Research, blog & insights

Practitioner research that moves the work forward.

Original research, market commentary, and practitioner perspective on risk, governance, cyber, AI governance, and GRC implementation. Written by people who have delivered the work across regulated industries in APAC and the GCC.

01 - Featured

This month.

AI Governance · Long read

Navigating AI: Your essential guide to trustworthy AI governance with ISO/IEC 42001

The definitive practitioner guide to ISO/IEC 42001:2023 - what the standard requires, what auditors actually look for, and how to build an AI Management System that survives certification.

Kashif Qadir · Nov 2025 · 18 min read
Enterprise Risk

Risk maturity assessments - how mature is your function, really?

Kashif Qadir · May 2025 · Free checklist
Strategy

Embracing the future of enterprise risk: the transformative role of AI

Effective RM Research · Apr 2025 · 8 min read
Virtual CRO

Effective RM Virtual Risk Office services explained

Kashif Qadir · May 2025 · 6 min read
02 - What we see across the market

Practitioner data, not vendor surveys.

Insights drawn from 40+ enterprise engagements across 10 sectors. Anonymised and aggregated where individual data is sensitive. Published openly, no email gate.

68%

GRC implementations missing adoption targets

Across 50+ implementations reviewed, two-thirds fall below 30% active user adoption two years post go-live.

12

Months average from selection to value

Median time from GRC product selection to first measurable business value - far longer than vendor projections.

3.2

Average cyber maturity (out of 5)

Mean cyber maturity score across APAC enterprises assessed - persistent gaps in third-party and resilience domains.

22%

Have a formal AI governance program

Only 22% of enterprises assessed in 2025 had a documented AI governance program aligned to ISO 42001 or equivalent.

03 - All articles

The full archive.

04 - Deep-dive reports

Downloadable research reports.

Long-form research reports drawn from our practitioner work and aggregate market data. Free to download, no email gate, no marketing follow-up.

Research report

The APAC GRC Vendor Landscape 2026

Comprehensive analysis of 180+ GRC vendors with APAC implementation data, Gartner MQ positioning, and weighted buyer-side evaluation criteria.

42 pages · PDF
Get the Report
Field report

Why GRC Implementations Fail - 2026 Field Report

Original research from 50+ implementations reviewed across regulated industries. Failure patterns, root causes, and the three interventions that consistently work.

28 pages · PDF
Get the Report
Benchmark

APAC GRC Maturity Benchmark 2026

Aggregate maturity benchmarking across financial services, healthcare, telco, government, and critical infrastructure. Sector-by-sector scoring.

36 pages · PDF
Get the Report
05 - Methodology

Where our research comes from.

We are transparent about our research methodology. Every piece of original research follows the same three principles - designed to keep insights grounded in real practice.

- 01

Practitioner-authored

Every article and report is written by someone who has delivered the work in practice. No ghost-writers, no agency content, no AI-generated thought leadership.

- 02

Anonymised aggregate data

Benchmarks and statistics are drawn from 40+ enterprise engagements across 10 sectors. Individual client data is never identified. Sample sizes and methodology disclosed.

- 03

Peer-reviewed before publish

Every research report is reviewed by at least one other practitioner with relevant domain expertise before publication. Errors corrected publicly, version history preserved.

Ready to talk?

Start with a conversation.

Whether you are evaluating GRC platforms or looking for a practitioner who has done the work - we respond within one business day. No SDR sequences.

Book a consultation Explore products