Download Whitepaper

We collaborate with best-in-class platforms, consultants, and technology providers to deliver seamless, future-proof solutions, built to grow with your organization.

CERRIX User Conference 2025

Phuong Pham
11 Jan 2022
5 min read

On March 12, 2025, industry leaders, assurance experts, and CERRIX customers came together for the CERRIX User Conference 2025—a day of knowledge-sharing, insightful discussions, and collaboration on the future of risk management, compliance, and AI-driven GRC solutions.

Missed the event? Watch the recap video below:

A special thank you to Stater for co-organizing this event with us. Their contributions provided valuable insights into risk reporting, assurance, and compliance challenges, helping to make this conference a success. Below are some of the key takeaways from the event.

Empowering Risk and Compliance Through Innovation

At CERRIX, we believe that governance, risk, and compliance (GRC) should be efficient, and data-driven. Our mission is to empower organizations with integrated risk management solutions that enhance efficiency, automation, and 360° control.

Through continuous innovation, we provide automated workflows, improved reporting, and advanced compliance tools to help businesses navigate regulatory complexities, strengthen internal controls, and reduce manual effort in risk management.

As part of our commitment to continuous improvement, CERRIX is focusing on key strategic areas —we aim to build a stronger partner ecosystem, enhance customer engagement, optimize internal operations, and drive AI adoption to further streamline risk and compliance processes.

AI in GRC: Responsible, Transparent, and Impactful

Artificial Intelligence is reshaping risk and compliance functions, but its role must be trustworthy, explainable, and aligned with governance principles. At CERRIX, our AI development follows key principles to ensure its impact is both ethical and effective.

CERRIX’s AI Development Principles:

  • Empower risk managers, not replace them – AI enhances expertise by automating repetitive tasks while keeping human oversight in control.
  • Human-in-the-loop for accountability – Users can validate, adjust, and override AI-generated insights, ensuring transparency and trust.
  • Seamless integration – AI should fit naturally into workflows, requiring minimal disruption and training.
  • Value-driven, not hype-driven – We prioritize real impact over trends, solving critical GRC challenges rather than adding unnecessary complexity.
  • Security and transparency first – AI solutions must comply with strict privacy and security standards, ensuring compliance with regulations like the EU AI Act.

To ensure AI adoption remains secure and responsible, CERRIX follows best practices in infrastructure, governance, and data access. Our approach aligns with Microsoft’s Responsible AI Framework, emphasizing privacy, reliability, transparency, and accountability to ensure AI solutions remain compliant and secure.To drive continuous innovation, CERRIX is rolling out an AI pilot program, allowing customers to explore new AI capabilities in risk and compliance. With this program, our AI offering will expand in 2025, with a wider portfolio of AI features becoming available as an add-on to further streamline risk management, reporting, and decision-making.

Risk Reporting: Making Data Actionable in Real-Time

One of the most pressing challenges in GRC is the diminishing value of risk-related information over time. The session on risk reporting and decision-making highlighted how organizations can move from reactive to proactive risk management by improving the timeliness and quality of risk data.

The half-life of risk data – The longer data sits unused, the less valuable it becomes for decision-making.

From real-time alerts to traditional batch reporting – Organizations must balance immediate decision-making (e.g., auto-generated findings, KRI breaches) with structured analytics (e.g., Power BI reports, statistical models).Bridging the gap – Effective risk reporting requires integrated dashboards, automated risk identification, and predictive analytics to ensure information remains actionable.

Diminishing value of risk-related information​(Source: Perishable insights, Mike Gualtieri, Forrester)

As organizations evolve, real-time data processing and risk insights will play a crucial role in improving decision-making and mitigating risks effectively. During the event, Univé and Blue Sky Group shared real-world incidents and risk reporting challenges, highlighting the need for more dynamic, automated, and integrated risk reporting solutions. Their experiences reinforced the importance of timely insights and proactive risk management in today’s complex regulatory landscape.

A Case Study of Stater in Assurance and Growth

As a co-organizer of the CERRIX User Conference 2025, Stater provided a deep dive into how they manage assurance, compliance, and risk in the financial sector. With €330B in assets under management and a leading presence in the mortgage industry, Stater showcased how their modular SaaS and BPO service model enables financial institutions to balance regulatory compliance with operational efficiency.

By leveraging a structured approach to risk governance, Stater is advancing control testing, monitoring, and assurance frameworks. Their use of the Three Lines Model, along with integrated control testing through Cerrix Cloud, is strengthening compliance and efficiency. Stater also shared its journey towards SOC 2 assurance, a process that involved aligning security, continuity, privacy, confidentiality, and processing integrity—positioning them as one of the first Dutch companies to obtain a full-scope SOC 2 report.

Additionally, Stater highlighted their efforts to mature first-line risk ownership, enhance risk awareness across management teams, and streamline third-party risk management in response to regulatory changes like DORA. Their experiences demonstrate how technology, automation, and structured assurance frameworks can help organizations improve compliance, mitigate risks, and drive sustainable growth—a vision closely aligned with CERRIX’s commitment to transforming GRC through innovation.

Staying Compliant in a Rapidly Changing Regulatory Landscape

Compliance is an ongoing commitment, and CERRIX follows a structured six-step approach to staying ahead of regulatory changes and security challenges.

1. Continuous Compliance Monitoring – Implementing real-time monitoring to ensure ongoing adherence to regulations and internal policies.

