The Hitchhiker’s Guide to the GRC Technology Galaxy

Beyond the AI Hype Cycle: Complyance in the GRC Galaxy

23 min · 4. juni 2026
episode Beyond the AI Hype Cycle: Complyance in the GRC Galaxy cover

Description

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen sits down with Richa Kaul, founder and CEO of Complyance, for a conversation about one of the most crowded buzzword fields in the modern GRC universe: AI. The discussion begins with the story of Complyance, how it emerged, and what has helped it stand out in an increasingly competitive market. From there, Michael and Richa dive headfirst into the growing gap between AI marketing and AI reality. Every platform seems to have an AI strategy. Every vendor claims to have agentic AI. But what does that actually mean, and more importantly, what is it actually doing? Together they explore the difference between AI as a feature, AI as a marketing term, and AI as a genuine system of action that performs work on behalf of GRC teams. The conversation focuses on practical outcomes rather than promises, including how Complyance applies AI to third-party risk management, internal controls, evidence collection, questionnaire responses, and continuous monitoring. Along the way, Richa shares the questions organizations should be asking when evaluating AI-powered GRC solutions, how to distinguish meaningful capabilities from demonstrations and prototypes, and why the future belongs to platforms that can combine intelligence with action. The discussion closes with a look toward 2030 and how both Complyance and the broader GRC market may evolve as AI becomes more deeply embedded in governance, risk, and compliance programs.

Comments

0

Be the first to comment

Sign up now and become a member of the The Hitchhiker’s Guide to the GRC Technology Galaxy community!

Get Started

1 month for 9 kr.

Then 99 kr. / month · Cancel anytime.

  • Podcasts kun på Podimo
  • 20 lydbogstimer pr. måned
  • Gratis podcasts

All episodes

33 episodes

episode The title of Hitchhiker_s_Guide_to_the_GRC_Technology_Galaxy artwork

The title of Hitchhiker_s_Guide_to_the_GRC_Technology_Galaxy

In this episode of The Hitchhiker's Guide to the GRC Technology Galaxy, Michael Rasmussen sits down with Eric Erston, Chief Revenue Officer of RegScale, to discuss what happens when you stop treating compliance as a paperwork exercise and start treating it as a living system. The conversation begins with the story of RegScale and how it started, how it has evolved over the years, and why it chose a fundamentally different path from much of the GRC market. Instead of periodic assessments, endless evidence collection, and audit preparation that feels like starting over every year, RegScale was built around continuous controls monitoring, compliance as code, and automation from the ground up. Michael and Eric explore the kinds of organizations that gravitate toward RegScale, the use cases where it excels, and what differentiates it in an increasingly crowded market. They discuss practical lessons learned from helping organizations modernize compliance programs, including the shift from manual effort to continuous assurance, and why automation should remove work rather than simply move it somewhere else. The discussion also turns to one of RegScale's most demanding customers (not by name, but by the extraordinary scale and complexity of the challenges they solve) and how that relationship continues to push the platform beyond what its creators originally imagined. Finally, they look toward 2030 and consider where continuous compliance, AI, and machine-readable governance are heading as organizations demand greater speed, stronger assurance, and less administrative burden. In a galaxy where bureaucracy has somehow become a business process, RegScale is betting on a future where compliance happens continuously and paperwork becomes little more than an interesting historical artifact.

16. juli 202620 min
episode Beyond the AI Hype Cycle: Complyance in the GRC Galaxy artwork

Beyond the AI Hype Cycle: Complyance in the GRC Galaxy

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen sits down with Richa Kaul, founder and CEO of Complyance, for a conversation about one of the most crowded buzzword fields in the modern GRC universe: AI. The discussion begins with the story of Complyance, how it emerged, and what has helped it stand out in an increasingly competitive market. From there, Michael and Richa dive headfirst into the growing gap between AI marketing and AI reality. Every platform seems to have an AI strategy. Every vendor claims to have agentic AI. But what does that actually mean, and more importantly, what is it actually doing? Together they explore the difference between AI as a feature, AI as a marketing term, and AI as a genuine system of action that performs work on behalf of GRC teams. The conversation focuses on practical outcomes rather than promises, including how Complyance applies AI to third-party risk management, internal controls, evidence collection, questionnaire responses, and continuous monitoring. Along the way, Richa shares the questions organizations should be asking when evaluating AI-powered GRC solutions, how to distinguish meaningful capabilities from demonstrations and prototypes, and why the future belongs to platforms that can combine intelligence with action. The discussion closes with a look toward 2030 and how both Complyance and the broader GRC market may evolve as AI becomes more deeply embedded in governance, risk, and compliance programs.

