James Bone’s career has spanned 29 years of management, financial services and regulatory compliance risk experience with Frito-Lay, Inc., Abbot Labs, Merrill Lynch, and Fidelity Investments. James founded Global Compliance Associates, LLC and TheGRCBlueBook in 2009 to consult with global professional services firms, private equity investors, and risk and compliance professionals seeking insights in governance, risk and compliance (“GRC”) leading practices and best in class vendors.
James is a frequent speaker at industry conferences and contributing writer for Compliance Week and Corporate Compliance Insights and serves as faculty presenter and independent consultant for several global consulting firms specializing in governance, risk and compliance, IT compliance and the GRC vendor market. James created TheGRCBlueBook.com to provide risk and compliance professionals with transparency into the GRC vendor marketplace by creating a forum for writing reviews on GRC products and sharing success stories on the risk practices that are most effective.
James is currently attending Harvard Extension School for a Master of Arts in Management with an emphasis in accounting and finance. James received an honorary PhD in Letters from Drury University in Springfield, Missouri and is a member of the Breech Business School Hall of Fame as well as the Missouri Sports Hall of Fame. Having graduated from the Boston University Graduate School of Education, James received his M.Ed. in Management and Organizational Design in 1997 and a Bachelor of Arts in Business Administration from Drury University in 1980.
If everyone is responsible for managing risk at your organization, you’re probably in for a bumpy road. Senior leaders have a different perception of what’s most critical than do front-line staff, so their approaches to risk management would naturally be quite different. It’s best to leave the job of risk discovery, assessment and mitigation to the pros.Read more →
The interaction between audit committees and management can be frustrating. Audit presents identified risks, and leaders want context. Management doesn’t want to be seen as uncooperative, but even the slightest push back can be perceived that way. Poor internal control design may be the driving force behind this ongoing debate.Read more →
Risk and compliance self-assessments aren’t the truest indicators of actual risk exposure. So you could say there’s an inherent risk in performing a risk self-assessment. Not only is there no real science behind them, the outcome of an RCSA is entirely subject to one’s memory. A self-assessment can be a good jumping-off point, but it can’t be your sole method of understanding risk.Read more →
Think of simplicity as an organization's end goal. It's an ideal that can be strived for in product design, process, governance -- you name it. This was the mindset of Steve Jobs as he drove innovation at Apple, and clearly they're doing something right. The benefits of simplicity are far-reaching.Read more →
Asymmetric risks – risks for which the potential gains are far greater than the potential losses (or vice versa) – can be difficult to plan for, and the events associated with asymmetric risk tend to sneak up on us, regardless of how predictable they may seem. So what impact do these risks have on ERM? Perhaps a mental shift is in order.Read more →
The violence perpetrated on innocent civilians in Paris last week stunned the world. Unfortunately, these acts of terrorism have become far more frequent in recent years. Consequently, the conversation around risk management is shifting. How do we -- as professionals charged with minimizing risk -- respond when the unthinkable happens?Read more →
The CRO of the Future is almost here. James Bone posits that before long, risk management professionals may be replaced by various “risk intelligent systems knowledgeware,” or RISK, able to process volumes of data in an instant, detect threats and respond to them just as quickly. Technology advances at breakneck speed, and so does our dependence on it to manage enterprise risk.Read more →
Ethics and success aren't mutually exclusive terms. We know this, and yet firms still cut corners. We've become so accustomed to the misbehavior of financial services firms we're no longer shocked by it; their misconduct has become routine. Expected even. James Bone discusses the dilemma of mitigating conduct risk when it feels good to be bad.Read more →
Volkswagen, a long-trusted and highly respected brand, will be dealing with the fallout of its emission scandal for quite some time. It's clear to everyone that their massive deception is inexcusable, but we'd do well to remember that the hugest transgressions happen one failure in decision making at a time. Volkswagen's was likely born out of panic.Read more →
Managing risk effectively requires first an understanding of the risk that needs managing. It sounds so elementary, but there's often a great deal of uncertainty about what an organization's risks actually look like. It's no wonder why risk management programs fail. Fortunately, there are a host of ERM tools that can help to bridge this gap.Read more →