Our Terms & Conditions | Our Privacy Policy
If you are a GRC professional, how do you manage compliance when the goalposts never stop moving?
This is one of several questions that international consultant and tech advisor Ross Saunders will discuss at the ITWeb GRC 2025 event on 30 October at The Forum, The Campus, in Bryanston.
Saunders’ presentation is titled: “Racing regulation: Mastering GRC in the age of unstoppable innovation”. He will unpack key trends impacting GRC, including shadow IT and unauthorised implementations, rapid risk assessment of emerging technologies, creating living policies for frequent change, multi-jurisdiction compliance techniques and developing skills to anticipate changes.
Speaking to ITWeb ahead of the event, Saunders said he will cover AI in his presentation, including its impact on aspects such as previous purchase limits and procurement limits.
“(These) don’t really count anymore,” said Saunders. “We have AI tools, and they’re freely available… you can put very powerful tools in for free or very little money, and it flies under the radar of due diligence and procurement.”
But markets are becoming more heavily regulated and this adds to the pressure on already burdened GRC professionals.
See also
Saunders said the EU, for example, is highly regulated and, in some cases, is causing smaller firms to pull out of this market.
“There are data protection laws, there are privacy laws… there are so many different compliance things flying around for legal to keep up with, but then the technology moves way faster.”
Global laws extra-territorial
Saunders pointed out that today, business is globalised and markets don’t operate in isolation.
“You don’t deal in the EU, you don’t have an entity in the EU, but you have clients from the EU… suddenly, the EU laws apply to you, but you’re an SA entity. So now all those compliance requirements land on you.”
South African legislation like POPIA also makes provision for globalisation, Saunders added, because you must have contracts and agreements in place if you are going outside of the country.
“Most service providers that you use are going to be hosted in the [United] States. The US has things like the Cloud Act, which means that the US government can access information that’s in a South African data centre because it’s owned by Microsoft and the parent company is in the US, so data sovereignty comes into it,” Saunders added.
He stressed the need for businesses to be agile, particularly in how they manage risk assessment and related processes. This agility also helps to address issues like shadow IT and shadow AI, which burden organisations because of lengthy approval or assessment processes.
He added that there are frameworks available to help businesses. “There are methods you can use; you can complement your current processes with these fast, rapid assessment tools to see where your risks are.”
Click here for more information and to register.
Images are for reference only.Images and contents gathered automatic from google or 3rd party sources.All rights on the images and contents are with their legal original owners.
Aggregated From –
Comments are closed.