Seven AI Samurai of GRC: Protecting the Organization
I love feudal Japan! After my love for medieval Europe is my love for feudal Japan. Perhaps they are on par with each other as both of these eras excite me. So when my sons asked me if I wanted to go see Akira Kurosawa’s 1954 classic, Seven Samurai, on the big screen here in Milwaukee . . . I lept at it. I have seen this before but not on the big screen.
Of course, my mind is racing and thinking of analogies to the ever-evolving world of governance, risk management, and compliance (GRC), as organizations are constantly besieged by a multitude of threats from different angles just like the village in Seven Samurai. Much like the defenseless village, modern organizations need protection against marauding threats to strategy and objectives, resilience, dynamic risks, regulatory change, cyber risks, operational hazards, and compliance breaches. Enter the Seven AI Samurai of GRC – a band of intelligent, automated warriors designed to defend and fortify the village that is your organization.
Meet the Seven AI Samurai of GRC
Just as Kurosawa’s samurai were each skilled in unique martial arts and skills, our AI Samurai each specialize in a different aspect of GRC. These samurai work together to create a robust defense system for organizations, ensuring that all facets of governance, risk, and compliance are covered.
- Risk Ronin: The Strategist of Scenarios. Our first Samuari is the Risk Ronin, who excels in identifying, assessing, and monitoring risks to the organization’s objectives (ISO 31000 states that risk is the effect of uncertainty on objectives). This samurai’s strategic mind uses AI to conduct deep dives into global external events and data, identifying relevant information to develop and refine risk scenarios. These scenarios are then used to run annual risk analyses and exercises, ensuring the organization is prepared for any eventuality. Risk Ronin’s analytical prowess provides the organization with accurate, up-to-date risk information, enabling informed decision-making and proactive risk management. His strategies ensure that the village can anticipate and navigate through the most treacherous threats.
- Visibility Vassal: The Overseer of Transparency & Resilience. Aiding the Risk Ronin is the Visibility Vassal, the second samurai, who brings clarity and transparency to the village and its objectives. This samurai’s AI-powered tools gather and consolidate data from various sources, providing a holistic view of risks and control issues. Visibility Vassal ensures that all risks and obligations are visible in the context of the organization and its objectives, creating a culture of accountability and informed decision-making. With his watchful eye, Visibility Vassal enables the organization to maintain a high-level overview of all organization objectives and activities, ensuring that nothing is overlooked and everything is accounted for in a dynamic and changing context.
- Regulatory Ronin: The Sentinel of Compliance. The third samurai, Regulatory Ronin, stands guard at the gate of regulatory changes. His sharp AI senses scan the horizon for any incoming regulations, monitoring over 2,000 sources across numerous jurisdictions. With unparalleled speed and accuracy, this samurai categorizes, parses, and maintains a version history of all regulatory updates. This ensures the village is always compliant, reducing the noise and focusing only on relevant changes. Regulatory Ronin’s strength lies in the ability to filter through the chaos and provide actionable intelligence. His presence ensures that the organization remains compliant with current laws, mitigating the risk of non-compliance fines and penalties.
- Obligation Oishi: The Keeper of Commitments. Obligation Oishi is the fourth samurai, tasked with maintaining the village’s obligations catalog, and is a close partner with Regulatory Ronin. With meticulous attention to detail, Obligation Oishi oversees the full lifecycle of regulatory change management, from creation to governance of policies. Using AI, this samurai treats internal policies and controls consistently with external regulations, ensuring that all organizational commitments are documented and managed. Obligation Oishi’s dedication ensures that the organization has a comprehensive, up-to-date record of all obligations, providing a single source of truth that is essential for effective compliance management.
- Control Katana: The Master of Alignment. Next is Control Katana, whose blade slices through confusion to align controls with business objectives, regulatory requirements, and risks. Using AI-powered gap analysis, Control Katana compares internal policies against external regulations, standards, frameworks, and benchmarks to optimize control coverage and common or best practices. This samurai ensures that the organization’s controls are not only effective but also consistently governed and accountable. Control Katana’s mastery allows for the elimination of redundant controls and the streamlining of processes, creating a lean, efficient, and resilient system. This samurai’s vigilance ensures that every control is precisely where it needs to be, performing at its best.
