From Speed Bump to Guardrail: Mitratech’s Henry Umney on the Strategic Evolution of GRC

2025-11-07T16:27:00+00:00

No comments

Mitratech’s Henry Umney sits down with Nick James to trace the shift in GRC from compliance checklists to a unified, tech-enabled function built for enterprise resilience.

The Governance, Risk, and Compliance (GRC) landscape has undergone a radical transformation, moving far beyond its traditional focus on purely financial risk. Mitratech’s Henry Umney noted that in recent years, the priority has shifted squarely to non-financial and operational risk, a change driven by regulatory mandates like DORA and NIS2.

Failures in regulatory reporting, IT risk management, and overall operational stability have proven to be more materially damaging than pure financial ones. This requires organisations to move away from reactive, point-in-time compliance toward continuous monitoring. The goal is to aggregate data from fragmented systems to achieve a holistic view of risk, which is critical for maintaining stability in a marketplace defined by digital transformation and complex regulatory requirements.

This evolution is reflected in the proliferation of terms like Cyber GRC and Dev GRC Ops, signaling a deeper, essential integration of risk practices directly into digital and operational workflows. This integration is vital because, with organisations relying heavily on third parties for infrastructure (rather than internal server rooms), direct visibility has been lost.

The modern GRC leader must embrace tech-savvy practices to leverage continuous information from internal systems and, crucially, from third, fourth, and fifth parties to measure true resilience. Looking ahead, the main priorities for GRC leaders are controlling the risks associated with the pervasive and accelerated adoption of AI, managing escalating geopolitical risks, and gaining full visibility into their extended third-party ecosystem.

Ultimately, the successful GRC leader must prove their value to the organisation by aligning the risk program with the core business values and growth drivers. This requires breaking down departmental silos and fostering cross-collaboration.

Henry Umney’s core piece of advice

GRC should not be viewed as a “speed bump” or “hand brake” that restricts the business. Instead, GRC leaders should define clear “guardrails” agreed-upon risk tolerances, that allow the organisation to move as fast as possible within a safe, defined boundary. This strategic alignment turns the GRC function into an enabler of speed, performance, and future profitability.

Latest video

Opinion
How AI and Root Cause Analysis are Revolutionising Risk Management

2025-09-23T13:58:00Z

By Jonathan Sumner
Opinion
GRC: The Brakes That Allow the Business to Go Faster

2025-09-22T15:29:00Z
#RISK Podcast Series
Navigating the Future of Regulation: Insights from Rory McGrath of Corytics

2025-07-08T14:57:00Z
#RISK Podcast Series
Insights from “Tipper X”: Behavioral Science Meets GRC at #RISK New York

2025-06-25T14:16:00Z
#RISK Podcast Series
Tom Fox to Discuss Future of Compliance at #RISK New York

2025-06-20T14:02:00Z
#RISK Podcast Series
AI Investments and Political Uncertainty with Chris Mason

2025-06-19T15:12:00Z

No comments yet

You're not signed in.

Only registered users can comment on this article.

More from #RISK Europe

Feature
The Countdown is On: Why #RISK, Now in its 4th Year, is Your Essential Stop for 2026 Resilience

2025-11-07T12:27:00Z By Jonathan Sumner

In a world defined by volatility, complexity, and convergence, the conversation around risk has never been more urgent. Next week, that conversation moves to the Excel London as #RISK returns on November 12th and 13th for its largest and most critical event yet.
Feature
Why Integrated Risk Management is the Only Path to Resilience

2025-10-20T14:58:00Z

The era of siloed risk is over…In the dynamic and often chaotic world of global commerce, risk is no longer a number relegated to a technical dashboard—it is the definitive metric that separates market leaders from those who are blindsided. As one 2024 attendee perfectly put it, “RISK is like having your very own experts on speed dial.”
News
ReadiNow Announced as Headline Sponsor of #RISK Europe 2025

2025-10-15T13:28:00Z

London, UK— 15 October 2025 —ReadiNow, a global leader in Enterprise no-code, AI-powered Governance, Risk and Compliance (GRC) solutions, today announced it will serve as headline sponsor for the #RISK Europe 2025 conference in London, taking place on 12-13 November in ExCel.