Ayoub Fandi’s latest contribution to the GRC Report examines how organizations can transform their GRC programs from compliance-focused operations into risk-driven decision engines. He breaks down why the traditional model falls short and presents a practical, engineering-led framework that shifts the focus toward measurable risk reduction and meaningful business impact.
Social media crises sparked by negative content, customer complaints, or high-profile scandals can spread almost instantaneously across platforms such as Twitter, Instagram, TikTok, and Facebook. Unlike traditional public relations challenges, these crises escalate at viral speed, reaching millions within hours and leaving little time for brands to respond.
In my earlier piece, Governing the Extended Enterprise: The TPRM Platform I Would Demand, I laid out what a future-proof third-party governance platform must look like. But if the architecture is the “what,” organizations are now asking about the “how.” How do we take those principles and turn them into capability, authority, and action? Technology alone won’t get us there. Governance needs orchestration.
The UK has recently published a series of consultation papers pertaining to its Employment Rights Bill, originally introduced in October 2024 as a sweeping reshaping of UK employment law. These papers aim to clarify the goals and practicalities set out by the original, as yet codified, legislation. While the Bill is being pushed through as a cornerstone reformation effort towards employment laws in the UK. However, Many of its most consequential changes, such as protections against unfair dismissal, particularly regarding new mothers, are not totally defined in the legislation itself. These papers are designed to facilitate feedback to, and to clarify the intent behind these provisions.
In this article, Norman Marks looks into why so many organizations continue to operate with ineffective risk management programs, even while acknowledging the consequences. Drawing on industry survey data and decades of experience, he explores how boards and CEOs often settle for compliance-driven approaches that fail to support decision-making, and why meaningful change must start at the top.
In this article, Graeme Keith expands on the evolving terrain of quantitative risk modeling, charting how ambiguity, complexity, and scope shape the decisions organizations must make in uncertain environments. Building on his earlier work on modeling uncertainty and enterprise-scale decision making, Keith explores the fundamental axes that define the mathematical landscape, unpacking how trends, structural uncertainty, instability, and nonlinear dynamics challenge traditional approaches while revealing where established methods still hold power and where new paradigms are essential.
Comunicaciones Celulares (better known as Comcel), the company behind TIGO Guatemala, has wrapped up a Foreign Corrupt Practices Act investigation that has managed to outlast joint-venture partners, ownership structures, and even an earlier DOJ case closure. The company’s newly finalized deferred prosecution agreement brings more than $118 million in fines and forfeiture, and a close to a decade-long saga that proves, once again, that FCPA matters rarely fade quietly into the night just because companies hope they will.