On 23 April, at CoreStream GRC’ latest community event, we brought together clients, partners and senior GRC leaders in London for our April customer community showcase.
Even with tube strikes disrupting the city, people still made the effort to attend, join remotely, and contribute. That mattered. It said a lot about the kind of community this is: practical people passionate about GRC, sharing what is working, challenging what is not and helping push the industry forward together.
The event focused on enhancements and improvements for the GRC professionals, in the CoreStream GRC platform and the industry at large. The conversations were insightful and broad spanning customer showcases, our new AI partnership, and product updates around reporting and assurance.
This collaborative event acted as a useful signal of what business leaders want next from governance, risk and compliance: less friction, better usability, stronger assurance, and technology that works around real operating models instead of forcing people to work around the software.
Key takeaways section
- GRC teams need faster evidence review, clearer ownership, and outputs they can trust, from verified AI sources.
- The strongest discussions at the event were not about replacing people. They were about removing mechanical work so judgment can be used where it matters. “The GRC professional of 2030 will be focused on the why.”
- Customer stories showed the same thing again and again: simplicity and usability are critical for stakeholder adoption.
Why are GRC leaders focused on simplifying?
GRC leaders are asking how to reduce friction, strengthen assurance, and make better decisions without adding more complexity to their colleague’s work days.
That is why the conversation here around AI was so interesting. It moved away from hype and into something far more useful: evidence, defensibility, and real time saved.
Our partnership with SANNOS and conversations around AI in GRC
As SANNOS’ first global GRC platform partnership, together the platform bring clients a faster, more defensible way to assess against frameworks using real evidence, not surface-level prompts or generic outputs. This was something that caused real excitement in the room.
“I spent this morning with our friends at CoreStream GRC and SANNOS – exploring how to automate control effectiveness testing and so create more time to focus on what matters – why do things go wrong, what’s the root cause, and how can we fix things so there’s systemic improvement?”
Andy Leigh, Group Head of Internal Audit, Mott MacDonald
SANNOS is truly the first of its kind. It reads real documentation, maps it to frameworks, and helps teams move from manual review to clearer, more structured assurance. The result is practical, not performative: 98% accuracy, audit cycles reduced by up to 80%, and baseline assessments compressed from weeks to hours.
However most importantly it is reliable, something lack from a lot of AI in the market. For example Anders Søborg explained during the event,
“Tom Cornelius and the Secure Control Framework did test more than 3,000 pages of evidence run through our solution for analysis without finding any false positives. No hallucinations.”
Anders Søborg, Co-CEO, SANNOS
The conversation in the room was not about handing judgment over to AI. It was about removing the mechanical work that slows teams down and giving professionals more time to focus on what matters.
One happy community member praised the partnership saying;
“A really eye opening discussion including client use cases and the latest developments for CoreStream GRC and their partnership with SANNOS to really understand the opportunities and time saving that AI can enable already.”
Nikki Absolom, Group Head of Internal Controls at Pets at Home Group Plc
Want to learn more?
Case study: What does better GRC usability actually look like?
One client, anonymized for privacy, showcased their success story with CoreStream GRC during the event. They had a complex GRC environment they had created 7 years ago with CoreStream GRC, that supports 25k people and brings 68 systems into just 1.
Last year they decided to move to a stripped back 2.0 version to increase user engagement. They wanted users to get in, find what mattered, and complete what they needed to do without friction.
The goal was not cosmetic change for this organization. It was to make the experience feel as seamless and intuitive as the technology people already use every day.
As the client explained during the event,
“We’ve designed a new front end based on a smartphone interface. So, I can come in, I’ve got a series of tiles and I can get to my information and only the information that I need to see.”
That thinking is exactly what shaped the whole redesign. The updated environment used;
- app-like tiles,
- role-based visibility,
- field-level prompts to improve data integrity,
- weekly summary emails that linked users directly to the relevant action.
It also involved migrating 25k records into the refreshed version, with 0 failure tickets reported after go-live. Most tellingly, the client described an 80% improvement in process simplicity, with less time spent in the system and better output coming out of it.
This is the part of the GRC conversation that often gets underestimated. Better UX is not a surface-level upgrade. Done correctly, it changes adoption, speed, and data quality enhancing the value behind your GRC reporting.
