Are you an ostrich or a giraffe?

Are you an ostrich or a giraffe?

Are you an ostrich who is keeping their head in the sand, or a giraffe who is looking far into the future? Read Senior Manager, David Watterson's latest article to learn more.


Key Contact


Senior Manager, Advisory

KPMG Crown Dependencies


The beginning of a new decade inevitably prompts reflection on what has been and what is to come. KPMG Isle of Man’s “30 Voices on 2030” initiative sought perspectives from across the Island’s public and private sectors on how life may change over the next ten years. While participants address the implications for business more generally, which of the ideas have implications for Governance, Risk and Compliance (GRC)?

Change is the only constant

Several commentators anticipated that the rapid pace of change we have seen in recent years is likely to continue, if not intensify, over the coming decade. While GRC has a reputation for being a conservative discipline within many businesses, it’s clear that dynamism will be required if risk management frameworks and processes are to remain fit for purpose. Keeping abreast of change – both in leading practices within GRC and in the wider business environment in which an organisation operates – will be essential. Regulators and the public at large are demanding higher standards of governance and transparency from the firms they are involved with and this will require innovation to be achieved.

Technological innovation is an opportunity

No future-looking article would be complete without considering the role technology will play, and many of our “Voices” picked up on the enormous potential of data to impact everything from customer experience to regulation. The ability to cost-effectively collect and analyse data in ever-greater volumes, in ever-more sophisticated ways and on a continuous basis presents a great opportunity for risk issues to be surfaced and remedied more quickly and efficiently than ever before.

The data opportunity comes with a clear need to be mindful of obligations around data security, personal data privacy and the appropriate use of AI in analysis. The ways in which organisations use data is becoming of greater concern to regulators, customers and other stakeholders following ongoing revelations regarding misuse. Recent calls from Google for regulation on the use of Artificial Intelligence algorithms are a signal that what may currently be a moral imperative will be backed by legal obligations in due course. Businesses that recognise this and proactively seek to put appropriate governance measures in place may well be the ones who become leaders in the future.

Displaced risks

The increasing maturity and uptake of distributed ledger technologies – blockchain being the most widely known – will enable organisations to reengineer processes, eliminating or mitigating risks regarding the execution of transactions or compliance with regulatory requirements such that the focus of GRC work shifts towards auditing of the technology and its implementation rather than the transactions or human-led processes that would typically have been the focus in the past.

People will remain indispensable, but their roles may change

Technological progress in the automation of processes and analytical tasks also creates a clear need for GRC professionals to become more tech savvy. In the same way as assembly line jobs in manufacturing have been replaced by machine supervision jobs, GRC roles may increasingly involve the training, oversight and interpretation of outcomes from automated systems.

Another way in which the capabilities of existing GRC professionals may be augmented by technology is through the use of “As-a-Service” solutions, where innovative service providers are able to seamlessly deliver their expertise as an integral part of a business’ processes. This is already being seen in areas such as customer onboarding and third party risk management more broadly.

A bright future?

While the shape of Governance, Risk and Compliance will change in the coming decade, it’s importance to organisations will not diminish. The expectations of stakeholders and the public at large are at an all-time high and leaders that recognise this and seize opportunities for improvement will be putting their businesses in the best position to thrive, whatever the twenties have in store.

So are you an ostrich who is keeping their head in the sand, or a giraffe who is looking far into the future? KPMG can support you in taking GRC to the next level whether that be an independent view on your approach, leveraging our data-driven GRC solutions or looking for better ways to manage your Third Party Risk.

© 2023 KPMG in the Crown Dependencies is the business name of a group of Jersey and Isle of Man limited liability entities each of which are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. 

For more detail about the structure of the KPMG global organisation please visit

Connect with us