When things are going well—when markets are humming, innovation is booming, and everyone feels flush—it’s tempting to believe the system is safer than it actually is. That’s exactly the moment risk professionals should be most concerned.
Across boardrooms and back offices, the promise of AI is animating strategy sessions and shaping budgets. Everyone wants in on the productivity gains, the streamlined operations, the predictive insights. But behind the excitement lies a quietly growing tension: how do you govern a technology that can improvise, evolve, and sometimes go off-script?
We are entering a new chapter in the evolution of Governance, Risk, and Compliance. This is a chapter not just marked by smarter systems or slicker dashboards, but by a fundamental shift in how organizations align purpose, navigate uncertainty, and embed integrity across the enterprise. This is GRC Orchestration in full force: not a rebranding or a bolt-on, but a metamorphosis. GRC is becoming sentient, not in the sci-fi sense, but in the sense that it now continuously learns, adapts, and acts in context.
In my recent piece, Risk Everywhere: Why Geopolitical Risk Demands a New Era of Risk Intelligence, I argued that risk is no longer an isolated discipline. It is the context within which organizations operate. I wrote that article after noticing a clear pattern across engagements where geopolitical uncertainty is steadily becoming a defining factor in strategic decisions, operational dependencies, and even the cultural posture of risk itself.
In this article, Norman Marks breaks down the difference between traditional, retrospective assurance and the kind of forward-looking insight that truly supports decision-making. Drawing on his decades of experience, he challenges internal auditors to shift their focus from the past to the future, and to deliver assurance that helps organizations navigate the risks and opportunities ahead.
In this article, Tim Leech expands on a recent post he shared in the LinkedIn discussion group Objective Centric Risk & Uncertainty Management to explore a fundamental, and often overlooked, question in modern governance: Do boards actually agree on their purpose? Drawing on decades of research and a collaborative analysis with ChatGPT, Leech argues that the staggering cost of governance failures may stem from one core issue, there is no consensus on the very purpose of corporate governance itself.
The UK’s data protection regime has just undergone its biggest recalibration since Brexit. On June 19, 2025, the Data (Use and Access) Act (DUAA) received Royal Assent, introducing a suite of reforms aimed at modernizing how organizations collect, use, and share personal information. But unlike GDPR’s transformative shake-up in 2018, this legislation is more evolutionary than revolutionary, nudging UK data protection in a direction that’s lighter on red tape, but still recognizably rights-driven.