Workshop

The implementation of Provision 29 marks the most significant shift in UK risk and control expectations in over a decade. For the first time, boards of UK-listed companies must affirm and disclose the ongoing effectiveness of their risk management and internal control frameworks — continuously, in practice and in principle.

In this hands-on workshop, globally recognised GRC analyst and thought leader Michael Rasmussen delivers a structured, practical blueprint for designing and sustaining a modern risk and internal control framework that meets the expectations of boards, regulators, and investors.

What You Will Learn

• Interpret the strategic implications of Provision 29 in the broader governance landscape
• Integrate risk and internal control with strategy, performance, and culture
• Clarify roles and responsibilities across the Three Lines Model
• Design risk and control lifecycles aligned with materiality and business change
• Leverage GRC technology for real-time monitoring and board-level reporting
• Demonstrate ongoing effectiveness with data, context, and clarity

Michael Rasmussen, Analyst & Pundit , GRC 20/20 Research & GRC Report

AI is transforming how organisations govern, manage risk, and maintain compliance. GRC is no longer sustainable as a manual, document-heavy, and reactive discipline — the complexity and speed of modern organisations demand something different: GRC that is intelligent, adaptive, and embedded in the way the business operates.

This is the foundation of GRC 7.0 – GRC Orchestrate. In this intensive workshop, renowned GRC analyst Michael Rasmussen provides a structured blueprint for integrating AI into GRC architecture — moving organisations beyond fragmented oversight toward a coordinated, enterprise-wide intelligence capability for objectives, uncertainty, and integrity.

This is not a theoretical discussion. Attendees will leave with a clear understanding of where AI delivers the greatest impact, how to design AI-enabled GRC architectures, and how to establish guardrails for responsible, explainable AI use.

What You Will Learn

• Understand the role of AI within GRC 7.0 – GRC Orchestrate and its practical implications
• Identify high-impact AI use cases across governance, risk, and compliance programs
• Apply AI to regulatory change management, risk identification, and control monitoring
• Use AI for horizon scanning, scenario analysis, and predictive risk intelligence
• Design GRC architectures combining human expertise with AI-driven insights
• Explore agentic AI, digital twins, and predictive analytics in modern GRC
• Establish guardrails for responsible, transparent, and explainable AI use

Michael Rasmussen, Analyst & Pundit , GRC 20/20 Research & GRC Report

Artificial Intelligence — spanning generative AI and agentic AI — is reshaping risk management from a reactive and periodic function into one that is truly cognitive, continuous, and connected. Yet uncovering its full potential while maintaining governance, control, and regulatory confidence remains a critical challenge for senior risk leaders.

Led by Manoj Kulwal of RiskSpotlight, this practical workshop explores where AI innovations add real value across core risk activities, how to scale adoption responsibly, and the Top 10 Emerging AI Risks every risk leader needs on their radar in 2026.

Discussion Points

• The Full AI Landscape: How generative and agentic AI collectively transform risk management capabilities
• A Vision Worth Working Toward: What cognitive, continuous, and connected risk management looks like in practice
• Use Cases You Can Act On: Prioritised AI applications across risk identification, scenario analysis, and control monitoring
• A 2026 AI Risk Radar: Top emerging AI risks spanning strategic, operational, reputational, and regulatory dimensions
• Confidence to Lead: Drive informed conversations with your board, regulators, and business leaders

Manoj Kulwal, Chief Risk & AI Officer , RiskSpotlight