2. Keeping Up with Regulatory Changes – Adapting to evolving frameworks such as DORA, NIS2, GDPR, CSRD, and the EU AI Act to maintain compliance in an increasingly complex landscape.

3. Strengthening Cybersecurity & Resilience – Enhancing security measures through a multi-layered approach that includes operational, tactical, and strategic threat intelligence.

4. Training & Awareness – Ensuring that compliance is embedded in company culture through regular employee training and awareness programs.

5. Supply Chain Security – Reducing third-party risk by limiting critical suppliers and maintaining direct oversight over key infrastructure providers such as Microsoft and Netrom.

6. Regular Assessments – Conducting penetration tests, internal and external audits, infrastructure evaluations, and architectural reviews to continuously assess and enhance security and compliance measures.

The CERRIX User Conference 2025 was a great opportunity to explore the use cases of risk reporting, the role of AI in GRC, and best practices in compliance. Special appreciation to Stater for sharing their expertise and to all our attendees!

Share this post

Related content

From Spreadsheets to GRC Software: Why Pension Funds Need a Modern Approach to Risk Management

What to know about GRC software for nis2

Explore how GRC software helps businesses comply with the NIS2 Directive, enhancing cybersecurity and risk management.

Can automation reduce compliance costs?

Explore how automation can reduce compliance costs, enhancing efficiency and ensuring regulatory adherence.

What industries benefit from compliance automation?

Discover which 6 industries benefit most from compliance automation and how it transforms regulatory burdens into strategic advantages through risk reduction and operational efficiency.

How automation streamlines compliance processes

Discover how compliance process automation reduces costs by 40-60% while minimizing errors and risks. Transform manual workflows into strategic advantages for your organization.

Is cybersecurity compliance automation secure?

Discover if cybersecurity compliance automation strengthens or risks your security posture. Learn implementation best practices that enhance protection while simplifying regulatory management.

Does automation reduce compliance risks?

Explore how automation impacts compliance risks, its benefits, limitations, and integration strategies.

Key sectors affected by NIS2 compliance

Explore the impact of NIS2 compliance on key sectors like energy and healthcare, enhancing cybersecurity and data protection.

Are automated compliance tools reliable?

Exploring the reliability of automated compliance tools and their role in cybersecurity.

DORA compliance checklist for beginners

An essential guide for beginners to understand and implement DORA compliance effectively.

Key benefits of adhering to DORA compliance

Explore the key benefits of DORA compliance, enhancing security, efficiency, and regulatory adherence.

NIS2 compliance: top strategies for success

Explore effective strategies for NIS2 compliance to enhance cybersecurity and regulatory adherence.

EU AI Act vs. GDPR: what's the difference?

Explore the key differences and overlaps between the EU AI Act and GDPR, focusing on regulation, impact, and compliance.

Can GRC tools predict compliance risks?

Exploring if GRC tools can predict compliance risks and their role in risk management.

Can a GRC tool adapt to regulatory changes?

Explore if GRC tools can adapt to regulatory changes, covering compliance management and risk assessment.

How does AI governance impact compliance?

Explore the impact of AI governance on compliance, focusing on regulation, ethics, and risk management.

How to prepare for the EU AI Act implementation?

Learn how to prepare for the EU AI Act implementation with practical steps for compliance.

Is your business ready for the EU AI Act?

Explore readiness for the EU AI Act with insights on compliance, challenges, and strategic planning for businesses.

How does DORA compliance impact financial sectors?

Discover how DORA compliance strengthens financial sectors, enhancing risk management, digital resilience, and regulatory standards.

What is DORA compliance and why does it matter?

Explore DORA compliance, its significance in financial services, and strategies for effective implementation.

DORA compliance vs other regulatory standards

Explore the differences between DORA compliance and other regulatory standards, focusing on financial regulations and cybersecurity.

Can automation improve DORA compliance efforts?

Explore how automation can enhance DORA compliance efforts by streamlining processes and ensuring ongoing monitoring.

How to integrate GRC with existing systems?

Integrating GRC with existing systems enhances compliance, risk management, and efficiency.

Can settlement discipline improve market stability?

Exploring how settlement discipline can enhance market stability, focusing on its benefits and challenges.

Why real-time analytics in GRC are vital

Real-time analytics in GRC is crucial for proactive risk management and continuous compliance monitoring.

What features should a GRC tool have?

Explore essential GRC tool features like integration, risk management, compliance, governance, and customization.

How to prepare your business for CSDR compliance?

Guide to preparing your business for CSDR compliance, covering key strategies, challenges, and technology solutions.

Embedding ISQM 1 into the DNA of Your Audit Firm: A Risk-Based Approach to Quality Management

Discover how to implement ISQM 1 with a risk-based approach. Learn how audit firms can embed quality management into daily operations and governance.

CERRIX User Conference 2025

On March 12, 2025, industry leaders, assurance experts, and CERRIX customers came together for the CERRIX User Conference 2025—a day of knowledge-sharing, insightful discussions, and collaboration on the future of risk management, compliance, and AI-driven GRC solutions.

From Spreadsheets to GRC Software: Why Pension Funds Need a Modern Approach to Risk Management

CERRIX and BR1GHT Strengthen Long-term Partnership to Enhance Governance, Risk, Compliance and Audit Solutions

Implementing DORA: From Compliance to Long-Term Resilience

GRC Software Adoption: Overcoming Challenges & Achieving Compliance Success