CFOtech UK - Technology news for CFOs & financial decision-makers
United Kingdom
Penny ashley lawrence on stage copyright workiva
#
Data Analytics
#
Digital Transformation
#
HCM

Platform consolidation the path to strategic compliance value - Workiva

Mon, 9th Mar 2026
Author image
By Donovan Jackson, Interview Editor

The tech industry has long hailed data as the new oil, and the clipboards of Governance, Risk, and Compliance (GRC) offer something of a gusher of potentially useful information. But, as is the case for data and perhaps oil, the crude, unrefined stuff isn't generally seen as valuable. From a once-burdensome, checklist-driven obligation, GRC is emerging as a strategic imperative driving organisational value, so long as the right tools for data gathering, refinement and analysis are in place.

That's according to Workiva's EVP and Chief Customer Officer Penny Ashley-Lawrence. On a recent visit to Melbourne, she shared insights on how these platforms ease GRC burdens, enhance accuracy, and amplify its contributions to business outcomes.

Put to her that historically, GRC has been a little more than a box ticking bugbear adding little value beyond meeting regulatory requirements, Ashley-Lawrence says times have changed particularly in the past 5 years. "That was the perception, but we've moved on. Today, GRC integrates into the broader priorities of the office of the CFO, fostering and contributing to valuable collaboration and data sharing across teams like finance, audit, risk, and sustainability," she notes.

The core advantage of a consolidated platform accessible to members across these teams and more lies in centralising data. When all relevant information resides on a single, unified system, decision-making accelerates, errors diminish, and cross-team reporting becomes effortless, says Ashley-Lawrence. "It turns obligatory compliance into a value-adding function, enabling automation, clearer outcomes, and more reliable investor reporting."

A major pain point in traditional GRC setups is data silos, which Ashley-Lawrence identifies as a top frustration. Silos arise from isolated point solutions, leading to inefficiencies (multi-keying, 'swivel chair integration', and endless searches for the same information) and communication breakdowns.

Often, the presence of these problems is signalled by spreadsheets. While ubiquitous, they often result in discrepancies, such as finance and HR teams reporting different employee counts due to varying measurement methods and lack of governance. "Each function tends to optimise for its own priorities, tools and timelines. Sometimes these are conflicting, and generally an integrated view of performance or compliance isn't available.

And that translates into the very sort of risk compliance sets out to address.

By contrast, Ashley-Lawrence says consolidated platforms establish an 'unbroken chain of trust' from data sources to final disclosures. Workiva, for instance, embeds GRC on a platform that supports data automation, financial sustainability, and regulatory reporting. This eliminates silos, enhances connectivity, and ensures transparency.

The integration of Artificial Intelligence (AI) further elevates GRC's value, but only when built on solid data foundations. Ashley-Lawrence emphasises an enduring computer-age principle: garbage in, garbage out is as relevant today as it ever was. "AI is only as good as the foundational data," she notes, with the obvious implication that quality matters and must be everyone's priority.

 She advises slowing down to speed up, with careful data governance being the foundation for the creation of the single source of truth that underpins effective (and increasingly agentic) AI, which Ashley-Lawrence also says is becoming more autonomous. "Instead of requesting tasks, it does it because it understands how you work."

Bringing this level of efficiency and automation to the drudgery of GRC (let's face it, few are enamoured by a clipboard) allows a human focus on more interesting and more rewarding tasks.

Implementing such changes requires robust change management, starting from the top. In Ashley-Lawrence's view, it begins with a mandate from the CFO, framed as a 'rally cry' rather than a dictate. "We may have a little bit of change management pain upfront, but we all know what that would lead to," she noted. Organisations are investing heavily in this for 2026 and 2027, recognizing fragmented data as a strategic risk. To ease adoption, she recommends tackling one project at a time, demonstrating successes to build buy-in. Greater visibility into how individual inputs I edict from on high.

Finally, asked the open-ended question of where her engagements point to the maturity of GRC in the ANZ region, Ashley-Lawrence says her answer is more of a sense than backed by research, "I do believe GRC maturity is on the rise. There's growing interest in a platform approach, as well as the advantages offered through automation and AI," she says. "It's also well understood that data overload and disconnected tools are falling short, driving demand for unified, AI-powered platforms across finance, audit, and risk."

The biggest barrier? "Probably awareness. That's why I love these conversations."

Related stories
Borderless AI launches crypto payroll for global staff
BT launches UK's first sovereign cloud & AI portfolio
Cyber Essentials update raises bar on visibility gaps
Disabled people urge role in AI design to improve access
Cyber-attacks top risk for professional firms in 2026

Top stories

Exclusive: Google Cloud reshaping finance with agentic AI
Uswitch warns of mobile signal disruption at London Marathon
Avatier launches offline card after Stryker cyberattack
Merck signs USD $1 billion AI deal with Google Cloud
Black Box Automation vs. Engineer Control: The partnership redefining Kubernetes FinOps