In Norman Marks’ latest piece, he dives into the persistent misconception that cyber risk stands apart from broader business concerns. Drawing on timeless advice from former Protiviti executive Ed Hill and tying in new findings from Qualys’ 2025 cyber risk report, Marks makes the case for breaking down silos and treating cyber as just one of many risks competing for limited resources and executive attention.
Flaws in traditional enterprise risk management (ERM) and legacy internal audit (IA) practices aren’t exactly a secret. Risk registers, heat maps, and audits focused solely on internal control deficiencies may look tidy in a board report, but they rarely reflect how risk really works or how organizations actually fail.
The future of GRC is not simply digital, it’s decisively autonomous. It’s not just about processing power or clever dashboards. It’s about cognitive capability woven into the operational fabric of the organization—fluid, contextual, and self-directed. It’s orchestrated intelligence with agency.
In Norman Marks’ latest piece, he challenges internal auditors to reflect on their role, their mindset, and their real value to the organization. Drawing from personal experience and professional insight, Marks lays out a series of contrasts that help auditors pinpoint where they stand and where they might want to go.
The UK’s newly released 2025 National Risk Assessment of Money Laundering and Terrorist Financing (NRA) marks a critical turning point in how financial crime risk is expected to be understood, assessed, and managed.
In my last article, we introduced GRC 7.0 – GRC Orchestrate, a transformative shift in how we understand Governance, Risk Management, and Compliance. This new model reimagines GRC not as a collection of isolated tools and tasks, but as an integrated, dynamic capability. One that aligns performance, integrity, and strategy across the enterprise in real time.
Business decisions should be grounded in well-calculated risks, and today, most decisions adhere to this principle. However, to make informed choices, leaders rely on timely, high-quality data, including economic forecasts, competitor analysis, sales data, buying patterns, and more. They must interpret this data, eliminate distractions, and, in essence, predict future trends.