In this final installment of our bonus series Understanding GRC, we explore the practical side of adopting GRC tools. From the limits of spreadsheets to the advantages of integrated platforms, this episode highlights what to look for in a solution, how ROI is measured, and why phasing in processes with a “crawl, walk, run” approach sets organizations up for long-term success.
In our second bonus episode, we dig into the first steps of building a GRC program with our expert Lily Yeoh. We cover why it starts with people, process, and technology, and the importance of documenting what you’re protecting. You’ll hear how to make policies meaningful instead of just templates, when to bring in expert guidance, and how to get leadership buy-in. We also touch on the real risks of skipping GRC, from regulatory fines to reputation loss.
Bonus Episodes: Understanding GRC is a special bonus series designed for anyone who’s new to governance, risk, and compliance. Each episode breaks down core concepts into simple, practical insights, helping you understand not just what GRC is, but why it matters and how it impacts everyday business decisions. Whether you’re starting your career, leading a small team, or just curious about the field, this series will give you a solid foundation to build on.
In our first bonus episode, we kick things off with the fundamentals: What does GRC really stand for, and how do governance, risk, and compliance actually work together? We’ll also look at why GRC is a framework every business can benefit from.
Yiping Sun is a leader within Plante Moran’s cybersecurity compliance group. Her expertise includes SOC, ISO 27001, STAR, DPR, and more. She’s a CPA, a CISA, and one of the most trusted voices in cyber audit.
In this episode, Yiping takes us inside the real world of audit. She speaks with Lily Yeoh about her career path in cybersecurity, breaking down what an effective audit truly looks like—and why it’s far more than just checking boxes.
Yiping shares insights on the importance of collaborating with auditors early, how to identify red flags, and the evolving role of auditors. Whether you're in audit, work with auditors, or simply want to understand how assurance really works, this episode offers a practical look behind the scenes.
More about Yiping Sun, Principal at Plante Moran
In this episode, guest host John Paul Tran sits down with Lily Yeoh, CEO of C1Risk, to hear her hot takes on recent GRC events. They dive into insider threats such as the Coinbase hacking, public sector risks, and why faster, smarter governance is more critical than ever.
Lily Yeoh is joined by Terry Roberts, Founder, President & CEO of WhiteHawk.
Terry served as a senior leader in the US government; her career in public service includes Director at the Secretary of Defense for Intelligence (USDI) and Deputy Director of Naval Intelligence. She’s led Military Intelligence Programs and the global defense, information-warfare, and technology strategies. In addition, our guest also served as an Executive Director at the Software Engineering Institute at Carnegie Mellon University, where she led technology innovations between Cyber & IT across US Department of Defense and the US Intelligence Community.
Today, Lily Yeoh is joined by Patrick Sullivan who brings over 25 years of experience in IT security and compliance, making him a trusted voice on AI governance and the new standard ISO 42001. He also provides insights into the work of ISO’s SC 42 subcommittee, which is shaping global standards for AI, including governance, ethics, and trustworthiness—making this essential knowledge for anyone engaged with AI technologies.
Hear more from Patrick where he hosts The Business of Compliance, Podcast Edition: https://open.spotify.com/show/2N1aPuS0FFYzYXiXqxvef3?si=6e52ec974c7f4e79
Join C1Risk's CEO, Lily Yeoh and Joe Sullivan as they delve into the confluence of GenAI and Cybersecurity at Ilta Evolve 2024
Joe Sullivan Ex Uber, Cloudflare & Facebook CSO, brings unmatched cybersecurity insights from his extensive career in the private sector. His contributions are further distinguished by his public service, including his appointment by President Obama to the Cybersecurity Commission and his role as a board member of the National Cybersecurity Alliance.
Lily Yeoh is the founder and CEO of C1Risk. She is a leading risk management practitioner, recognized for her design and implementation of information security technology solutions for fortune 500 companies, federal and state governments, big four consulting, and Silicon Valley startups.
