GRC blogs
Explore our blogs for expert insights, industry updates, and practical guidance
Designed to challenge ways of thinking and help your enterprise excel in GRC.
-
Provision 29 compliance, explained: how boards can turn internal controls into a business advantage
Read more: Provision 29 compliance, explained: how boards can turn internal controls into a business advantageProvision 29 has changed the conversation for UK boards. This is no longer about showing you have policies, frameworks and good intentions on paper. It is about whether the board can stand up and say, publicly and with confidence, that the company’s material controls were effective at the balance sheet date, and explain how that conclusion was…
-
Conflict of interest software Request For Proposal template: questions and scoring
Read more: Conflict of interest software Request For Proposal template: questions and scoringEnter your details and we’ll email you the COI RFP template: For a lot of teams, the search for a Conflict of Interest management solution starts because the current process is no longer holding up. Maybe the business has no dedicated system and disclosures are being managed in spreadsheets, email chains, shared folders, or forms that were never designed for sensitive compliance workflows.…
-
Managing third party risk: what modern, risk based due diligence really requires
Read more: Managing third party risk: what modern, risk based due diligence really requiresHow VinciWorks and CoreStream GRC help you build a risk-based, defensible third-party risk management program. If you want a practical, easy to follow walkthrough of how to get third-party risk management right, this webinar is a great place to start. What this webinar is about: connecting Governance, Risk and Compliance (GRC) with smarter third-party due…
-
Designing your dream GRC home part 6: growth & adaptability that last
Read more: Designing your dream GRC home part 6: growth & adaptability that lastBy Head of Client Solution Design, Lionel Matsuya Over the years advising organizations on risk and control design, I have seen a consistent pattern. GRC frameworks and solutions are implemented thoughtfully and with real commitment. For a time, they work well: reporting is clear, ownership is understood, and assurance has structure. Then the organization changes, and the GRC platform can’t keep up. Growth introduces…
-
How ISO 31000 makes your business faster, more confident, and more competitive
Read more: How ISO 31000 makes your business faster, more confident, and more competitive“ISO 31000 is an international standard that provides principles and guidelines for risk management. It outlines a comprehensive approach to identifying, analyzing, evaluating, treating, monitoring and communicating risks across an organization. “ International Standard on Governance of Organizations (ISO) ISO frames risk as the “effect of uncertainty on objectives.” That is a big shift from the traditional approach of asking “what…
-
Designing your dream GRC home part 5: how thoughtful experience turns good design into real adoption
Read more: Designing your dream GRC home part 5: how thoughtful experience turns good design into real adoptionBy Head of Client Solution Design, Lionel Matsuya So far in this series, I’ve talked about foundations, connectivity, security, and wiring. These are the things that tend to dominate conversations about GRC platforms: scope, features, controls, automation, and capability. But there’s another layer that quietly determines whether any of that effort delivers value: that layer…
-
Designing your dream GRC home part 4: wiring the house – making automation helpful, not burdensome
Read more: Designing your dream GRC home part 4: wiring the house – making automation helpful, not burdensomeBy Head of Client Solution Design, Lionel Matsuya If foundations set the purpose, and corridors shape the flow, wiring determines whether a house actually works in day-to-day life. And just as modern homes are filled with smart devices, sensors and integrations, today’s GRC environments are increasingly wired with automation, clever logic and AI. Here’s the central idea upfront: Automation in GRC technology isn’t about throwing in every…
-
A practical step‑by‑step guide to the Third‑Party Risk Management lifecycle
Read more: A practical step‑by‑step guide to the Third‑Party Risk Management lifecycleThird parties keep modern businesses running. Vendors host systems, process data, deliver critical services, and sit inside day-to-day operations. That reality creates two truths at once: The problem is not that teams do not understand the risk. The problem is that a lot of third-party risk management (TPRM) programs were built for a simpler world.…
-
Designing your dream GRC home part 3: security and access
Read more: Designing your dream GRC home part 3: security and accessBy Head of Client Solution Design, Lionel Matsuya In the first two articles of this series, I explored 2 foundational aspects of Governance, Risk & Compliance (GRC) solution design: understanding organizational needs and stakeholder expectations, and designing effective connectivity between risk, control and assurance functions. In this 3rd blog, I focus on security and access: not in the narrow sense of cyber or technical controls, but as a core…
-
From compliance to confidence: a practical guide to a proactive always on data privacy program
Read more: From compliance to confidence: a practical guide to a proactive always on data privacy programMost large organizations say they have privacy covered. And on paper, they do. In practice, privacy often lives as disconnected work: documents, templates, and one-off reviews that prove something happened once, not a system that controls what happens next. That gap matters because privacy risk is created by change. A new analytics use case. A…
Ready to speak to our experts?
Discover our case studies
The success stories of flexible intuitive GRC technology
-
GUIDE: buying a GRC platform
How to choose the right GRC software for your business: A buyer’s guide Buying GRC software is rarely just a software decision. By the time most organizations start reviewing platforms, they are usually already dealing with something more structural: fragmented reporting, unclear ownership, too much manual chasing, weak leadership visibility, and governance activity spread across…
-
CASE STUDY: Pool Re
From constraint to control: how CoreStream GRC transformed risk management at Pool Re About Pool Re Pool Re is the UK’s largest terrorism reinsurer, trusted by over 150 insurers and globally recognized as the leading experts in terrorism risk financing. Their mission is to provide financial protection against the risk of terrorism and, in so…
-
GUIDE : Value-based compliance culture
Practical guide to implementing value-based compliance for cultural change This is a practical guide to implementing value-based compliance for real cultural change. Not the “annual training and hope for the best” version. The kind where people make the right call when no one is watching, and you can prove it without a spreadsheet scavenger hunt.…
Ready to upgrade your GRC tech?
Contact the team and request your demo today.
This form may not be visible due to adblockers, or JavaScript not being enabled.