4. juni 202623 min
episode The Restaurant at the End of the GRC Universe artwork

The Restaurant at the End of the GRC Universe

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, field researcher and intergalactic GRC hitchhiker Michael Rasmussen is joined by Graeme Keith and Stefan Gershater for a conversation that is slightly unusual for the series because there is no technology vendor in sight. Instead, it’s two deeply experienced risk practitioners looking at the GRC technology market from the outside and asking a fairly uncomfortable question: Has the industry become so distracted by AI that it never properly solved the basics in the first place? The discussion explores a GRC landscape crowded with platforms, overlapping promises, and increasingly indistinguishable products. Graeme and Stefan argue that many vendors are still wrestling with foundational architectural problems while simultaneously racing to attach AI to everything in sight. Along the way, they compare the current AI wave to The Restaurant at the End of the Universe and ask whether AI will ultimately destroy the GRC technology galaxy or accelerate it. The consensus is more grounded than apocalyptic. AI is an amplifier. If your approach to risk and governance is fundamentally sound, AI may accelerate value. If your processes are broken, AI simply helps you fail faster. The conversation also dives into quantitative risk, uncertainty, machine learning, decision-making, and why so many organizations still struggle to distinguish useful technology from what Michael jokingly compares to the Wizard of Oz, where much of the magic disappears once someone pulls back the curtain. They close with practical advice for organizations trying to navigate an overcrowded and noisy market, including how to think critically about vendors, architecture, AI claims, and what truly differentiates good GRC technology from polished demos and marketing theater.

28. maj 202635 min
episode The Practical Improbability of Value: CoreStream in the GRC Galaxy artwork

The Practical Improbability of Value: CoreStream in the GRC Galaxy

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen sits down with Richard Eddolls, co-founder and Platform Director of CoreStream, for a conversation about what happens when a GRC platform is built around one deceptively difficult idea—delivering real value. Richard shares the origins of CoreStream, how the company evolved from its early beginnings, and how its core DNA has stayed remarkably consistent over the years. Simplicity, flexibility, and measurable outcomes remain central to the way CoreStream approaches GRC, even as the market itself has become larger, noisier, and increasingly crowded with overlapping promises. The discussion explores why CoreStream focuses so heavily on outcomes rather than features, how configurability became one of the company’s defining strengths, and why organizations ranging from highly regulated enterprises to complex global manufacturers have gravitated toward the platform. Michael also shares a story about a major European manufacturer whose RFP process ultimately revealed something larger than a list of requirements. CoreStream stood out not just for meeting the brief, but for helping the organization think differently about where value could actually be created. Along the way, they unpack the breadth of use cases CoreStream supports, the philosophy behind its no-code approach, and how its partnership with Sannos fits into the company’s evolving AI strategy. Rather than chasing hype, the focus remains on practical applications that improve efficiency, decision-making, and organizational effectiveness. The episode closes with a look toward 2030 and what CoreStream may become as GRC continues to evolve from a compliance exercise into something more connected, adaptive, and operationally meaningful. In a galaxy full of dashboards, acronyms, and feature lists, this conversation keeps returning to a simpler question. Does the technology actually create value?

22. maj 202628 min
episode Risk Has No Borders: Aravo in the GRC Galaxy artwork

Risk Has No Borders: Aravo in the GRC Galaxy

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen sits down with Adelani Adesida and Dave Rusher of Aravo to explore why third-party risk has become one of the defining challenges of the modern enterprise. The conversation starts with a simple reality. The extended enterprise is the enterprise now. Organizations increasingly rely on vast networks of suppliers, vendors, contractors, distributors, and partners that stretch across jurisdictions, industries, and regulatory environments. Managing that complexity well is difficult. Managing it poorly, as Michael notes, can resemble Vogon poetry and be painful, confusing, and something no one should willingly endure. From there, they unpack Aravo’s long history in third-party risk management and what has allowed the company to stand out in a crowded market. Michael highlights four things he believes differentiate Aravo. First, experience. Second, the ability to handle both deep complexity and global scale while still supporting smaller and mid-sized organizations effectively. Third, the breadth and maturity of its domain coverage across legal, compliance, cyber, operational resilience, privacy, sustainability, health and safety, and more. And finally, the people and culture behind the platform. The discussion also explores why so many TPRM programs fail to mature, what successful implementations look like, and how Aravo approaches AI pragmatically rather than theatrically.  The episode closes with a look toward 2030 and how Aravo sees third-party risk evolving as supply chains become more interconnected, regulations become more dynamic, and AI becomes increasingly embedded in the way organizations operate.

14. maj 202636 min