Navigating GRC Trends and Strategies in 2024

5 min read


In today's rapidly shifting business landscape, where uncertainty seems to be the only constant, Governance, Risk, and Compliance (GRC) strategy, process, and technology are more critical than ever. This era is marked by a kaleidoscope of challenges: geopolitical instabilities, economic volatility, and a relentless pace of technological innovation. In my recent webinar with MetricStream’s Patricia McParland, GRC Trends and Strategies to Accelerate Risk, Compliance, and Audit Programs in 2024 and Beyond, I had the privilege of diving into this whirlpool of change to explore emerging GRC trends and strategies for 2024 and beyond. 

Watch now: GRC Trends and Strategies to Accelerate Risk, Compliance, and Audit Programs in 2024 and Beyond 

When I reflect on the state of global business today, I see a world grappling with unparalleled complexities. These complexities are not just passing clouds but signify a profound transformation in how businesses operate and how risks are perceived and managed. In our interconnected global economy, the ramifications of geopolitical shifts are felt almost instantaneously, economic uncertainties loom large, and the digital revolution continues to redefine the landscape. Against this backdrop, traditional GRC programs and risk intelligence methodologies are undergoing a stress test. The question arises whether our current tools and frameworks are robust enough to navigate this dynamic and sometimes tumultuous environment. 

In the webinar, I endeavored to peel back the layers of these complexities, offering a nuanced perspective on the future of GRC; this includes:

  • Business-Integrated GRC (GRC 6.0). From a technology perspective, we are moving to what I call GRC 6.0. An evolution that signifies a deep integration of GRC into the very DNA of business processes. This approach transcends traditional compliance models, aligning GRC with the broader canvas of business objectives. 
  • Risk Management = No Surprises! It is critical that organizations approach risk management in a strategy that minimizes the unpredictability inherent in achieving business objectives. It involves a comprehensive understanding of the uncertainties tied to these objectives and devising proactive and responsive strategies. 
  • Orchestration of GRC Across the Enterprise. Organizations need a harmonious approach to GRC management across various departments. This orchestration is akin to a symphony conductor ensuring every section contributes to a cohesive performance. Such an approach is critical for a comprehensive view of organizational risk. 
  • Geopolitical Risk Management. Understanding and managing geopolitical risks have become paramount with the global business environment becoming more interconnected. Adopting a systematic and agile approach to these risks is now a key component of effective GRC strategies.
  • Risk Agility and Resilience. Organizations must develop the capabilities to identify and navigate risks before they materialize and recover from unexpected setbacks. These capabilities are crucial in a constantly and rapidly changing business world.
  • ESG Integration into GRC. GRC is how ESG gets done, and it requires integrating ESG into GRC strategy processes, which is enabled by technology. ESG commitments should be deeply embedded in organizational values and go beyond mere tokenism or box-ticking exercises. 
  • AI and GRC. The application of Artificial Intelligence (AI) in GRC is a game-changer, particularly in areas like regulatory change management and internal control monitoring. I differentiate between AI governance (AI GRC) and the use of AI to boost GRC processes (Cognitive GRC), both of which are critically needed within organizations. 
  • Elevated Accountability in GRC. There is a growing trend toward increased individual accountability within GRC. Senior management and executive teams are increasingly expected to take personal accountability, not just responsibility, for decisions around compliance and risk.
  • GRC in a Diverse Cultural Context. Implementing effective GRC strategies across different cultural landscapes, especially in multinational corporations, presents its own set of challenges. It requires a sensitive and adaptive approach. 
  • Building a Human Firewall and Cultivating Business Champions. Each employee plays a crucial role in GRC, and it is important to nurture business champions at all levels within an organization to create a strong and pervasive GRC culture.

As I discussed these themes with Patricia McParland from MetricStream, it became increasingly clear that the future of GRC is a multifaceted and stimulating realm. It demands an integrated, agile, and technology-empowered approach. Organizations that embrace these emerging trends and fortify their GRC frameworks will be well-equipped to navigate and capitalize on the opportunities presented by the complexities of today's business world. This webinar offered a platform to share comprehensive insights and practical strategies for organizations looking to enhance their GRC frameworks in these transformative times. It was an enlightening experience to contribute my thoughts and engage in a meaningful dialogue on the future of GRC. 

Watch now: GRC Trends and Strategies to Accelerate Risk, Compliance, and Audit Programs in 2024 and Beyond

Jump to Topic
Michel Rassmussen

Michael Rasmussen GRC Analyst & Pundit, GRC 20/20 Research

Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of enterprise GRC, GRC technology, corporate compliance, and policy management. With 27+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architecture, and select technologies that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester.

Michael has contributed to U.S. Congressional reports and committees, and currently serves on the Leadership Council of the OCEG and chairs the OCEG Technology Council, OCEG Policy Management Group, and the OCEG GRC Architect Group. 

Michael is quoted extensively in the press and is respected for his commentary on broadcast news channels. He is an Honorary Life Member in The Institute of Risk Management for his contributions to risk management and GRC. In June 2007, Treasury & Risk recognized Michael as one of the 100 most influential people in finance with specific accolades noting his work in “Governance and Compliance: Saving the Planet and the Corporation” and as a “Rising Star in Rocky Times: Corporate America’s Outstanding Executives.” 

Prior to founding GRC 20/20 Research, Michael was a Vice-President and ‘Top Analyst’ at Forrester Research, Inc. Before Forrester, he led the risk/compliance consulting practice at a professional services firm, and prior to that has specific experience managing compliance and risk within commercial organizations. 

Michael’s educational experience consists of a Juris Doctorate in law and a Bachelor of Science in Business. Michael is currently pursuing a Master of Divinity at Trinity Evangelical Divinity School with a research focus in ethics and church history. He is a GRCP (GRC Professional), CCEP (Certified Compliance and Ethic Professional), and a CISSP (Certified Information Systems Security Professional). OCEG has recognized him as an OCEG Fellow for his contributions and advancement of GRC practices around the world.