Author: Esme Dyos
-
How to identify quick wins in your GRC processes using value‑based analysis – workshop deep dive
Read more: How to identify quick wins in your GRC processes using value‑based analysis – workshop deep diveGovernance, risk, and compliance teams are under pressure to do more with less. Activity is often fragmented across spreadsheets, inboxes, slide decks, and siloed tools. Many teams already know their programs could be improved, but they struggle to define a realistic path forward or work out how to optimize what they already have in a way that…
-
The hidden risks of quick‑fix compliance tools in an era of proof‑based regulation
Read more: The hidden risks of quick‑fix compliance tools in an era of proof‑based regulationRecent reporting suggests compliance leaders are entering a tougher phase. Regulatory fragmentation is pushing businesses away from self-declaration and toward verified data. Meanwhile AI, fraud, and rising complexity are turning compliance into a technology arms race just as already-stretched teams face tighter resources and mounting pressure to move faster. That is exactly why the idea…
-
Audit management software guide: build an audit program you can defend
Read more: Audit management software guide: build an audit program you can defendMost organizations do not struggle because they cannot run an audit. They struggle because audit activity is fragmented, evidence is scattered, ownership is vague, and the same teams get hit with overlapping requests from internal audit, external audit, compliance, regulators, and customers. That is where audit management breaks down. The real issue is rarely whether…
-
AI is redefining third party risk: why your “approved” vendors may no longer be safe storage for data
Read more: AI is redefining third party risk: why your “approved” vendors may no longer be safe storage for dataFor years, vendor risk was treated almost exclusively as a procurement event. You assessed a new provider, negotiated terms, signed the contract and moved on to monitoring. However, that model is starting to break. The real issue now is not just new vendors entering your business ecosystem. Existing vendors are changing underneath you, in unprecedented…
-
Provision 29 compliance, explained: how boards can turn internal controls into a business advantage
Read more: Provision 29 compliance, explained: how boards can turn internal controls into a business advantageProvision 29 has changed the conversation for UK boards. This is no longer about showing you have policies, frameworks and good intentions on paper. It is about whether the board can stand up and say, publicly and with confidence, that the company’s material controls were effective at the balance sheet date, and explain how that conclusion was…
-
Conflict of interest software Request For Proposal template: questions and scoring
Read more: Conflict of interest software Request For Proposal template: questions and scoringEnter your details and we’ll email you the COI RFP template: For a lot of teams, the search for a Conflict of Interest management solution starts because the current process is no longer holding up. Maybe the business has no dedicated system and disclosures are being managed in spreadsheets, email chains, shared folders, or forms that were never designed for sensitive compliance workflows.…
-
Managing third party risk: what modern, risk based due diligence really requires
Read more: Managing third party risk: what modern, risk based due diligence really requiresHow VinciWorks and CoreStream GRC help you build a risk-based, defensible third-party risk management program. If you want a practical, easy to follow walkthrough of how to get third-party risk management right, this webinar is a great place to start. What this webinar is about: connecting Governance, Risk and Compliance (GRC) with smarter third-party due…
-
The new EU Cyber Resilience Act guidance is out. Here’s the business risk for compliance and risk teams
Read more: The new EU Cyber Resilience Act guidance is out. Here’s the business risk for compliance and risk teamsThe European Commission published draft EU Cyber Resilience Act guidance on March 3, 2026, and opened feedback until March 31. The draft focuses on the exact implementation knots teams have been struggling with: remote data processing, free and open-source software, support periods, and how the CRA fits with other EU laws. That means this is…
-
Designing your dream GRC home part 6: growth & adaptability that last
Read more: Designing your dream GRC home part 6: growth & adaptability that lastBy Head of Client Solution Design, Lionel Matsuya Over the years advising organizations on risk and control design, I have seen a consistent pattern. GRC frameworks and solutions are implemented thoughtfully and with real commitment. For a time, they work well: reporting is clear, ownership is understood, and assurance has structure. Then the organization changes, and the GRC platform can’t keep up. Growth introduces…
-
HF Sinclair’s CFO exits amidst a wave of prominent C-suite exits: breaking down the GRC trend behind the headlines
Read more: HF Sinclair’s CFO exits amidst a wave of prominent C-suite exits: breaking down the GRC trend behind the headlinesHF Sinclair’s CFO, Atanas Atanasov, took a voluntary leave of absence after concerns raised by the audit committee, one week after CEO Tim Go did the same. The internal review started after concerns were raised about the company’s 2025 disclosure process and “tone at the top,” and the audit committee ultimately reported no deficiencies in financial reporting controls or disclosure…