We recently had the privilege of welcoming Michael Rasmussen, GRC 2020 analyst, author, and founder of The GRC Report, to our London offices to record a very special premier episode for his new podcast series: “Hitchhiker’s guide to the GRC galaxy.“
Paul Cadwallader, GRC Strategy Director at CoreStream GRC, sat down with Michael for a wide-ranging and insightful discussion on value-based GRC and expert-led guidance on finding the right tool to support your business’ risk and compliance processes.
A closer look at the GRC leader conversation
Paul and Michael’s discussion explores how the GRC market has evolved and why 2025 marks a turning point for how organizations think about risk, compliance, and resilience. Together, they dive into the opportunities and challenges that come with building GRC capabilities that are future-ready and business-aligned.
GRC 7.0 – a new era of orchestration
In his new podcast, Michael introduces the concept of GRC 7.0: orchestration, a framework built on real-time coordination, AI-driven insight, and the integration of data, people, and systems. GRC orchestration goes beyond automation to help organizations become more agile, more aware, and more aligned with shifting expectations.
Defining value beyond efficiency for GRC
During the episode, Paul explains why GRC success can’t be measured by efficiency alone. While automation helps, the true value lies in improving decision-making, enhancing accountability, reducing risk exposure, and aligning assurance efforts to strategic goals.
“No one’s buying GRC software just to save a few hours. They’re buying it to improve how they run the business, respond to change, and gain assurance,” Paul says.
Real-world business results with the help of managed GRC
The episode highlights several real-life examples of how CoreStream GRC is helping organizations modernize and scale their GRC efforts. From a global oil and gas supermajor transforming enterprise risk after 17 years on a legacy platform, to a major retail group integrating risk, audit, policies, and privacy into one cohesive solution, CoreStream GRC enables GRC transformation without the complexity.
“It’s about replacing silos and spreadsheets with connected capabilities that evolve as the organization does,” Paul adds. “That’s where the real value is unlocked.”
Meet Paul Cadwallader – GRC Strategy Director
Paul Cadwallader is GRC Strategy Director at CoreStream GRC, bringing over 25 years of experience in governance, risk, and compliance. He spent 21 of those years in professional services, including time as a UK partner at one of the Big Four, helping organizations build and scale risk and compliance frameworks across industries.
Over time, Paul transitioned from deep practitioner to technology strategist, driven by the belief that modern GRC tools should empower, not constrain, businesses. At CoreStream GRC, he now helps guide product direction and client strategy to ensure the platform continues to deliver measurable business outcomes in an increasingly complex market.
“I’ve always been focused on helping organizations gain control and assurance out of risk and compliance,” Paul says. “Now at CoreStream GRC, we’re delivering the kind of flexible, scalable technology that makes that possible without unnecessary complexity.”
About Michael Rasmussen, GRC 2020
Michael Rasmussen is one of the most recognized and respected voices in the world of governance, risk, and compliance. As the founder of GRC 20/20 Research, he has helped define how organizations understand GRC and where it’s headed next.
With his hitchhiker’s guide to the GRC galaxy, Michael is re-mapping the GRC landscape, breaking down over 600 market solutions, and introducing a new segmentation model. At the heart of that research is GRC 7.0, a future-focused framework designed to align GRC with real-time needs and long-term strategy.
The GRC 2020 and CoreStream GRC partnership
Over the years, CoreStream GRC has developed a strong and collaborative relationship with Michael, engaging with him regularly for strategy sessions and market insight. He has seen our journey up close and continues to recognize the direction we’re heading.
“Delivering on some of the most complex third-party risk, internal control, and risk management projects for major corporations.
CoreStream GRC’s platform is a powerhouse: agile, highly configurable, and capable of being tailored to an organization’s specific needs with minimal effort.”
– Michael Rasmussen, GRC 2020
We value the ongoing collaboration and insights Michael brings as we continue to evolve and support the most complex governance, risk, and compliance needs across industries.
CoreStream GRC was award the GRC 2020 Innovation Award for Enterprise Integrated GRC Architecture & Platforms in 2025.
About CoreStream GRC
The intuitive, flexible GRC platform that delivers efficiency and value – your way.
Driven by the belief that technology should be an enabler—not a barrier—we created the CoreStream GRC platform: a flexible, no-code solution that empowers organizations to design their perfect GRC system with our expert team. You tell us what you need, and we deliver it—quickly and without unnecessary complexity. Using pre-built, customizable features, it’s as intuitive and versatile as building with Lego bricks – the solutions are limitless.
With seamless scalability, an intuitive interface, and rapid implementation, CoreStream GRC turns GRC from an administrative burden into a powerful enabler for your business. Trusted by leading organizations like the BBC, Deloitte, NHS, PwC Middle East and Shell Energy, CoreStream GRC consistently delivers real, measurable value for all your risk, and compliance management needs.
Frequently Asked Questions
The new podcast, “Hitchhiker’s Guide to the GRC Galaxy,” features a conversation between Paul Cadwallader, GRC Strategy Director at CoreStream GRC, and Michael Rasmussen, founder of GRC 20/20 Research. The episode explores the state and future of governance, risk, and compliance, highlighting how CoreStream GRC is shaping value-based, business-aligned GRC practices.
The episode features Paul Cadwallader from CoreStream GRC and Michael Rasmussen, a globally recognized GRC analyst and author. Together, they discuss how organizations can modernize risk and compliance management through flexible technology and expert-led strategy.
CoreStream GRC and Michael Rasmussen explored how the GRC market is evolving in 2025, including the shift toward GRC 7.0 – orchestration, which emphasizes real-time coordination, AI-driven insight, and connected data. They also discussed how CoreStream GRC helps clients move from fragmented tools to unified, outcome-driven GRC programs.
CoreStream GRC enables organizations to replace silos and spreadsheets with integrated, no-code capabilities that adapt as the business grows. Real-world examples shared in the podcast include a global energy company modernizing enterprise risk and a major retailer unifying risk, audit, and privacy through CoreStream GRC’s flexible platform.
CoreStream GRC was awarded the GRC 20/20 Innovation Award for Enterprise Integrated GRC Architecture & Platforms (2025). Michael Rasmussen described CoreStream GRC as “a powerhouse: agile, configurable, and tailored to organizational needs with minimal effort.”
Paul Cadwallader is the GRC Strategy Director at CoreStream GRC, with over 25 years of experience in governance, risk, and compliance. He guides the company’s product direction and client strategy, ensuring CoreStream GRC continues to deliver flexible, outcome-focused GRC solutions that empower rather than constrain businesses.
The premier episode featuring CoreStream GRC and Michael Rasmussen is available through The GRC Report podcast series. Listeners can tune in via the GRC 20/20 website or CoreStream GRC’s news page to hear the full discussion on the future of GRC orchestration and value-driven compliance.
