Blog
Insights and news for GRC & ESG

Death by Workflow: How to Design GRC Processes People Actually Follow
We’ve all seen it. A new GRC process rolls out with high hopes. It’s mapped, approved, and backed by a shiny platform designed to bring order to chaos. The workflows look great on paper. The

The EU’s CSRD Isn’t Just an ESG Thing – It’s a Risk Thing Too
Let’s get something out of the way:You don’t have to be an “ESG person” to care about the Corporate Sustainability Reporting Directive (CSRD). In fact, if you’re in risk management, internal audit, compliance, or governance,

For the Compliance Officer Who Just Wants One Clean Record
Let’s be honest: compliance isn’t glamorous. It doesn’t come with fanfare, internal shoutouts, or LinkedIn kudos. But when it isn’t done well? Suddenly everyone’s paying attention. That’s the paradox every compliance officer knows too well.

Risk Registers Are Dead. Long Live the Risk Graph.
For years, the humble risk register has been the centerpiece of enterprise risk management. A tidy list of risks, each scored and categorized, often living in a spreadsheet or static GRC module. It’s familiar. It’s

The Myth of a One-Size-Fits-All GRC Platform
There’s a dangerous myth floating around boardrooms, audit committees, and even compliance teams. It goes something like this: “We just need a GRC tool that comes pre-configured. Plug it in, turn it on, and boom

Provision 29 Is Coming – Is Your Risk Framework Ready?
There’s a shift coming in UK corporate governance, and it’s got boardrooms on notice. Effective for financial years starting on or after 1 January 2026, Provision 29 of the updated UK Corporate Governance Code introduces

What the SEC Dropping the Coinbase Case Really Means for Crypto Compliance
The SEC quietly made waves recently by dropping its long-running lawsuit against Coinbase. On the surface, it might seem like a tactical retreat, but it could signal something much bigger: a reset in how U.S.

Top 10 KPIs for Modern Audit Teams
Internal audit teams aren’t just checklist machines anymore. Today, audit functions are expected to be strategic, data-driven, and tightly aligned with risk. That shift means audit leaders need more than static plans and year-end reports,

GRC Myths, Busted
If you’ve ever watched MythBusters, you know the thrill of seeing someone take a widely accepted belief and put it through a wall of fire, explosives, or a surprisingly calm science experiment. Sadly, we don’t

What Would Sun Tzu Do About Third-Party Risk Management?
Leverage strategy, alliances, and battlefield awareness for vendor oversight. Over 2,500 years ago, the Chinese military strategist Sun Tzu wrote The Art of War, a treatise on conflict, intelligence, and victory that still holds influence