Swiss GRC Day 2026 Showed a Profession Reconsidering Its Own Assumptions

Key Takeaways

• Decision-Making Emerged as the Central Theme: Speakers throughout Swiss GRC Day 2026 repeatedly emphasized that the purpose of risk management is not documentation alone, but helping organizations make better decisions under uncertainty.
• Traditional Governance Tools Faced Renewed Scrutiny: Discussions around heat maps, scoring systems, and static risk registers reflected growing concern that many legacy reporting approaches struggle to capture interconnected and fast-moving risks.
• Quantification and Scenario Analysis Continued to Gain Ground: Sessions focused on simulation models, risk aggregation, and scenario thinking highlighted increasing demand for approaches that make uncertainty and dependencies more visible to leadership teams.
• Risk Culture Was Framed as a Strategic Issue, Not a Soft One: Presentations on psychological safety, leadership behavior, and communication failures reinforced the idea that governance breakdowns often stem from human dynamics long before formal controls fail.
• Interconnected Risk Dominated the Conversation: Cyber threats, geopolitical instability, regulatory pressure, operational resilience, and technological disruption were repeatedly discussed not as isolated categories, but as overlapping pressures shaping enterprise decision-making.

Deep Dive

During the plague outbreaks of the Middle Ages, ships arriving at port were forced to remain isolated for forty days before unloading cargo. The practice eventually gave rise to the word quarantine, derived from the Italian quaranta, meaning forty. At Swiss GRC Day 2026 in Zurich, moderator Nikolai Tsenov used the story as a reminder that human beings have spent centuries trying to understand, categorize, and manage uncertainty.

The comparison was striking for a simple reason. Medieval merchants with almost no data still understood something modern organizations occasionally forget, which is that the point of risk management is not documentation. It is decision-making under uncertainty.

More than 300 executives, academics, public sector representatives, and governance professionals gathered at the Radisson Blu Hotel Zurich Airport to discuss the future of governance, risk, and compliance management at a moment when organizations are being hit simultaneously by geopolitical instability, cyber threats, economic uncertainty, regulatory pressure, and technological disruption.

Officially, the event focused on resilience, uncertainty, and risk culture. In practice, many of the discussions revolved around a more uncomfortable question. Are the governance structures organizations spent years building actually helping leaders understand risk more clearly, or simply helping them feel more organized while uncertainty grows around them?

Nobody at the conference argued that reporting, controls, or governance frameworks no longer matter. The skepticism was more specific than that. Increasingly, many governance professionals appear concerned that organizations have become exceptionally good at producing risk artifacts without necessarily improving how decisions get made.

Beyond Static Risk Lists

That frustration surfaced repeatedly throughout the conference sessions. Prof. Dr. Werner Gleißner, CEO of FutureValue Group AG and Professor of Risk Management at TU Dresden, argued during his keynote that organizations need to connect risk directly to strategy, planning, and corporate value rather than treating risk management as a separate compliance-oriented activity.

The distinction matters because modern enterprise risk rarely behaves in isolated categories anymore.

Cyber incidents can become operational crises within hours. Geopolitical conflict reshapes supply chains. Regulatory changes alter technology strategy. Economic instability affects everything simultaneously. Yet many organizations still rely on governance structures that separate these pressures into different reports, different committees, and different dashboards.

By the time those risks intersect in the real world, the reporting structure designed to explain them can already feel outdated.

That broader shift away from static reporting and toward interconnected thinking appeared throughout the day’s discussions.

Florian Worm of the HARTMANN GROUP focused on quantitative methods such as risk aggregation, scenario analysis, and simulation modeling, emphasizing that the purpose of quantification is not to eliminate uncertainty or perfectly predict the future. Instead, these approaches help organizations better understand possible outcomes, dependencies, and exposure across complex environments.

Alexandra Burns, Partner and Head Risk & Regulatory Consulting at PwC, pushed the discussion even further during her presentation examining “black swans,” “grey rhinos,” and “green dragons,” concepts describing unpredictable shocks, visible but neglected threats, and emerging systemic risks. Her session focused heavily on horizon scanning, strategic foresight, and identifying weak signals before they escalate into larger disruptions.

Together, the sessions reflected a broader shift happening across the governance profession. Organizations are increasingly recognizing that risk registers alone struggle to capture interconnected volatility, particularly when geopolitical instability, cyber threats, regulatory pressure, operational resilience, and AI-related uncertainty are all influencing one another simultaneously.

Traditional heat maps can still provide snapshots. The problem is that modern risk environments increasingly behave more like moving systems than static inventories.

The Human Factors Behind Governance Failures

Notably, some of the conference’s most pointed observations had very little to do with methodology or technology at all. Michael Niedermann, Head Consulting at Swiss GRC, focused his presentation on organizational psychology, leadership behavior, and psychological safety, arguing that governance failures frequently emerge from human dynamics rather than the absence of formal controls.

That framing resonated because many modern governance failures follow a familiar pattern. Warning signs exist. Concerns are raised quietly. Teams hesitate to escalate issues. Executives receive softened versions of problems. Organizations convince themselves situations are manageable until they suddenly are not.

Terms like optimism bias, conformity pressure, and groupthink are often treated as soft cultural concepts. At Swiss GRC Day, they were increasingly discussed as operational realities that directly affect resilience and decision quality.

A live audience survey conducted during Niedermann’s session reinforced the point, highlighting continuing challenges around open communication, leadership accountability, and integrating risk management meaningfully into decision-making processes.

That may ultimately be one of the more significant shifts taking place across the profession. Risk culture is no longer being framed as a secondary concern sitting adjacent to governance frameworks. It is increasingly being treated as a core determinant of whether governance systems function at all.

The Debate That Captured the Mood of the Conference

The clearest expression of the conference’s broader mood came during a debate between Prof. Dr. Stefan Hunziker of Lucerne University of Applied Sciences and Arts and Dr. Alexander Hilsbos of Insel Gruppe. Drawing from both academic research and practical experience, the two examined which risk management methods genuinely improve decision-making and which merely create the appearance of control.

Their conclusion was direct. The value of risk management lies not in reports, documentation, or governance mechanics alone, but in helping organizations make better decisions under uncertainty.

That idea surfaced repeatedly throughout the event, even in sessions approaching resilience from entirely different angles.

The conference concluded with a keynote from Zoya Miari, Founder of Waves to Home, who focused on empathy, human experience, and resilience during periods of uncertainty and displacement.  While markedly different in tone from the day’s more technical discussions, the presentation reinforced a theme that had quietly tied the conference together from the beginning. Behind every framework, risk scenario, or governance model are ultimately people trying to make decisions in conditions they cannot fully control.

That may explain why so many conversations at this year’s Swiss GRC Day felt less focused on whether organizations possess enough data and more focused on whether they are using that information in ways that genuinely improve judgment.

Because modern organizations are not suffering from a shortage of dashboards. What many of them appear to be searching for instead is clarity.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.