The GenAI revolution in governance, risk, and compliance

By Karthick Chandrasekar, associate director at ManageEngine

The Malaysian government’s commitment to nurturing the AI ecosystem is evident through initiatives such as AI Untuk Rakyat, which aims to raise public awareness of the technology. Despite this, there is a gap between intent and adoption. A 2024 report by PwC states that 41% of Asia-Pacific CEOs admit to not adopting GenAI across their companies due to risk, compliance, and ethical concerns. Almost half of the CEOs are concerned with cybersecurity risks, while 44% have concerns about GenAI spreading misinformation.

Any professional in governance, risk, and compliance (GRC) is acutely aware of the inherent complexity of their domain expertise. This complexity has been ratcheted up amid breakthroughs in generative artificial intelligence (GenAI), according to the likes of ISC2. While this technology has returned outstanding results in marketing and content production, integrating it with GRC hasn’t been quite as straightforward.

One of the core challenges revolves around compatibility between GenAI and GRC standards due to the relentless and continual evolution of GenAI models.

• Revolutionising GRC: The unseen potential of GenAI
• The question of how to go about integrating GenAI into the existing GRC ecosystem is a critical one. Neglecting this could see organisations miss out on:
• Automation of tasks like policy creation and maintenance.
• Real-time tracking of legislation and risk assessment.
• Policy and control handling.
• Compliance mandate monitoring.
• Predictive planning and risk scanning.

Also at stake are highly specific enhancements for each GRC pillar:

Governance

AI analyses data from threat feeds and compliance reports, detecting patterns and anomalies to adapt policies to emerging threats and regulatory changes.

Machine learning detects subtle signs of cyberattacks in data traffic and user behaviour, outperforming traditional methods.

Natural language processing (NLP) automates security policy enforcement, ensuring compliance with internal and external regulatory policies.

AI streamlines user access reviews and remediation tasks, securing organisations against cyberthreats.
Risk

Advanced analytics and machine learning analyse historical cybersecurity incident data as part of the strategic risk model.

AI-powered simulated exposure scenarios lower the probability of a breach.
Optimum investment and risk mitigation tactics ensure efficiency in resource allocation.

Integration with financial services modelling tools offers a full understanding of the financial implications of individual breach scenarios, including losses and expenses.

Quantifying possible ROI motivates strategic investing and is backed by data.

Compliance

Streamlined system monitoring and reporting processes ensure regulatory compliance by efficiently analysing vast datasets.

Automated classification and encryption of personal data aids in compliance with regulations like the GDPR.
Real-time analysis of communications and transactions flags potentially illegal behaviour.

Constant scanning for compliance deviations guarantees the maintenance of regulatory obligations.
NLP-capable parsing and analysis of intricate regulatory indentures ease compliance efforts.

The hidden edges of GenAI adoption

As GenAI permeates the GRC domain, it presents a double-edged sword of potential benefits and risks. The phenomenon of creative gap-filling, where an AI model’s erroneous data spawns misinformation, poses a threat to decision-making processes. Bias is another concern, potentially compromising the objectivity vital to governance. Furthermore, the existing systems’ inability to verify sources reliably undermines their trustworthiness, which is key to GRC practices. Additionally, pressing ethical and legal challenges require organisations to tread a fine line between embracing innovation and adhering to compliance norms.

To chart this complex terrain, developers and GRC experts must join forces, ensuring that AI integration enhances rather than compromises organisational integrity. The path forward requires careful navigation, but the potential rewards make the journey worthwhile.

This is the part of the GenAI revolution that GRC professionals need to lead. They are tasked not only with oversight but also with being the architects of a framework for ethical innovation. They should create clear policies and robust frameworks for internal controls to ensure that the power of AI is exercised in a manner consistent with organisational values, protecting against risks and aiding in regulatory compliance.

It is also a two-way street. As a Forrester report highlights, GRC can provide avenues to align risk appetite with GenAI objectives, develop governance frameworks, and address third-party risks. GRC professionals can drive this by being more than mere facilitators. Instead, they must take on the mantle of strategic leaders who guide and steer organisations’ GenAI adoption.

The path forward

Even though challenges persist in the early stages of GenAI-driven GRC, there’s an urgent need to address issues surrounding secure integration and regulatory alignment. AI is advancing at a rapid pace. A new Worldwide AI and Generative AI Spending Guide from IDC indicates that the GenAI market is experiencing a massive boom in the Asia-Pacific region, with spending expected to hit USD 26 billion by 2027.

GenAI can be most effectively utilised by companies when paired with GRC expertise, eliminating many hurdles that stand in the way of innovation and growth, and ensuring ethical practices and stakeholder confidence are comprehensively addressed. The consolidation of GenAI with GRC is ultimately crucial to mitigating the hurdles that stand in the way of innovation and growth.

Read More Business News