Governance, Risk and Compliance is no longer a back-office function but rather a strategic capability that helps organisations achieve objectives, manage uncertainty and act with integrity. Yet for GRC to truly deliver value, it must evolve alongside the pace of the ongoing global transformation.

This evolution is particularly visible and needed in the GCC, where fast diversification, new sectors, accelerating digitalisation and growing regulatory expectations are reshaping the business environment.

“The GCC is going through an impressive pace of transformation. New industries are emerging. AI and automation are accelerating rapidly, and regulatory expectations are increasing at a remarkable pace,” said As Besfort Kuqi, CEO and Board Member at Swiss GR, in his opening remarks on Thursday during the GCC GRC day-UAE Edition.

Stay up to date with the latest news. Follow KT on WhatsApp Channels.

A successful GRC programme; however, is rooted in culture. It requires leadership commitment and a clear tone from the top. GRC's mission is to make GRC“simple, effective, and accessible for everyone,” enabling organisations to stay in control and manage risk in a structured and reliable way“without unnecessary complexity,” Kuqi added.

The challenge of managing risk is becoming even more pronounced as organisations operate in an increasingly multipolar and fragmented world. Geopolitical tensions, local content regulations, supply chain disruptions and rapid technological change are reshaping how businesses must think about resilience

“Very key elements more important now than ever is to think end to end,” said Dallal Slimani, SVP Company Program & Transportation, CEO Office, Schenider Electric.“This is where technology is a strong enabler because it gives us visibility on end to end operations and allow us to take smarter decisions,”

“Supply chains are becoming more critical now with the world becoming more fragmented with the increased local content regulations.. I think if there is one element that I think is critical it is the visibility of all supply chain elements so you have to transform your physical supply chain into digital where you can have more visibility.”

This mindset reflects a broader truth, when GRC is seen as a shared responsibility and not a compliance burden, organisations become more engaged, more accountable and more prepared to act with integrity.

“You'll hear a lot of stories of GRC failures. That's because it's not driven from the top down,” said Rajeev Dutt, General Manager MEA & APAC at Swiss GRC in his presentation. Dutt emphasised that an organisation's culture is the foundation that determines whether processes and systems are embraced or ignored.

Many organisations still rely on fragmented systems and manual tasks that slow down their GRC efforts. Modern GRC programmes reduce friction through automation which then streamlines workflows, eliminating duplicate processes and creating a single source of truth.

Dutt added that seeing risk from all angles helps organisations to mitigate it. He explains that risk today is multidimensional. There are cybersecurity threats, digital disruption, AI-driven change, business continuity challenges and regulatory shifts which are constant. This makes compliance a business imperative rather than an add on.

He added further that to succeed, organisations must“navigate the chaos,” especially when taking strategic risks.“ You need GRC orchestration. You need to see risk from all angles,” Dutt explains.

This reinforces the value of a 360-degree risk view. Only when data, systems and teams are connected can organisations understand their exposures and make timely, informed decisions. The multidimensional aspects of risks should push organisations towards effective GRC which is aligning risk management with real organisational goals.

In this case, risk indicators are tied to strategic objectives, providing early warning signals for any emerging risks which eventually helps companies escalate rules and compliances to mitigate it.

“This approach transforms GRC from a reporting function into a strategic decision-enabler,” said Dutt.

AI is shaping the next frontier of risk, and governance models must evolve accordingly. Yet, AI governance requires a sociotechnical lens which includes people, culture and technology working together.

“The problem of responsible AI is not a technological problem-it's a human problem at its core... and there is no one-size-fits-all approach,” said Akshay Dalal, Head of Regional Risk and Compliance at Google.

With rapidly changing standards and emerging regulations, organisations must adopt adaptable frameworks and embed responsible-AI thinking into their core GRC practices, he explained.

Dalal added that modern GRC is a strategic enabler, not a constraint. He added that by fostering a strong culture, building 360-degree risk visibility and using automation to drive both efficiency and effectiveness, organisations can navigate transformation with confidence. He added that organisations who will succeed will be those that embrace GRC as a capability; one that supports responsible innovation, resilience and sustainable growth. However, each organisation will have to handle it differently than the other depending on their own challenges and risks.

“It is not a one size fits all,“ added Dalal.

Dalal explained further that to identify potential risks, there needs to be an adjustable library informed by research, historical data and external standards. Explaining further that risks must be assessed through five intersectional dimensions of impact and discussed in the product's review. Eventually, organisations can mitigate the assessments and review information as socio-technical value.

MENAFN20112025000049011007ID1110372162