Back to Spotlights
Spotlights · Thought Leadership
Our Thought Leadership
Short, opinionated essays on where GRC, internal audit, security and privacy are actually heading — from the people who do the work. Willing to be wrong out loud.
Lead spotlight · Internal Audit
Stop Writing Audit Plans. Start Running Value Streams.
The case for an agile, value-led internal audit function — and the operating model behind it.
Read Compliance · AI & AutomationYour AI Agents Are Employees Now. Audit Them Like It.
AI agents, copilots and bots now act in production. The seven hotspots a real assessment has to reach.
Read Strategy · TransformationEvery Transformation Dies in the Gap
Why strategy-to-delivery alignment is where most transformations quietly fail — and how to close it.
Read Data Privacy · Saudi PDPLFive Ways a PDPL Program Goes Wrong
The early pitfalls that derail Saudi PDPL programs — and what a good start looks like.
Read Data Privacy · Saudi PDPLFive Findings the PDPL Guide Tells You
Five things the regulator's own guidance makes clear, drawn straight from the PDPL material.
Read Data Privacy · FrameworksA Privacy Program Is an Operating Model
Privacy360 — a structure for a PDPL-compliant program that actually creates business value.
Read