I encourage you to subscribe (free) to McKinsey’s frequent reports. Their latest, Enhanced cyberrisk reporting: Opening doors to risk-based cybersecurity has some good observations. Unfortunately, their ideas for addressing the problem don’t work for me.
Creating and Protecting Value: Understanding and Implementing Enterprise Risk Management is based on COSO’s 2017 update of its 2004 ERM Framework. Their intent is to explain how effective ERM can add value to an organization, and to give some guidance on how to implement or upgrade it.
Richard Chambers, President and CEO of the global Institute of Internal Auditors, is a friend whose leadership at the IIA and of internal audit practices I value and respect. Recently, he wrote a blog, One Mistake Internal Audit Cannot Afford to Make in 2020.