Insights

In this article, Ayoub Fandi breaks down why so many organizations still treat GRC as a yearly project tied to audits rather than as a strategic product that continuously delivers value. By reframing GRC as something that evolves, improves, and serves real users across the business, he illustrates how organizations can reduce manual effort, improve their security posture, and align risk management with decision-making. The goal is to move beyond compliance checklists, and instead build a living, continuous GRC program that drives resilience and supports the business every day, not just during audit season.

If you are driving down the highway at 65mph (104.6kph), a broken-down truck in the middle of the road ahead is a serious source of risk. You might consider it the #1 entry in your list of top risks (if you were to put such a list together as you were driving). But what if you can’t see it?

The conversation began with a question posed in a recent post, “Are professional institutes and regulators rejecting AI research and logic because they don’t want to change?”

Ben & Jerry’s is an activist brand. It operates under a unique mission-driven board configuration that sets it apart from most subsidiaries of large corporations. Although owned by Unilever, the company maintains a semi-independent board specifically tasked with safeguarding its social mission, which includes environmental sustainability, human rights, and ethical business practices. This hybrid governance model combines traditional corporate oversight with dedicated representatives who ensure that Ben & Jerry’s activism and ethical commitments remain central to its decision-making. The board includes independent directors, Unilever representatives, employee voices, and social mission advocates, creating a structure designed to balance profitability with purpose, a rare approach in the corporate world.

It’s been a long decade for authenticity. Once the darling of brand strategy, it’s now nursing a moral hangover. Every company claimed a purpose, every CEO went on LinkedIn to “get real,” and every product came with a sustainability story just waiting to be debunked.

For years, AI governance has been built around preventing bad decisions before they happen. Organizations assess training data, test accuracy, evaluate bias, write principles, and sign off on models before they go live. That made sense when AI produced insights and humans made the choices that followed.

Every crisis begins with a moment of disbelief. The thing that wasn’t supposed to happen suddenly has, and the assumptions that felt so comfortable a day earlier now feel paper-thin. That’s when risk management either shows up or falls apart.