Insights

In a recent GRC Report piece, Risk Is Our Business: Why the GRC Market of 2030 Will Look Nothing Like Today, I argued that the governance, risk, and compliance market is not heading into another cycle of incremental change, but a structural break. The core claim was that risk has outgrown the architectures, assumptions, and mental models most GRC platforms and programs still rely on, and AI bolted onto legacy thinking will not save them.

The first wave of obligations under Europe’s AI Act quietly came into force on August 2, 2025. It was the moment organizations were meant to turn policy debates into practice, especially for general-purpose AI models already woven into customer service, analytics, and day-to-day operations. But just as this new era of AI oversight began, another development signaled how uneven the landscape still is.

AI is excellent at both looking confident and eating data like it’s at an all-you-can-eat buffet. And while that’s great for accuracy and shiny demos, it’s a little less great for privacy teams who now have to explain to regulators why a training dataset suddenly includes customer chats, location trails, or that folder someone swore was anonymized.

In this article, Norman Marks explores the evolving role of the chief audit executive, moving beyond traditional assurance to actively helping boards and audit committees operate more effectively. With new opportunities emerging through AI and technology, Marks argues that internal audit functions can deliver greater value by enhancing board governance, insight, and performance.

Climate has dominated ESG discourse for years. Carbon pathways, transition plans, emissions reporting have all become standard boardroom topics. Yet the most fundamental risk is one that companies often only notice once it’s too late, which is the natural systems that businesses depends on every single day.

Ayoub Fandi’s latest contribution to the GRC Report examines how organizations can transform their GRC programs from compliance-focused operations into risk-driven decision engines. He breaks down why the traditional model falls short and presents a practical, engineering-led framework that shifts the focus toward measurable risk reduction and meaningful business impact.

Social media crises sparked by negative content, customer complaints, or high-profile scandals can spread almost instantaneously across platforms such as Twitter, Instagram, TikTok, and Facebook. Unlike traditional public relations challenges, these crises escalate at viral speed, reaching millions within hours and leaving little time for brands to respond.