Governance, Risk, and Compliance (GRC)

Governance, Risk, and Compliance (GRC) - OpenPages

Intended for IBM OpenPages and IBM FIRST Risk Case Studies customers to interact with their industry peers and communicate with IBM product experts.


#OpenPages-Governance,Risk,andCompliance(GRC)
 View Only
Back to discussions
Expand all | Collapse all

Rethinking GRC in the age of AI: are we ready for what's next?

  • 1.  Rethinking GRC in the age of AI: are we ready for what's next?

    Posted Thu October 23, 2025 10:37 AM
    Edited by JULIE BELLINGER Thu October 23, 2025 10:42 AM

    As GRC professionals, we're no strangers to transformation. Regulatory landscapes shift, risk profiles evolve, and technology continues to reshape how we manage complexity. But with the rise of generative AI, we've entered a new era- one that challenges not just our tools, but our mindset.

    🔮 From Reactive to Proactive to Predictive

    Historically, GRC has been reactive, responding to incidents, audits, and regulatory changes. Automation and real-time monitoring made us proactive. Now, AI is pushing us into the predictive era, where trust must be built before risk surfaces.

    This raises critical questions:

    • How do we govern AI without stifling innovation?
    • Can we trust AI to make risk-based decisions?
    • Is our current GRC approach ready for this shift?

    These aren't just technical questions, they're ethical, strategic, and deeply human. At IBM, we're exploring how to integrate AI responsibly into OpenPages, with explainability, auditability, and governance at the core. But we know this journey isn't one-size-fits-all. That's why we want to hear from you.

    💬 Let's Talk

    We'd love to hear from you:

    • Is Gen AI still "new" in your organization, or already part of your GRC strategy?
    • What's your biggest hope, or concern, about AI in GRC?
    • Have you started using AI in your risk or compliance workflows? What's working, and what's not?
    • What would help you feel confident using Gen AI in your risk or compliance processes?

    Drop your thoughts below👇. Let's spark a conversation that moves the industry forward!



    ------------------------------
    Julie Bellinger
    Senior Product Manager, IBM OpenPages
    jmelamud@us.ibm.com
    ------------------------------



  • 2.  RE: Rethinking GRC in the age of AI: are we ready for what's next?

    Posted Sun October 26, 2025 02:13 PM

    Julie, thank you for raising such a timely and interesting topic. As an IBM partner, we're keen to contribute to the discussion.
    We are presenting the first use cases you've shared, fully aware that they aren't strictly examples of generative AI. Our goal is to stimulate potential customer needs while also proposing a gradual approach to the use and integration of AI into Risk & Compliance Management, before fully embracing generative AI.

    We've received strong interest from clients, who have high expectations given the potential of AI and the future benefits it could bring across various sectors. At the same time, there is considerable concern about the limitations of AI, the challenges in controlling its outcomes, and the constraints imposed by internal policies on its use.

    We agree that the challenges in generative AI projects are not just technical but also cultural, procedural (in terms of responsibility), and tied to the quality of data provided to the AI.

    That said, some concerns have emerged, particularly regarding the OpenPages – Watson AI architecture, which we'd like to address:

    1. Performance
      If we understand correctly, the architecture requires OpenPages to export data to Watson AI, which then processes and returns the results. However, as we move towards more generative processing, where greater value is expected from AI, OpenPages will need to send more data to ensure reliable responses (e.g., data from numerous interconnected logical entities, historical data, personal records, etc.).
      Could this scenario significantly impact performance, both in terms of response times and the costs associated with using AI through OpenPages?

    2. Completeness and Quality of AI Responses
      In the proposed use cases, the AI's role was more "supportive" to the user (e.g., helping to make associations, checking text, and summarizing information). It's likely that the risk of errors would be limited and instead result in "limited" assistance (which could encourage the user to provide clearer and more complete descriptions). It's conceivable that by adjusting the confidence level and conducting some testing, the company could gain confidence in the AI's effectiveness and accuracy. But as we move further into generative AI... how can we mitigate the risks of receiving inadequate or incomplete suggestions? How can we minimize this risk?



    ------------------------------
    Gabriele Meneguzzi
    ------------------------------

    Original Message


  • 3.  RE: Rethinking GRC in the age of AI: are we ready for what's next?

    Posted Sun October 26, 2025 07:08 PM

    Hi Gabriele,

    Thank you for your considered response and for raising such pertinent points around the integration of AI into Risk and Compliance workflows. Your reflections on both performance and response quality are very much aligned with the conversations we're having across the industry.

    Performance Considerations

    As we move towards more generative use cases, the volume and complexity of data exchanged between OpenPages and Watson AI will naturally increase. To mitigate performance risks, we're focusing on several key strategies:

    • Effective Prompt Management: By refining prompt structures and context windows, we reduce unnecessary data transfer and improve response efficiency.

    • Refined Retrieval-Augmented Generation (RAG) Patterns: These allow OpenPages to retrieve only the most relevant data, minimising payload size while maximising relevance.

    • Small Language Models (SLMs): For many domain-specific tasks, SLMs offer faster, more cost-effective responses with sufficient accuracy, making them a valuable complement to larger models.

    These approaches help ensure that AI remains scalable and responsive, even as use cases become more sophisticated.

    Quality and Hallucination Risks

    Your concerns about the reliability of generative outputs are well founded. This is precisely where governance becomes essential, and IBM watsonx.governance provides robust support through:

    • Real-Time Guardrails: These enforce policy constraints and usage boundaries dynamically, helping to prevent inappropriate or low-confidence outputs.

    • Ongoing Monitoring: We continuously track model behaviour, flag anomalies, and assess output quality to ensure consistency and trustworthiness.

    • Improved Model Output Quality: Through confidence scoring, feedback loops, and curated training data, we're enhancing the reliability and clarity of generative responses.

    These governance capabilities are designed to help organisations build trust in AI-assisted decision-making while maintaining compliance and accountability.

    Thanks again for your engagement. I'd be happy to arrange a deeper technical session to explore these governance mechanisms in more detail if that would be helpful.

    Best regards,

     

    Ian Francis
    Principal Product Manager
    watson    x.governance 


    IBM Data and AI

    Mobile: +447854127709
    E-mail:     ianfrancis@uk.ibm.com  

     

    Unless otherwise stated above:

    IBM United Kingdom Limited
    Registered in England and Wales with number 741598
    Registered office: Building C, IBM Hursley Office, Hursley Park Road, Winchester, Hampshire SO21 2JN



    Original Message


Related Content