With vast potential benefits and explosive momentum, nearly every organization is all in to experiment and hopefully adopt generative AI (genAI) to improve use cases — even across multiple areas — to transform its processes and operations. For governance, risk, and compliance (GRC) pros, often viewed as the naysayers of innovation, genAI offers two powerful opportunities:

  1. Accelerating safe and ethical use of genAI across the organization
  2. Moving the corporate goalposts for GRC from compliance to risk identification and mitigation

Our newly published report, Generative AI: What It Means For Governance, Risk, And Compliance, explores the early benefits, considerations for success, and pitfalls that GRC pros should avoid when moving from experimentation to implementation of genAI across the organization.

GRC Pros Are Key To Safe, Ethical GenAI Adoption

GenAI offers an opportunity for risk management to reinvent itself from the department of “no” to the discipline of “go.” When led by a transformational chief risk officer who understands that risk is necessary for growth and not simply a cost of doing business, risk management can help evaluate the biggest genAI bang for the buck by looking for undue risk, help apply genAI ethically, and identify what AI projects will require additional risk management guardrails, oversight, and controls. GRC pros also have a key role in determining the optimal speed for genAI adoption, provided that they forge alignment between risk management and the business and provide guardrails, not barriers.

GenAI Use Cases Aren’t Just For The Business

When the GRC technology itself gets a dose of genAI, it makes a big difference. It can enable a more proactive approach to identifying risks, uncovering unknowns where humans alone may not notice trends or cascading impacts, as well as modeling risk scenarios by using contextual information about the organization. It can also help mitigate risks sooner by recommending mitigating and compensating controls that meet specific requirements.

If you’re still equating GRC with just compliance, you’re only getting a fraction of its value. With genAI, GRC teams have a unique opportunity to optimize how your organization manages risk and compliance at the scale and speed necessary to match innovation.

How GRC Can Accelerate GenAI Across The Organization

To ensure that organizations have the means to guide the use of genAI for employees and within products and services, GRC can help by:

  • Aligning risk appetite with genAI goals. Risk appetite defines risk tolerance and expresses how much risk the organization is willing to take and at what cost. GRC pros can help the business define its risk appetite and tolerance to make the right trade-offs between risk and reward.
  • Supporting an AI governance framework. AI governance isn’t a nice-to-have; it’s a must. But don’t silo AI model management within product teams; otherwise, you’ll lose the opportunity to balance risk and reward for the business. GRC teams can connect strategy and the use of AI models with internal controls, policies, and applicable industry regulations.
  • Creating guidelines for third-party risk from genAI. Most commonly, genAI enters organizations by way of third parties in the form of models, data, open source, and new genAI capabilities of existing third parties. Lean on GRC teams to ensure that the way that third parties acquire, use, and train their AI models aligns with your organization’s risk appetite.

For more examples of how genAI can ease the GRC burden, additional steps for how GRC pros can make more forward progress in their organization’s genAI journey, and key mistakes to avoid, Forrester clients can check out our newly published report, Generative AI: What It Means For Governance, Risk, And Compliance, as well as set up a guidance session today to dive deeper into how to get started.