guide" class="read-more" href="https://riskpublishing.com/dora-ict-risk-management-framework-articles-5/" aria-label="Read more about DORA ICT Risk Management Framework: Articles 5-16 Implementation Guide">Read more</a>
Nature-Related Risk Assessment: TNFD Framework Guide
Key Takeaways The TNFD framework, published in September 2023, provides 14 disclosure recommendations across four pillars (Governance, Strategy, Risk Management, Metrics and Targets) plus the LEAP approach (Locate, Evaluate, Assess, Prepare) for identifying and assessing nature-related dependencies, impacts, risks, and opportunities. Voluntary market adoption has reached 733 organizations as of November 2025, representing over $9.4 ... <a title="Nature-Related Risk Assessment: TNFD Framework Guide" class="read-more" href="https://riskpublishing.com/nature-related-risk-assessment-tnfd-framework-g/" aria-label="Read more about Nature-Related Risk Assessment: TNFD Framework Guide">Read more</a>
Explore by Desk
Enterprise Risk Management
ERM frameworks, risk appetite, risk registers, AI risk, operational risk
Business Continuity
ISO 22301, BIA, BCP templates, DRP, exercises, crypto BCM
Cyber & InfoSec
NIST CSF, CIS Controls, CRAMM, ransomware, incident response
Risk Assessment
Methodologies, frameworks, quantitative analysis, sector-specific
ESG Risk
ISSB, CSRD, climate risk, double materiality, Scope 1-3
Geopolitical Risk
Sanctions, tariffs, trade war, country risk, supply chains
Operational Resilience
DORA, impact tolerances, IBS mapping, resilience testing
GRC
Governance frameworks, compliance, audit, OCEG, Three Lines