Capability without Governance Leads to Instability: Integrated GRC with Noor Aziz

Innovation spans many areas, and compliance professionals need not only to be ready for it but also to embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode, host Tom visits with Noor Aziz, a Saudi Arabia–based governance, risk, and compliance professional with extensive ISO lead auditor credentials, internal audit and controls experience, and a growing focus on AI governance. Noor argues that effective compliance must be practical and business-friendly—clear ownership, escalation, accountability, and evidence—so it still functions under operational pressure rather than becoming bypassed. She emphasizes leadership commitment, culture shaped by observed behavior, and integrated GRC to reduce silos that create duplication, inconsistent reporting, and “governance fatigue.” On AI, she frames governance as a board-level issue because adoption is outpacing accountability, creating future scrutiny around oversight, traceability, and defensibility; she notes, “capability without governance eventually creates instability.” She recommends change management, micro-learning, and ongoing communications, and concludes that governance is organizational infrastructure, not administrative overhead. Key highlights: Integrating Controls, Audit, and Risk Breaking Down GRC Silos Why AI Governance Is Board Level Culture When Nobody’s Watching Training That Actually Works: Microlearning and Ongoing Comms Why Frameworks Fail in Execution Maturing Governance for Business Value Resources: Connect with Noor Aziz on LinkedIn Innovation in Compliance was recently ranked Number 4 in Risk Management by 1,000,000 Podcasts.

Innovation occurs across many areas, and compliance professionals need not only to be ready for it but also to embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode, host Tom visits with George Tziahanas, VP of Compliance and Associate General Counsel at Archive360. Tom interviews George Tziahanas on why organizations must move beyond data storage to providing data integrity, lineage, and accountability as a foundation for AI readiness. George defines “data defensibility” as the ability to defend how AI systems were trained and operate when AI decisions are not easily explainable, such as in rules-based automation, emphasizing upstream data provenance, monitoring, and audit trails. They discuss increasing regulator and stakeholder focus on authority and accountability, and how litigation can shape compliance, citing early e-discovery practices influenced by the Zubulake v. UBS Warburg decision and enforcement context involving former New York AG Elliot Spitzer. George uses the Mercor breach to show supply-chain and confidentiality risks in AI training data and notes that regulators and plaintiffs may rely on existing laws. He highlights risks from weak data governance, dark data, and legacy archives. He recommends asset/data inventories, migrating data off insecure legacy systems, risk-tiering AI use cases, extending ISO/NIST frameworks, and building observability to enable faster, responsible AI adoption. Key highlights: What Data Defensibility Means Litigation Shapes Compliance Weak Data Governance Risks Managing Legacy Archive Data Governance Accelerates AI Dark Data Explained What Success Looks Like Resources: George Tziahanas on LinkedIn Archive360 Articles by George Tziahanas Beyond Retention: Why AI Governance in 2026 is a Defensibility Problem Keeping Data in Check: The Importance of Data Defensibility

Innovation comes in many forms, and compliance professionals need not only to be ready for it but also to embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode, host Tom visits with Dr. Dennis Cummins to discuss his new book, “Invitational Selling: The Human Connection Advantage.” Dr. Dennis Cummins, a globally recognized authority on invitational selling, champions a sales approach that prioritizes building authentic connections over traditional hard-sell techniques. Rooted in his extensive experience selling from the stage, Dr. Cummins believes in the transformative power of meaningful conversations to understand and effectively meet customer needs. His philosophy is detailed in his new book, “Invitational Selling: The Human Connection Advantage,” which promotes inviting customers to engage rather than pressuring them into a purchase, fostering authentic relationships that extend beyond mere transactions. Proceeds from the book benefit the Make-A-Wish Foundation. His book also underscores the potential of invitational selling to inspire collaboration within organizations and families, reflecting his commitment to empowering others through shared skills and talents. Key highlights: Relationship-Driven Sales Approach Invitational Leadership for Employee Engagement Profitability through Open Communication Culture Humanizing AI to Build Trust and Connection Invitational Selling: Creating Authentic Business Connections Resources: Dr. Dennis Cummins on LinkedIn Dr. Dennis Cummins Website Invitational Selling: click here  Innovation in Compliance was recently honored as the Number 4 podcast in Risk Management by 1,000,000 Podcasts.

