I spent last Thursday at a major risk and governance event in London, and I thought it would be useful to share what I learned — because the conversations happening in that space are beginning to shape the future of how organisations operate. I went in expecting a fairly typical conference: a few panel sessions, plenty of jargon, maybe some interesting vendor demonstrations. Instead, I left with a sense that the entire field of governance, risk and compliance is undergoing a genuine shift toward something smarter, more human, and far more strategic than the old rule-driven models we’re used to.
Across the day, I attended four panel sessions, spoke to various vendors about their governance, risk and compliance systems, and wandered through an exhibition hall that felt unusually forward-thinking. One thing that impressed me immediately was how much emphasis was being placed on making compliance feel more integrated into business decision-making. Rather than treating it as a barrier or an administrative burden, the message was clear: compliance is becoming an enabler — something that supports, strengthens and accelerates good organisational performance.
In one of the sessions I attended, a point was raised that genuinely shifted my perspective. A statistic was shared that 59 percent of compliance breaches are described as “human error.” It’s something I’ve always felt uneasy about, and I’m clearly not alone. That phrase has always struck me as a convenient catch-all — an easy way to categorise something without really interrogating why it happened. When someone makes a mistake, it’s rarely because they are careless or uninterested. It’s far more likely that the environment around them didn’t support the right outcome. If the controls, processes and guardrails aren’t strong enough to prevent foreseeable issues, then blaming humans feels like the wrong conclusion. It was refreshing to hear others challenge that narrative and argue that organisations need to design systems that reduce the likelihood of error rather than attributing blame after the fact.
Data, unsurprisingly, played a large role in many of the discussions throughout the day. But the message wasn’t simply about collecting more data—it was about collecting the right data. Traditionally, risk and compliance functions have relied heavily on formal risk registers, assessments and structured reporting. These are still essential, of course, but they don’t tell the full story. What’s becoming increasingly important is the type of data that lives inside teams: operational experience, informal feedback, lived expertise and the kind of insights that never make it into a dashboard but have enormous value when it comes to anticipating issues.
This idea of combining structured analytics with human understanding felt particularly powerful. It suggests a future in which risk and compliance functions aren’t simply cataloguing what has happened but predicting what might happen — and giving organisations the tools to prevent problems before they arise. That’s a far more proactive, thoughtful and ultimately empowering model than the retrospective approach many organisations still adopt.
As I walked through the exhibition stands later in the day, I noticed that the technology supporting this shift is developing rapidly. Many systems are moving towards automation, workflow intelligence and integrated reporting in a way that genuinely reduces administrative friction. Yet even with all the innovation on display, one theme kept resurfacing: no technology can compensate for a culture that doesn’t value good governance. The tools can guide us, but it’s people — our decisions, our attitudes and our willingness to embrace change — that ultimately determine whether risk and compliance functions become strategic assets or remain tick-box exercises.
Reflecting on the event, I found myself thinking about what all of this means for us. In many ways, we’re already on the path toward a more modern, data-driven approach. But the real opportunity lies in tapping into the wealth of knowledge our people carry, strengthening our processes so they support success rather than assume failure, and seeing compliance not as a set of obligations but as a way to create stability, insight and confidence across the organisation.
If there’s one thing I took away from the experience, it’s that the landscape is changing quickly. Risk and compliance are no longer back-office functions.
They are becoming central to strategic decision-making, and organisations that adapt early will be better prepared for the complexity ahead. The future of governance isn’t just about systems and frameworks—it’s about people, clarity and intelligent design. And that’s a future worth leaning into.
Michael Irene, CIPM, CIPP(E) certification, is a data and information governance practitioner based in London, United Kingdom. He is also a Fellow of Higher Education Academy, UK, and can be reached via moshoke@yahoo.com; twitter: @moshoke
