AI is excellent at both looking confident and eating data like it’s at an all-you-can-eat buffet. And while that’s great for accuracy and shiny demos, it’s a little less great for privacy teams who now have to explain to regulators why a training dataset suddenly includes customer chats, location trails, or that folder someone swore was anonymized.
In this article, Norman Marks explores the evolving role of the chief audit executive, moving beyond traditional assurance to actively helping boards and audit committees operate more effectively. With new opportunities emerging through AI and technology, Marks argues that internal audit functions can deliver greater value by enhancing board governance, insight, and performance.
Climate has dominated ESG discourse for years. Carbon pathways, transition plans, emissions reporting have all become standard boardroom topics. Yet the most fundamental risk is one that companies often only notice once it’s too late, which is the natural systems that businesses depends on every single day.
Ayoub Fandi’s latest contribution to the GRC Report examines how organizations can transform their GRC programs from compliance-focused operations into risk-driven decision engines. He breaks down why the traditional model falls short and presents a practical, engineering-led framework that shifts the focus toward measurable risk reduction and meaningful business impact.
Social media crises sparked by negative content, customer complaints, or high-profile scandals can spread almost instantaneously across platforms such as Twitter, Instagram, TikTok, and Facebook. Unlike traditional public relations challenges, these crises escalate at viral speed, reaching millions within hours and leaving little time for brands to respond.
In my earlier piece, Governing the Extended Enterprise: The TPRM Platform I Would Demand, I laid out what a future-proof third-party governance platform must look like. But if the architecture is the “what,” organizations are now asking about the “how.” How do we take those principles and turn them into capability, authority, and action? Technology alone won’t get us there. Governance needs orchestration.
The UK has recently published a series of consultation papers pertaining to its Employment Rights Bill, originally introduced in October 2024 as a sweeping reshaping of UK employment law. These papers aim to clarify the goals and practicalities set out by the original, as yet codified, legislation. While the Bill is being pushed through as a cornerstone reformation effort towards employment laws in the UK. However, Many of its most consequential changes, such as protections against unfair dismissal, particularly regarding new mothers, are not totally defined in the legislation itself. These papers are designed to facilitate feedback to, and to clarify the intent behind these provisions.