I first came across the phrase “risk intelligent” in the summer of 2006 when I was interviewing Deloitte & Touché LLP’s Stephen Wagner, who was heading his firm’s corporate governance practice. In fact, I poached the term – which the firm was using to promote the notion of centralized GRC and its GRC services – and used it in my headline.

(Last year, Wagner co-authored a conventional-wisdom-upending article in the Harvard Business Review titled “The Unexpected Benefits of Sarbanes-Oxley”)

Wagner said that the only way to achieve effective and efficient risk management and compliance management capabilities within an organization was “through greater coordination, adoption of common frameworks and sharing of information and practices.”

Three years later, this opinion remains valid. My GRC information sensors tingled when I came across an e-mail pitch, one for CA’s products, that contained the term “risk IQ.”

Yes, it’s a catchy term from a marketing perspective, but it also makes a lot of sense – especially after you read how CA Director of GRC Programs Sumner Blount (who reins in any marketing impulses he might have) defines the term and explains what qualities he sees within high risk-IQ organizations — in this Q&A.