These are long pieces that I've written for this website.
Strategic risk management is a hard subject to grasp. These are the matters so big it's a problem even understanding where to start when you're in the day-to-day.
This guide on third party risk was written towards controlling a range of risks can possibly arise from the outsourcing of core functions.
How to get a technology service organization through a SOC-2 audit with a minimum pain and with maximum gain. This goes beyond the how-tos of information security and good governance and explains the competitive advantages that a company will invariably experience when it can consistently excel.
I had formerly written a number of these pieces for an older website, risktopics.com.
Non-profits require processes monitoring the enterprise for loss, including missed opportunity. I have written a manual for doing so that avoids common pitfalls in risk management.