That also fits the wider CoreStream GRC view of the platform. As Rich Eddolls put it:
“We built CoreStream GRC to solve a simple problem: GRC technology was too clunky, too rigid, and too hard for people to use. If a system gets in the way of the work, it is failing. Our focus has always been on making governance simpler, more intuitive, and easier to act on.”
Rich Eddolls, Chief Product Officer and Co-Founder, CoreStream GRC
What does a single source of truth look like in audit and assurance?
Another customer example made a similar point from a different angle. This customer is a global business with 20k employees. Prior to using CoreStream GRC, they had4 workstreams for audit running across 3 different platforms, and 4 distinct user groups all working across fragmented audit activity.
The challenge was not a lack of information. It was too much disconnect between where that information sat, who could access it, and how easily teams could act on it.
The answer was to use CoreStream GRC . We brought everything into a “single source of truth”, moved all audits into a single calendar, and enabling the team to consolidate the planned 3 separate audit strands 3 – 9 months ahead to reduce clashes and audit fatigue.
That is what stronger assurance actually looks like in practice.
Not collecting more data for the sake of it, but getting the right information to the right people, securely and simply. The benefits included:
- Greater information security – sending permission based link access to exec to access reports, rather than emailing sensitive attachments
- Time savings – ability to review all the data needed for each individual with 1 click of a tile
- Version control – saying goodbye to various spreadsheets by achieving a tracked auditable business management system with CoreStream GRC
The goal was simple. As one speaker put it during the session,
“The user wants to be able to go in, see what’s required of them and get on with it.”
That same principle carried through into the product conversation on the day. Richer reporting, filtering and saving enhancements, quality assurance improvements, and improved assurance all pointed in the same direction: making governance easier to navigate, easier to trust, and easier to act on.
Do you like the sound of these results?
See how the latest CoreStream GRC 3.4 platform updates are making reporting clearer, filtering smarter, quality assurance stronger, and day-to-day governance easier to manage.
As discussed by Head of Platform, Cam, we will be sharing micro-video updates of releases moving forward, follow him on LinkedIn to not miss an update.
Conclusion: what can I take from the event?
The strongest signal from the day was not that GRC teams want more features. It was that they want platforms that are easier to use, easier to trust, and easier to act from.
That came through again and again in the room. In the push for simpler user experiences. In the demand for clearer ownership and stronger assurance. In the examples of teams cutting through email noise, reducing audit fatigue, and making it easier for people to get to the right information fast. Even in the AI discussion, the most valuable point was not novelty. It was removing mechanical work, so judgment can be used where it matters most.
That is why simplification matters so much in GRC. You are asking for your non-GRC colleagues to be engaged, and take action and ownership, and the best way of doing so is with an easy to follow process, underpinned with an intuitive tech solution. As a department, Risk and Compliance should work to make their processes easier to navigate, easier to evidence, and easier to improve.
Or, as the line commonly attributed to Albert Einstein puts it,
“Any darn fool can make something complex; it takes a genius to make something simple.”
If this event showed us anything, GRC teams are looking for better design, better proof, and better tools for the people doing the work every day.
FAQ on the CoreStream GRC’s community
Intelligence-first GRC is an approach to governance, risk, and compliance that uses trusted evidence, connected data, and smarter workflows to help teams make better decisions faster. Instead of relying on manual review, disconnected spreadsheets, or generic AI outputs, intelligence-first GRC helps teams assess evidence, understand risk, strengthen assurance, and act with more confidence.
GRC leaders are focused on simplification because complex systems slow people down, reduce adoption, and make assurance harder to prove. The April CoreStream GRC community event showed that teams want platforms that make ownership clearer, evidence easier to review, reporting easier to trust, and day-to-day actions easier for non-GRC colleagues to complete.
AI can support GRC teams by reducing repetitive manual work, speeding up evidence review, and helping assess documentation against control frameworks. The strongest use cases are not about replacing professional judgment. They are about giving risk, compliance, audit, and controls teams more time to focus on root causes, improvement, and better decision-making.
CoreStream GRC and SANNOS showcased how evidence-led AI can help automate parts of control effectiveness testing and framework assessment. The discussion focused on practical value: faster review, stronger assurance, reduced manual effort, and more time for GRC professionals to focus on why issues happen and how to fix them.
The main takeaways were clear: GRC teams want less friction, stronger assurance, smarter use of AI, better usability, and technology that supports real operating models. The event showed that the future of GRC is not about adding more complexity. It is about making governance easier to evidence, easier to trust, and easier to act on.
