Insights

In an era where risk is increasingly interconnected, multifaceted, and shifting in real time, organizations can no longer rely on static frameworks to manage governance, risk, and compliance (GRC). Traditional tools such as policies, controls, and spreadsheets, while valuable, no longer offer the adaptability required to navigate the complexities of today’s business landscape. Risk no longer exists in isolated silos; it cascades through supply chains, reverberates across organizational structures, and evolves in response to forces like regulatory change, geopolitical events, environmental disruptions, and rapid technological advancements. To thrive in this turbulent environment, organizations need GRC tools that are as dynamic and fluid as the risks they aim to mitigate.

In his latest article, Norman Marks investigates the evolving role of artificial intelligence (AI) in Sarbanes-Oxley (SOX) compliance, offering valuable insights into how AI can revolutionize internal controls and risk management practices. In this article, he explores the potential of AI to enhance the efficiency and effectiveness of SOX programs, from risk assessment to process documentation, and emphasizes the importance of maintaining a focus on financial statement integrity while navigating the opportunities and challenges AI presents.

As organizations continue to evolve in an increasingly interconnected world, it has become abundantly clear that the way we manage third-party relationships is at the heart of effective governance, risk management, and compliance (GRC). What was once seen as a linear process of managing external partnerships has now transformed into an intricate web of interconnected relationships that extend across global suppliers, contractors, service providers, and more. These third-party connections form what is known as the extended enterprise, and within this ecosystem lies some of the most pressing challenges organizations face today.

In today's risk landscape, regulatory-driven practices often fail to deliver meaningful value. Graeme Keith examines the challenges and opportunities presented by the dichotomy between Risk Management 1 (RM1) and Risk Management 2 (RM2). By exploring the unintended consequences of regulatory pressure on risk management systems, Keith presents a case for evolving traditional risk practices into a more strategic, decision-supportive approach.

In his most recent article, Norman Marks investigates whether cyber truly stands as the top risk for organizations today. While surveys consistently highlight cyber as one of, if not the leading risk, Norman dives deeper into the data and offers a unique perspective on whether this truly reflects the reality organizations face.

In his most recent article, Tim Leech explores whether Chief Legal Officers (CLOs), Chief Risk Officers (CROs), and Chief Audit Executives (CAEs) have a legal duty to brief the board on its fiduciary responsibilities related to escalating MCOs and associated risks. By diving into the roles of these executives, Tim Leech highlights their obligations to ensure that boards are well-informed about the risks that need to be managed and monitored to protect the organization.

UnitedHealth Group is making waves in the healthcare sector with the launch of 1,000 artificial intelligence (AI) applications across its insurance, health services, and pharmacy units. This ambitious move, originally reported by the Wall Street Journal, to integrate AI into core business operations is a game-changer for the industry, offering potential to streamline workflows, enhance the customer experience, and support medical decision-making. However, as AI continues to shape the future of healthcare, its governance remains a critical concern, particularly when it comes to claims processing, data privacy, and ethical considerations.