Scott
Scott North has extensive experience in enterprise risk management, internal audit, operational risk and compliance, risk strategy, scenario planning, technology risk, technology business analysis, systems design, financial accounting, and management accounting. Scott is a Fellow of the Australian Institute of Chartered Accountants with a Masters Degree from the University of Melbourne in Business and Information Technology. Scott is also a Fellow of the University of Melbourne.
Artificial Intelligence (AI)
Using AI Risk Management to Accelerate Innovation
New Diligent Institute / Governance Institute of Australia data shows 61% of Australian boards restrict employee AI use while only 13% have an AI-literate director — proof that restriction and real governance are pulling apart. NIST's expanding AI Risk Management Framework and the EU AI Act's 2 August 2026 third-party accountability deadline show how structured, evidence-based workflows are what actually let AI adoption move faster, safely.
Artificial Intelligence (AI)
The Qantas privacy finding: a positive lesson in third-party oversight
A serious data breach does not automatically mean governance failed.
The more important question is whether an organisation can demonstrate that it understood the risks,...
APRA
APRA’s CPS 230 Tweaks: Small Amendment, Big Governance Signal
APRA has released final targeted amendments to CPS 230 Operational Risk Management. The item is current and sits within APRA’s prudential framework, so boards and risk teams should treat it as a live governance and…
Artificial Intelligence (AI)
AI Agents and Non-Human Identity Risk
When a single ungoverned AI tool gave attackers a path from a Vercel employee’s device into Vercel’s internal systems, and a poisoned VS Code extension let attackers pull roughly 3,800 repositories out of GitHub, the common thread wasn’t a coding flaw — it was an unmanaged non-human identity. With AI agents now driving machine identities to roughly 109 per human inside the average enterprise (CyberArk, 2026), most governance frameworks still treat identity as a human-only problem.
Artificial Intelligence (AI)
AI Risk Management Must Shift from Advisory to Driving Informed Risk Taking
Commonwealth Bank's 2026 AI transparency report, Deloitte's board AI-literacy data and PwC's 2026 AI Performance Study all point the same way: risk teams stuck in a purely advisory role are becoming a competitive liability, not a safeguard. Here's what separates governance that enables from governance that only gates.
Business Interruption
“Cheap and Out of Date”, a Board-Level Resilience Question
A practical risk maturity article using a current event to test ownership, evidence, controls, challenge and decision quality.
Artificial Intelligence (AI)
Why Standardised AI Risk Assessment Is Critical for Scalable, Responsible AI Use
Grant Thornton's 2026 AI Impact Survey, the AICD/HTI Director's Guide to AI Governance, and a March 2026 Meta AI agent incident all point the same way: organisations scaling AI without a standardised, risk-based assessment framework can't explain or defend their decisions when it matters.
Artificial Intelligence (AI)
Why Your Organisation Must Own AI Model Risk Management Beyond Traditional Frameworks
Traditional model risk management falls short for AI. Executives and risk managers must recognise AI model risk as a distinct challenge requiring tailored governance, deeper vendor scrutiny, and proactive controls to protect value and trust.
Join our community of SUBSCRIBERS and be part of the conversation.
To subscribe, simply enter your email address on our website or click the subscribe button below. Don't worry, we respect your privacy and won't spam your inbox. Your information is safe with us.

