I have been on the road regularly for the past six weeks with a heavy travel schedule through mid-July that brings me across the USA and Europe. Lots of interactions with people face-to-face and the conversations center on:

  • How do we engage the front-line/office of the organization on GRC?
  • How do we make GRC intuitive? How do we make it simple?
  • What technologies are revolutionizing GRC to provide value in a way that gets the job done but is less of a burden?

This is what GRC 4.0 (Agile GRC) and GRC 5.0 (Cognitive GRC) are all about. And it is not just for “Enterprise GRC/IRM” Platforms. But down in the best of breed GRC solutions for third-party risk, policy management, regulatory change, IT risk management, resiliency, and more. 

Let me remind each of you on this list . . . 

Any intelligent fool can make things bigger, more complex and more violent. It takes a touch of genius – and a lot of courage to move in the opposite direction.

This quote has been attributed both to Einstein and E.F. Schumacher.

A primary directive of Agile & Cognitive GRC is to provide GRC processes and information that is innovative, contextually intelligent, assessable, and engaging. GRC done right minimizes its impact on the business while still maintaining insight and control of risk across the business. GRC should be intuitive to the business and GRC technology should provide the right information in a way that works for the business.

GRC technology should not get in the way of business. Why do some enterprise GRC projects take two years for just the initial implementation to be built out?  The primary issue is overhead in extensive services and technology customization to integrate and develop massive GRC implementations that end up slowing the business down and delaying value (if the value is ever achieved). GRC needs to be Agile and Cognitive to be valuable to the business. GRC technology has to deliver harmonious relationships or GRC information that supports the business. GRC is to enable enterprise agility by creating dynamic interactions of GRC information, analytics, reporting, and monitoring in the context of business.

Like Apple with its innovative technologies, organizations must approach GRC in a way that re-architects the way it works as well as the way it interacts. The Agile & Cognitive GRC goal is simple; it is itself Simplicity. 

Simplicity is often equated with minimalism. Yet true simplicity is more than just the absence of clutter or removal of embellishment. It’s about offering up the right contextually relevant GRC information, in the right place, when the individual needs it. It’s about bringing interaction and engagement to GRC processes and data. GRC interactions should be intuitive.

Agile & Cognitive GRC is about delivering innovative, intuitive, and GRC engagement and intelligence to the business in the context of business. It delivers 360° contextual GRC intelligence through the use of artificial intelligence, cognitive computing, machine learning, and natural language processing. It provides engaging and user-friendly experiences that minimize process overhead while enabling the organization to reliably achieve objectives, while addressing uncertainty, and act with integrity.

I discuss this in detail in the Research Briefing: 2022 State of the GRC Market.

I would love to hear your thoughts on Agile & Cognitive GRC technology and intelligence . . .


  1. “Fantastic insights into Agile Cognitive GRC! This article beautifully articulates the essence and importance of embracing agile methodologies in governance, risk management, and compliance. Kudos to the author for shedding light on this transformative approach!”

Leave a Reply

Your email address will not be published. Required fields are marked *