GRC technology is one of the fastest-growing segments in enterprise software, and compliance professions are rapidly evolving. Here’s the latest from across the industry. 

New products & platforms

Aravo announced Aravo AI for its Intelligence First Platform, an agentic AI system to automate third-party risk workflows and streamline risk processes.

Diligent introduced AI Board Member as part of its rollout of agentic AI, following closely after the release of a third-party risk agent. AI Board Member is an agentic assistant for directors to instantly recall board materials, industry news, public research and other sources, as well as provide on-demand specialist perspectives.

Serrala launched AI agents for its Serrala Finance Platform to facilitate finance automation by interpreting context, determining best actions and executing tasks across systems.

Thrive released Abacode Compliance Services, a managed GRC portfolio designed to help organizations build and maintain continuous compliance through a seasoned compliance consulting team.

Personnel moves

The Suite, a networking platform for in-house counsel and C-suite executives, announced that Laura Belmont was appointed as its general counsel.

StoneTurn announced former SEC enforcement accountant Daniel Brinks joined the consultancy as a partner.

Other…

Подробнее…

I frequently see discussions on the need (or not) to quantify cyber risk. I tend to side with the “quantify” folk.

I also see discussions on how to quantify cyber risk, and while there is no universal agreement, the FAIR methodology is favored by many practitioners.

But before we think about how to quantify cyber risk, we need to decide why we need to quantify it.

What is the question to which quantification is the answer?

What does $420 million or any other number mean unless you can use that quantification to answer a business question?

I think the question is in two parts:

• Do I need to act to reduce the risk to the business and its objectives, and
• How much should I spend on what given my constraints, such as:
  • The available options, their effectiveness, and our ability to use them
  • The diminishing rate of return on investments in cyber beyond a certain point
  • Available resources (including business-practical borrowings)
  • Competition for those same resources, especially from hose with a comparable or better ROI. This is almost always overlooked by InfoSec practitioners.
  • The need to maintain liquidity
  • The risk that additional investment will prove less than useful as hackers evolve

It is possible that the CEO and the board will look at a quantification like $420 million and say that’s too much. But…

Подробнее…

Structured data has become highly valued in the digital world, and accordingly, the risk of data manipulation and related fraud has increased. AI has enabled threat actors like terrorist groups and cybercriminals to create deepfakes and more easily gain access to environments that hold sensitive personal information. While methods existed to make fake data appear authentic before the advent of AI, new technologies have made it harder to distinguish between real and deceptive data.

Business email scams, BYOD (bring your own device) policies and falsified electronic documents, for example, are big risks to businesses. The consequences of data integrity failures can be severe: costly investigations, litigation, reputational damage and operational disruptions.

Compliance challenges in a fragmented regulatory landscape

GDPR must be considered by all organizations that do business in Europe. Since its implementation in 2018, the primary goal of the GDPR has been to protect the personal data and privacy…

Подробнее…

GRC technology is one of the fastest-growing segments in enterprise software. Here’s the latest from brands across the industry. 

New products & platforms

Adeptia announced Adeptia Automate 5.2, which makes enterprise’s data integrations directly accessible to AI and promises to accelerate troubleshooting and improve operational controls.

Magna Group with the UK Freelancer & Contractor Services Association’s Diligence Hub introduced the new Banking Risk & Compliance Dashboard to help financial services mitigate compliance and financial risk across recruitment portfolio supply chains.

Bitdefender launched GravityZone Extended Email Security, which unifies email and endpoint protection within a single platform to protect against cybersecurity threats in email.

LogicGate released Config Newton, an agentic AI GRC engineer that uses models and industry best practices to build, optimize and scale GRC programs in minutes. 

Diligent unveiled Diligent Stewardship Intelligence, an independent proxy and voting intelligence data solution that delivers governance, compensation and decision-supporting data directly into asset managers’ workflows. 

Other news

Brickken, a tokenization infrastructure provider, proved it met top industry standards for security and operation resilience after it gained ISO 27001…

Подробнее…

Let me start with a real-life story.

The CFO of Solectron, Kiran Patel, held an all-Finance meeting in one of our manufacturing plants in Milpitas, California.

At the end of the meeting, a lady who had been with the company for many years approached him. She asked whether Kiran found the report she sent him every month useful. He didn’t understand. He couldn’t think of a report he got from her every month. So he asked her what it was about and where she sent it.

