reading roomThought Leadership

Friday, July 17, 2026
The Innovation of Risk Reading Room provides independent analysis of risk management, AI governance, board oversight, regulation, operational resilience, compliance and culture. Our articles translate current events and regulatory developments into practical questions for boards, executives, auditors and risk professionals.

Recent news

Using AI Risk Management to Accelerate Innovation

New Diligent Institute / Governance Institute of Australia data shows 61% of Australian boards restrict employee AI use while only 13% have an AI-literate director — proof that restriction and real governance are pulling apart. NIST's expanding AI Risk Management Framework and the EU AI Act's 2 August 2026 third-party accountability deadline show how structured, evidence-based workflows are what actually let AI adoption move faster, safely.

Thought Starters

The life cycle of risk management

Quite simply I see a five stage approach to how risk management evolves in any organisation.  Within each of these five stages there are of course many variations in terms of length of time, impacts and overall organisational change aspects. However, I have found that these five stages reasonably represent the reality of risk management.

Read more....

Regulator statement lifts the bar on privacy response readiness

OAIC has published a statement on the Instructure (Canvas) cyber incident, confirming Australian education providers have been affected and directing impacted parties to the entity first for privacy complaints and response handling.

APRA calls for a step-change in AI-related risk management and governance

APRA has flagged a need for a step-change in AI-related risk management and governance across banks, insurers and superannuation trustees, indicating a sharper prudential focus on emerging technology risk.

Business continuity is needed everywhere

Organisations that value the customer and evaluate themselves on their effective response to events will prepare incident response plans prior to events through analysis of their business processes and identification of potential failure points.


Click the title to read more.

Understanding Your Customer Risks

Anyone who has a customer base should consider implementing a process to understand their customer risks.

APRA finalises reinsurance framework changes

APRA's finalised reinsurance framework eases access to catastrophe bonds and shifts capital-treatment decisions to the appointed actuary, changing what boards need to evidence before the 1 January 2027 start date.

Using AI Risk Management to Accelerate Innovation

New Diligent Institute / Governance Institute of Australia data shows 61% of Australian boards restrict employee AI use while only 13% have an AI-literate director — proof that restriction and real governance are pulling apart. NIST's expanding AI Risk Management Framework and the EU AI Act's 2 August 2026 third-party accountability deadline show how structured, evidence-based workflows are what actually let AI adoption move faster, safely.

The Qantas privacy finding: a positive lesson in third-party oversight

A serious data breach does not automatically mean governance failed. The more important question is whether an organisation can demonstrate that it understood the risks,...

APRA’s CPS 230 Tweaks: Small Amendment, Big Governance Signal

APRA has released final targeted amendments to CPS 230 Operational Risk Management. The item is current and sits within APRA’s prudential framework, so boards and risk teams should treat it as a live governance and…

AI Agents and Non-Human Identity Risk

When a single ungoverned AI tool gave attackers a path from a Vercel employee’s device into Vercel’s internal systems, and a poisoned VS Code extension let attackers pull roughly 3,800 repositories out of GitHub, the common thread wasn’t a coding flaw — it was an unmanaged non-human identity. With AI agents now driving machine identities to roughly 109 per human inside the average enterprise (CyberArk, 2026), most governance frameworks still treat identity as a human-only problem.

Featured

Cyber risk is not a compliance project, it is great business

The deeper lesson is that cyber risk maturity must be embedded into normal strategic, operational, supplier and technology assessments.

Effective Risk Committees

The practice of effective risk management requires the management team to take ownership for the risks of their business through an effective and efficient decision making process.

Every Risk Moment Matters

In each of our working and personal lives every moment matters. This applies just as much for risk moments as customer facing moments.

How is your operational resilience maturity

Operational resilience is a critical factor in the success...

Collaboration is Critical for Risk

The focus on collaboration ensures a more productive and outcome-focused business, which is critical to the innovation of risk. To innovate we must amalgamate ideas from a diverse set of skill-sets.

Categories

Learn more about Innovation of Risk subscription services