Risk management, regulatory controls, data privacy, and the emerging risks that every GBS professional must understand to protect their organization and career.
Compliance is not a department — it is a daily operating responsibility. Every GBS professional handles sensitive data, executes controlled processes, and makes decisions that have audit and regulatory implications. This pillar covers the risk and compliance knowledge that keeps you and your organization out of trouble.
One control failure can damage a reputation built over years. In a regulated process, being audit-ready every day is a habit, not a scramble before the auditors arrive. This pillar shows you how to keep the operation safe without slowing it down.
Anyone in a regulated process — finance, procurement, or HR — who wants audits to be routine.
The teams that breeze through audits have one thing the others don't: a dedicated audit-readiness function — even part-time resources — that owns it year-round, not just during audit season.
BCP answers the question: if this site, system, or team becomes unavailable tomorrow, how do we keep delivering services?
Third-party risk is the risk your vendors introduce. Fourth-party risk is the risk your vendors' vendors introduce — and you often do not even know who they are.
When something goes wrong — a data breach, a system outage, a compliance violation — the speed and quality of your response determines the outcome.
SoD ensures no single person can create, approve, and release a transaction.
GDPR defines how personal data must be handled: lawful basis for processing, data minimization, right to erasure, breach notification within 72 hours.
SOX (Sarbanes-Oxley) requires public companies to maintain effective internal controls over financial reporting.
AML and sanctions screening verify your organization is not doing business with sanctioned entities, politically exposed persons, or known criminal networks.
Retention policies define how long documents must be kept and when they must be destroyed.
Shadow IT is technology adopted by business teams without IT approval — personal cloud storage, unauthorized automation tools, ChatGPT for sensitive data processing.
ESG reporting is becoming mandatory for large companies — and GBS is directly in scope.
As GBS deploys more AI — automated approvals, intelligent routing, predictive analytics — the question of who is accountable when the AI makes a wrong decision becomes critical.
Social engineering attacks target the human, not the system.