Innovation occurs across many areas, and compliance professionals need not only to be ready for it but also to embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode,  host Tom visits with Jeff Kushner, a compliance and IT security leader at Allgress. Jeff talks about “compliance drift,” where external obligations such as laws, frameworks like NIST/ISO/CIS, customer and licensing requirements, fall out of alignment with internal governance policies, procedures, and contracts, creating silent gaps that surface only during audits or incidents. They discuss the added volatility from business and geopolitical changes and identify industries most exposed to hidden compliance risks, including small and mid-sized businesses, AI-focused organizations, behavioral health clinics managing many frameworks across multiple sites with drop-in audits, and small DoD contractors facing CMMC. Jeff argues that traditional spreadsheet-based or audit-centric GRC is static and point-in-time. He describes Reg Watch as a complementary regulatory intelligence layer that continuously monitors 3,000+ global standards, provides real-time alerts, explains changes in plain English, and provides sample policies and implementation steps, along with supporting documentation and follow-up validation. Key highlights: Compliance Drift Explained Volatility Beyond Regulations Why Old GRC Fails Reg Watch Intelligence Layer Documenting Actions and Proof Resources: Jeff Kushner on LinkedIn Allgress Innovation in Compliance was recently honored as the Number 4 podcast in Risk Management by 1,000,000 Podcasts.

Innovation comes in many areas, and compliance professionals need not only to be ready for it but also to embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode, Tom visits Deb Krier to discuss her work coaching primarily executives after serious cancer diagnoses. Deb discusses the unique leadership challenges of privacy, disclosure, and maintaining credibility while undergoing treatment. Deb, a corporate communications professional and founder of Wise Women Communications, discusses what leaders should share with boards, HR, close colleagues, and clients, emphasizing the importance of controlling the narrative to prevent rumors and coordinating with medical teams to plan around energy levels, treatment, and time away. She describes resilience as “grit,” encourages leaders to delegate and empower teams, and urges organizations to strengthen business continuity and contingency planning so no single person holds ultimate authority. Deb highlights the importance of a support “tribe,” the benefits of humor, and advises compliance professionals to listen with empathy while addressing any legal disclosure obligations. Key highlights: Cancer Coaching for Executives Work Impact and Treatment Planning Resilient Leadership in Crisis Support Tribe and Community Humor as Medicine Compliance, Empathy, and Culture Resources: Deb Krier on LinkedIn Your Cancer Coach Website  The Business Power Hour Podcast Innovation in Compliance is a multi-award-winning podcast that was recently ranked Number 4 in Risk Management by 1,000,000 Podcasts.

Innovation spans many areas, and compliance professionals need not only to be ready for it but also to embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode,  host Tom visits with GRC expert and OCEG co-founder Carole Switzer. They highlight her new books, “Mastering GRC: The Lawyer’s Guide to Success in Governance, Risk and Compliance” and “The AI-Enabled Law Firm” (co-authored with Lee Denner). Carole explains she wrote “Mastering GRC” to help lawyers applying legal skills in GRC roles move from reactive problem-solvers to proactive enterprise leaders by embedding in business objectives, asking better questions, and collaborating across audit, risk, legal, and compliance. She recounts OCEG’s origins and its GRC Capability Model, certifications, and global growth. Carole discusses balancing legal oversight with business partnership, including the risks of privilege when acting in business roles. Looking ahead, she predicts rapid AI-driven change in legal practice, stressing technology and data-meaning (“semantic layer”) issues, and the need to adapt existing GRC frameworks for speed and volatility. Key highlights: Why These Two Books From Counselor to Leader Integrated Governance Mindset How OCEG Built GRC Standards Oversight vs Business Partner Future of Legal GRC and AI Managing Volatility With Frameworks Resources: Carole Switzer on LinkedIn OCEG The AI-Enabled Law Firm Mastering GRC: The Lawyer’s Guide to Success in Governance, Risk and Compliance Innovation in Compliance, a multi-award-winning podcast, was recently honored as the Number 4 podcast in Risk Management by 1,000,000 Podcasts.

Innovation occurs across many areas, and compliance professionals need not only to be ready for it but also to embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode, host Tom Fox visits with Dr. Rohan Lall, a clinically trained Neurological Surgeon and Chief Medical Officer of SynerFuse, about innovation in spine surgery and the compliance infrastructure needed to support it. Dr. Lall Law explains TLIF (transforaminal lumbar interbody fusion) and ETLIF, which integrates direct nerve root stimulation into reconstructive spine surgery to address persistent pain from chronically injured nerves even after decompression and fusion. Dr. Lall describes the innovation as team-driven, highlighting collaboration and detailing the regulatory path for a novel Class III device, including a feasibility proof-of-concept study, third-party data management, and an independent data and safety monitoring board. Dr. Lall outlines how compliance leaders should align with business speed while managing FDA requirements, data integrity, ethics, and risk, and he notes future impacts from neuromodulation, robotics, and image guidance. Key highlights: Back Surgery Basics and Electrified TLIF Explained Innovation Origin Story Regulatory and Collaboration Hurdles Clinical Trials and Data Integrity How Compliance Can Help Innovators Resources: Dr. Rohan Lall on LinkedIn Synerfuse Company Website Innovation in Compliance is a multi-award-winning podcast that was recently ranked Number 4 in Risk Management by 1,000,000 Podcasts.

