Flaws in traditional enterprise risk management (ERM) and legacy internal audit (IA) practices aren’t exactly a secret. Risk registers, heat maps, and audits focused solely on internal control deficiencies may look tidy in a board report, but they rarely reflect how risk really works or how organizations actually fail.
The future of GRC is not simply digital, it’s decisively autonomous. It’s not just about processing power or clever dashboards. It’s about cognitive capability woven into the operational fabric of the organization—fluid, contextual, and self-directed. It’s orchestrated intelligence with agency.
In Norman Marks’ latest piece, he challenges internal auditors to reflect on their role, their mindset, and their real value to the organization. Drawing from personal experience and professional insight, Marks lays out a series of contrasts that help auditors pinpoint where they stand and where they might want to go.
The UK’s newly released 2025 National Risk Assessment of Money Laundering and Terrorist Financing (NRA) marks a critical turning point in how financial crime risk is expected to be understood, assessed, and managed.
In my last article, we introduced GRC 7.0 – GRC Orchestrate, a transformative shift in how we understand Governance, Risk Management, and Compliance. This new model reimagines GRC not as a collection of isolated tools and tasks, but as an integrated, dynamic capability. One that aligns performance, integrity, and strategy across the enterprise in real time.
Business decisions should be grounded in well-calculated risks, and today, most decisions adhere to this principle. However, to make informed choices, leaders rely on timely, high-quality data, including economic forecasts, competitor analysis, sales data, buying patterns, and more. They must interpret this data, eliminate distractions, and, in essence, predict future trends.
In this article, Norman Marks breaks down the double-edged nature of AI adoption in corporate legal departments, highlighting both the remarkable opportunities for productivity and the underappreciated risks that could undermine sound judgment, legal integrity, and even corporate stability. Drawing on recent industry surveys and personal observations, Marks makes a compelling case for why risk and audit professionals must step up and get involved.