The answer was astonishing. It was a report on a part of the business that was dormant, and she was sending it to the email address of a former CFO.

The business had moved on. She had not.

That is the danger for internal audit.

Technology, including AI and robotics, is in the process of reshaping the world – and that includes our world: the one in which we live and work.

In the same way that business and their processes are evolving, internal audit needs to evolve. Auditors also need to evolve – in line with the business.

I am not talking about internal audit learning to use AI. No. We should do that, but first we need to know why we are even here.

We exist to provide assurance on management’ processes and controls.

Those processes and controls are in the early stages (some are more advanced than others) of a radical evolution. Experts have…

Подробнее…

I’ll start with the COSO definition of risk appetite:

The types and amount of risk, on a broad level, an organization is willing to accept in pursuit of value.

Focus on the word, “amount”.

Most people quantify this in monetary terms.

I don’t and let me explain why using real-life examples.

When I was with Coopers & Lybrand in the UK, a partner (Chris Lowe) returned from the States with an amazing story.

X

THE HEAD OF SALES

For some unexplained reason, a client company in the US had engaged him (rather than a member of the US firm) to investigate whether their head of Sales was committing fraud. He found that their suspicion was correct. The guy had been siphoning off millions, and Chris reported that to the CFO and CEO.

Some months later, Chris was invited to join top management and the board for a dinner to celebrate a recent success.

He was stunned to see the head of Sales there, chatting happily with board members.

Chris asked the CFO what happened. Had the board not accepted his report? Had they been persuaded that he was wrong?

No. The CFO told him that they had accepted his report. But when they considered what action to take the CEO told them that without this head of Sales they would have no revenue! They relied so heavily on his relationships with their top customers that if he were fired they…

Подробнее…

Jump ahead to topic:

Tariffs spark massive economic instability and shake up risk landscape

The Trump Administration’s sweeping tariffs, which Thad McBride of law firm Bass, Berry & Sims called the word of the year, reshaped the entire corporate landscape in 2025, creating ripples that extended far beyond the loading dock into boardrooms, accounting departments and risk management frameworks. 

Tariffs imposed this year amounted to an average tax increase of $1,200 per US household, while federal tariff revenue surged to $195 billion in fiscal year 2025, more than 250% of what was collected in 2024. But the national financial impact told only part of the story. 

Companies scrambled to adapt their supply chains, with legal and compliance teams thrust into unfamiliar territory as they worked alongside CFOs and logistics officers to assess exposure, evaluate sourcing alternatives and…

Подробнее…

I subscribe to and recommend the McKinsey Technology newsletter, and recently they shared The AI reckoning: How boards can evolve.

It’s a good read.

First, they sound a warning bell:

More than 88 percent of organizations report using AI in at least one business function; however, board governance has not matched that pace. While interest in AI seems to have spiked after the introduction of ChatGPT, as of 2024, only 39 percent of Fortune 100 companies disclosed any form of board oversight of AI—whether through a committee, a director with AI expertise, or an ethics board.

Even more telling, a global survey of directors found that 66 percent report their boards have “limited to no knowledge or experience” with AI, and nearly one in three say AI does not even appear on their agendas.

We should be worried.

Surely, every organization’s board should be providing oversight to ensure AI is effectively and productively deployed.

But, the report says:

AI adoption has not yet led to significantly improved performance for most businesses, with companies reporting modest levels of savings and new revenue.

In our experience, however, many of the issues plaguing AI programs—such as a lack of strategic coherence and unclear value dynamics—are precisely the ones that boards are best positioned to address. In…

Подробнее…

Подробнее…

Told through the lens of human tragedies, dogged determination and political intrigue, Wirz’s book weaves together discrete threads in the years leading up to the passage of the Foreign Corrupt Practices Act, culminating in its final signing by President Jimmy Carter in 1977. 

Below, an excerpt from “Bribery Beyond Borders” tells us what happened next.

The FCPA: From Dormant Law to Global Blueprint

In the years immediately following its passage, the FCPA seemed destined to languish in the annals of criminal law. The Reagan administration rarely enforced the statute, while outside the United States, proponents of a multilateral anticorruption treaty were met with fierce opposition.¹ “A bunch of pip-squeak moralists running around trying to apply U.S. puritanical standards to other countries,” one businessman and early FCPA critic complained.² As the U.S. trade deficit peaked in the…

Подробнее…