Innovation occurs across many areas, and compliance professionals need not only to be ready for it but also to embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode,  host Tom visits with Aravind Parthasarathy, Vice President, Client Partner for Telco & Tech at NewRocket, a ServiceNow implementation company focused on helping large enterprises adopt agentic AI. They discuss the shift from viewing AI as a tool to treating it as an operator with humans as mentors handling exceptions, and what this means for compliance, GRC, and risk management. Aravind contrasts minimum viable product (MVP) with minimum viable function (MVF), emphasizing end-to-end autonomous business functions, probabilistic performance, and continuous learning. They cover governance needs, including guardrails, policy-as-code, auditability of agent decisions, model drift monitoring, and automated “trust but verify.” Aravind provides a telecom outage-troubleshooting example with compliance notification obligations, addresses board-level AI governance using emerging standards like ISO 42001, suggests KPIs (accuracy, autonomy), recalibrates operational metrics, and introduces “context graphs” to capture decision data over time. Key highlights: AI From Tool to Operator Compliance in the MVF Era Trust but Verify at Scale Scaling to Multi-Agent Systems Board Level AI Governance Misconceptions and Practical Next Steps Resources: Aravind Parthasarathy on LinkedIn: https://www.linkedin.com/in/aravindsarathy/ New Rocket Website: https://www.newrocket.com/ Innovation in Compliance is a multi-award-winning podcast that was recently ranked Number 4 in Risk Management by 1,000,000 Podcasts: https://www.millionpodcasts.com/Risk-Management-podcasts/

Innovation occurs across many areas, and compliance professionals need not only to be ready for it but also to embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode, host Tom visits with Nav Thethi, creator of the “Cracking the Digital Maturity Code” series, to discuss leadership gaps in digital transformation, AI, and data governance. Nav describes building a peer-learning platform through his podcast, developing digital maturity benchmarks with organizational scorecards, and co-authoring a book on digital maturity. He outlines an AI readiness gap driven by executive imposter syndrome, FOMO-driven pressure, education and alignment gaps, and lack of roadmap, citing Gartner’s view that 89% of AI initiatives fail for reasons beyond technology, including “pilot purgatory.” Nav’s maturity approach emphasizes measuring the current state across multiple pillars, including technology, data, customer experience, leadership/strategy, and talent/culture; aligning with business outcomes; upskilling; refining; integrating with governance; tracking meaningful KPIs; and scaling responsibly. He stresses C-suite-led governance, leader engagement in change management, and maintaining customer trust through human oversight of AI-generated content. Key highlights: Cracking the Maturity Code Format AI Readiness Gap and FEAR Who Owns AI Governance Start Small and Scale Fast Human AI Collaboration and Trust Key Takeaways for Executives Measure Your Digital Maturity — Stop Guessing. Start Scaling. Take the Digital Maturity Assessment to benchmark your organization, identify blind spots, and connect your digital strategy to real-world outcomes that matter. Assess your Digital Maturity Now: https://go.navthethi.com/digital-maturity-assessment Resources: Nav Thethi on LinkedIn Nav Thethi Website Nav Thethi podcast-The NavThethi Show Cracking the Maturity Code with Nav Thethi on YouTube Innovation in Compliance was recently ranked Number 4 in Risk Management by 1,000,000 Podcasts.

Innovation comes in many areas, and compliance professionals need not only to be ready for it but also to embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode, host Tom Fox visits with energy journalist/publisher Loren Steffy to discuss whether a Trump administration announcement regarding Venezuela is meaningful for oil markets, concluding that it mainly increases uncertainty and is unlikely to drive major U.S. oil-company investment. They note West Texas shale generally needs about $60 oil to break even, making $50 oil politically and economically problematic. They explain that Venezuela’s heavy crude requires specialized extraction technology and extensive, aging infrastructure upgrades to reach the market, potentially costing billions and taking decades, with some estimates placing Venezuela’s break-even price at $80 or higher. They emphasize governance, corruption, degraded PDVSA human capital, contract enforceability, and unresolved debts (including reported $12B owed to ConocoPhillips) as key barriers, making Venezuela “uninvestible” for most majors and suggesting only high-risk players might consider entry amid unclear U.S. strategy. Key highlights: Venezuela Heavy Crude Basics Infrastructure Rebuild Challenge Human Capital and Governance Old Debts and Legal Risk Government Plan or Subsidies Resources: Loren Steffy on LinkedIn Stoney Creek Publishing  Innovation in Compliance was recently ranked Number 4 in Risk Management by 1,000,000 Podcasts.