Insights

In his piece, Ayoub Fandi dives into the hidden cracks of modern GRC programs, where siloed tools, mismatched taxonomies, and broken information flows leave organizations vulnerable. Drawing on his engineering background and his work leading GitLab’s Security Assurance Automation team, Fandi makes the case for treating GRC like infrastructure, something that needs careful architecture before automation. Through practical insights and a clear-eyed critique of today’s compliance practices, he reframes GRC as a system that can scale with the speed of modern business.

NAVEX partnered with The Harris Poll to survey nearly 1,000 risk and compliance professionals globally about their R&C programs. The survey was conducted between April-May 2025, representing professionals from various industries and organization sizes globally

In his latest article, Graeme Keith explores the foundations of risk modeling in his latest piece, tracing its roots from ancient mathematics to modern decision-making. He argues that models should begin with real-world problems, not abstract equations, and makes the case for why risk modeling must remain intelligible to decision makers.

As we move further into the digital era, organizations face an increasingly complex landscape of risks—from brand reputation challenges to AI governance and cybersecurity concerns. To help professionals, and executives navigate these evolving threats, I am publishing my research categories for 2025/2026, highlighting the areas that will demand attention, insight, and innovation over the next two years.

In an era defined by disruption, resilience is no longer a side conversation in boardrooms, it is the conversation. Cyber incidents, technology outages, geopolitical instability, and supply chain fragility are not “if” events; they are “when” events. Regulators, investors, and customers all demand that you show us not only that you can take the hit, but that you can recover, adapt, and continue to deliver.

In a recent social media post, I laid out what I see as the joint purpose of risk groups and internal audit. The response reinforced what I’ve long believed—that governance works best when accountability is simple, logical, and aligned with fiduciary duty.

In this article, Jason Busch unpacks Albania’s bold experiment to fight procurement corruption with an AI “minister,” weighing its potential to trim graft against the country’s deep-rooted traditions of bribery, backroom deals, and bureaucratic stalling.