Mbulelo Sochifa, head of IT operations at Glacier by Sanlam, delivered a compelling call for organisational transformation at the ITWeb Governance, Risk and Compliance 2025 event, advocating for a crucial shift from static to dynamic risk management.
Sochifa said the traditional, reactive and periodically reviewed risk registers are no longer fit for purpose against the backdrop of rapid digital innovation, new partnerships and a complex global landscape.
Dynamic risk management requires moving from reactive compliance to proactive, business-driven resilience, continuously tracking and adapting to new risks. “Top GRC tools in 2025 are AI-led, including MetricStream, ServiceNow GRC and IBM OpenPages,” explained Sochifa.
Sochifa stressed that risk is everyone’s job, and companies must foster a culture that rewards transparency, not blame, and builds resilience by encouraging ownership at every level, prioritising continuous learning over static policies.
Despite advancements in GRC technology, she said maturity remains a significant challenge. She cited research showing that 51% of risk and compliance professionals believe their organisation does not have a mature risk and compliance programme, and 33% reporting that their GRC technology is siloed in spreadsheets.
In closing, Sochifa said dynamic risk management replaces isolated risk registers with resilience integrated into business operations, enabling risk prediction and faster, co-ordinated responses to disruptions.
Share