- Automation Ashigaru: The Worker of Efficiency. The sixth samurai, Automation Ashigaru, is the tireless worker who automates repetitive tasks, freeing up the villagers to focus on more value-added activities. This samurai’s AI-driven capabilities streamline risk, compliance, control, and audit processes, conduct regular risk and control assessments, and quickly identify and resolve gaps. Automation Ashigaru’s relentless efficiency saves time and resources, making the village’s operations more effective and agile. This samurai’s contributions allow the organization to do more with less, enhancing overall productivity and effectiveness.
- Innovation Itō: The Pioneer of Progress. Last but not least, Innovation Itō is the visionary samurai who pushes the boundaries of what is possible. Using advanced AI techniques, this samurai explores new areas such as predictive analytics and artificial intelligence, continually enhancing the organization’s GRC capabilities. Innovation Itō’s insights and innovations drive continuous improvement, ensuring that the village is always ahead of the curve. Innovation Itō’s forward-thinking approach keeps the organization at the forefront of GRC best practices, enabling it to adapt and thrive in an ever-changing landscape.
The Battle: Defending Against the Bandits of Organization Objectives
Just as the seven samurai banded together to defend the village from bandits, the Seven AI Samurai of GRC work in unison to protect the organization from the myriad threats it faces in reliably achieving objectives, addressing uncertainty, and acting with integrity. Each samurai brings their unique skills to the table, creating a comprehensive defensive and offensive system that is greater than the sum of its parts.
- Phase 1: Establishing Context. The first step is understanding the organization, its culture, its objectives, and its internal and external environments. This allows the seven AI samurai of GRC to have the context for the rest of the defensive and offensive measures.
- Phase 2: Identifying Threats to Objectives. Next, Risk Ronin and Visibility Vassal take charge of identifying and assessing threats to the organization’s objectives. Risk Ronin uses his strategic insights to develop risk scenarios, while Visibility Vassal provides a clear view of all risk, compliance, and control activities in the context of objectives, ensuring that nothing slips through the cracks.
- Phase 3: Establishing Defenses. The third step in defending the organization’s village is establishing robust defenses. Regulatory Ronin sets up a perimeter by continuously monitoring regulatory changes. Obligation Oishi documents all commitments, creating a strong foundation for compliance, while Control Katana aligns controls with business requirements to ensure that every entry point is fortified for resilience.
- Phase 4: Automating Responses. With threats and defenses identified, Automation Ashigaru steps in to automate responses, streamlining processes and ensuring that the village can respond quickly and effectively to any situation. These efforts free up resources, allowing the organization’s villagers to focus on more critical tasks.
- Phase 5: Innovating for the Future. Finally, Innovation Itō pushes the boundaries, exploring new AI technologies and methodologies to keep the village ahead of the game. These innovations ensure that the village is not only protected but also continually improving and adapting to new challenges.
Through the combined efforts of the Seven AI Samurai, the organization village is secure and resilient. Regulatory changes are monitored and addressed in real time, controls are aligned and optimized, obligations are meticulously documented, risks are accurately assessed and managed in the context of objectives, and processes are automated and efficient. With continuous innovation driving improvement, the organization is well-equipped to face any challenge that comes its way.
In the world of GRC, just as in Seven Samurai, success depends on the right combination of skills and strategies. The Seven AI Samurai of GRC offer a powerful analogy for how AI can be harnessed to automate and enhance governance, risk management, and compliance. By leveraging the unique strengths of each samurai, organizations can build a robust defense system that achieves business objectives, mitigates risks and uncertainty, ensures compliance, and drives continuous improvement while maintaining integrity.
So, as you navigate the complex landscape of GRC, remember the Seven AI Samurai. They are your protectors, your strategists, your workers, and your innovators who extend your current subject matter expertise – ensuring that your organizational village remains secure, resilient, and agile, ever-ready to face the future.
BTW – I will be interacting with Anthony Stevens, and his book “AI and the Future of GRC,” on AI and the Future of GRC webinar on August 2 @ 10:00 am – 5:00 pm Chicago/CDT.