Blog
Insights and news for GRC & ESG

Risk Registers Are Dead. Long Live the Risk Graph.
For years, the humble risk register has been the centerpiece of enterprise risk management. A tidy list of risks, each scored and categorized, often living in a spreadsheet or static GRC module. It’s familiar. It’s

The Myth of a One-Size-Fits-All GRC Platform
There’s a dangerous myth floating around boardrooms, audit committees, and even compliance teams. It goes something like this: “We just need a GRC tool that comes pre-configured. Plug it in, turn it on, and boom

Provision 29 Is Coming – Is Your Risk Framework Ready?
There’s a shift coming in UK corporate governance, and it’s got boardrooms on notice. Effective for financial years starting on or after 1 January 2026, Provision 29 of the updated UK Corporate Governance Code introduces

What the SEC Dropping the Coinbase Case Really Means for Crypto Compliance
The SEC quietly made waves recently by dropping its long-running lawsuit against Coinbase. On the surface, it might seem like a tactical retreat, but it could signal something much bigger: a reset in how U.S.

Top 10 KPIs for Modern Audit Teams
Internal audit teams aren’t just checklist machines anymore. Today, audit functions are expected to be strategic, data-driven, and tightly aligned with risk. That shift means audit leaders need more than static plans and year-end reports,

GRC Myths, Busted
If you’ve ever watched MythBusters, you know the thrill of seeing someone take a widely accepted belief and put it through a wall of fire, explosives, or a surprisingly calm science experiment. Sadly, we don’t

What Would Sun Tzu Do About Third-Party Risk Management?
Leverage strategy, alliances, and battlefield awareness for vendor oversight. Over 2,500 years ago, the Chinese military strategist Sun Tzu wrote The Art of War, a treatise on conflict, intelligence, and victory that still holds influence

What Would Leonardo da Vinci Do With an Internal Audit Function?
Meticulous observation, documentation, and continuous improvement. Leonardo da Vinci was a man obsessed with understanding how things worked. Whether dissecting the human body, sketching the anatomy of a bird’s wing, or designing machines centuries ahead

How Would Napoleon Run an Enterprise Risk Management Program?
Decisive execution, structured hierarchies, and bold mitigation strategies. Napoleon Bonaparte didn’t conquer most of Europe by luck. He did it with relentless preparation, organizational brilliance, and a profound understanding of risk. His campaigns weren’t just

Closing the Loop: Performance-Driven GRC through Connected Risk
Governance, Risk and Compliance (GRC) is evolving from a static, compliance-focused discipline into a performance-driven function that directly connects risk and control activities to business outcomes. In this model, “closing the loop” means automatically linking