James Bone

James Bone’s career has spanned 29 years of management, financial services and regulatory compliance risk experience with Frito-Lay, Inc., Abbot Labs, Merrill Lynch, and Fidelity Investments. James founded Global Compliance Associates, LLC and TheGRCBlueBook in 2009 to consult with global professional services firms, private equity investors, and risk and compliance professionals seeking insights in governance, risk and compliance (“GRC”) leading practices and best in class vendors.
James is a frequent speaker at industry conferences and contributing writer for Compliance Week and Corporate Compliance Insights and serves as faculty presenter and independent consultant for several global consulting firms specializing in governance, risk and compliance, IT compliance and the GRC vendor market. James created TheGRCBlueBook.com to provide risk and compliance professionals with transparency into the GRC vendor marketplace by creating a forum for writing reviews on GRC products and sharing success stories on the risk practices that are most effective.

James is currently attending Harvard Extension School for a Master of Arts in Management with an emphasis in accounting and finance. James received an honorary PhD in Letters from Drury University in Springfield, Missouri and is a member of the Breech Business School Hall of Fame as well as the Missouri Sports Hall of Fame. Having graduated from the Boston University Graduate School of Education, James received his M.Ed. in Management and Organizational Design in 1997 and a Bachelor of Arts in Business Administration from Drury University in 1980.


mock “fake news live” logo

You don’t have to look far for examples of cognitive hacking. Unfortunately, the evidence is virtually everywhere. Many believe cognitive hacking led to Donald Trump winning the presidential election. James Bone cautions that security professionals should become intimately familiar with cognitive hacks, how they work and what can be done to protect against them. Much is at stake.

Read more
backlit vintage 3-D glasses on black background

On paper, risks may seem one-dimensional, but they can be far more complex in reality. A one-dimensional approach to three-dimensional risks won’t suffice. Especially at a time when risk management is undergoing a global transformation, organizations must ensure ERM is creating value for the organization.

Read more
businessman with lightbulb head

The Trust Conundrum Users’ trust in the internet increases with greater usage. On the flip side, as internet usage increases, so does users’ risk exposure. James Bone explores this conundrum; it’s one hackers know well, and one they’re quick to exploit. And yet, businesses across all sectors depend on users’ trust.  What’s a company to do? By: James Bone "It takes two...

Read more
Uncertainty presents challenges for risk management

In the age of Big Data, truth seems increasingly fluid. This is one of the reasons risk management fails. James Bone warns against taking an “archaeological” approach to risk management in the face of uncertainty, creating stories from past experience and imperfect information to describe the new truths using old methods.

Read more
Risky behavior and the cost of integrity

Once upon a time, having a reputation for integrity was enough to encourage goodwill and prevent unethical behavior. That’s not the case so much anymore. James Bone makes the argument that integrity is often viewed as a commodity – something to be bought and sold. This unfortunate perspective can lead to some risky behavior, not to mention ethical lapses.

Read more
The reason we don’t take action to mitigate major risks

The Financial Stability Oversight Council published its sixth annual report in June, and this year’s list of the top threats isn’t much different from the one the FSOC put out six years ago. Are U.S. markets just ignoring risks we know are systemic? And is it because we fervently hope the risks don’t actually occur, or because we don’t understand the severity...

Read more
A new approach to managing cybersecurity

In today’s risk landscape, corporations must rethink the way they manage cybersecurity and combat cyber threats. James Bone, a leading expert in regulatory compliance risk, expects the Cognitive Risk Framework for Cybersecurity (CRFC) to become part of a broader approach to managing risk – and soon. Here, he details the key components to a CRFC.

Read more
A cognitive security solution is necessary in a new era of cyber risk

Despite the fact that organizations are spending more than ever on cybersecurity, the threats continue to increase. Cyber risk is certainly a multi-faceted concern for corporations, but the lack of real success in preventing cyber hacks may be due to an oversight of organizations’ greatest vulnerability – people. Read on for the skinny on CogSec – cognitive security – solutions.

Read more
A culture of ethics is established not by words, but behaviors

No corporate executive (who wants to keep his job) would deny the need for strong financial controls, business ethics, and risk management. But as the old adage goes, actions speak louder than words. The climate executives set is based on more than the mission statement. An organization’s approach to ERM and its commitment to doing business ethically is what really sets the...

Read more
When it comes to risk, we’re all speaking different languages

What is risk? Ask a handful of risk managers, and you’re likely to hear some pretty different explanations, most of which will be focused on objectives rather than on plans for achieving those goals. The good news is that while human capacity falls short, risk-intelligent systems knowledgeware will enable organizations to better predict, prevent, and mitigate risk. And the future is right...

Read more
Outrageous Compliance, Part 3

If everyone is responsible for managing risk at your organization, you’re probably in for a bumpy road. Senior leaders have a different perception of what’s most critical than do front-line staff, so their approaches to risk management would naturally be quite different. It’s best to leave the job of risk discovery, assessment and mitigation to the pros.

Read more
Page 2 of 4 1 2 3 4