Skip to main content
Workiva u/Workiva avatar

Workiva

u/Workiva

Overview Posts Comments
Feed options
Hot
New
Top
View
Card
Compact
Official Workiva Reddit Community Hub: Direct Access to our Subject Matter Experts
u/Workiva avatar u/Workiva
Official Workiva Reddit Community Hub: Direct Access to our Subject Matter Experts

This is the official Workiva Reddit account. If you’re looking for support across finance, sustainability, risk, and audit, you’ve found the right place. 

We are a collective of industry principals and customer and partner experience (CPX) specialists. You can get practitioner experience and/or product knowledge, whatever you need. We're here to answer your technical questions and help you navigate the reporting landscape.

How we engage: You will see responses from our subject matter experts signed with their names so you know exactly who you’re talking to.

What we provide here:

  • Direct Troubleshooting: Post your product or "how-to" questions about the Workiva platform.

  • Insights: Our Industry Principals in finance, risk, and sustainability have decades of experience–if you have a complex regulatory question or just need a refresher, we may be able to help.

  • Feedback Loop: We’re happy to share your candid feedback directly with our product devs (both what’s good and what could be better).

Who you’ll hear from:

  • Mike Karnowski: Senior Social Media Manager (account facilitator)

  • CPX team: Workiva product specialists for troubleshooting and technical questions

  • Workiva industry principals:

    • Finance & risk experts: For financial reporting, SEC filing, SOX, GRC, and internal audit reporting questions

    • Sustainability experts: For CSRD, sustainability data, and climate disclosure hurdles

Our commitment: We respect the Reddit community. We’re here for the same reasons you are: to listen, solve problems, and find resources, not to sell. If you have a question, or just want to say hi, feel free to reach out below!

— The Workiva Team

r/AI_Governance

14 years in (analytics → GRC tooling). How do I move into GRC leadership?

Workiva
commented

You haven’t cornered yourself at all; in fact, you are sitting on a massive differentiator because a modern GRC program is fundamentally built on data integrity and automation, not just checking boxes but delivering meaningful insight.. One of the biggest challenges is breaking down data silos and moving away from manual, inefficient processes.

To step into a leadership role, you need to pivot your narrative from managing the data layer to positioning yourself as a strategic navigator who uses that data to help the C-suite "steer the ship" and protect corporate objectives. Absolutely lean into the combination of GRC tooling, data analytics, and AI governance, as regulations like the EU AI Act emerge, internal audit and risk leaders desperately need professionals who can translate highly technical AI and data risks into clear, actionable executive insights.

-- Graeme Fleming, Industry Principal @ Workiva

r/Compliance

What compliance task takes up the most time in your organization?

Workiva
commented

One of the biggest challenges is chasing down unstructured data and producing a single risk view. The biggest challenge is manual evidence collection and fragmented data gathering for audit readiness, especially when dealing with things like SOx or evolving ESG regulations.

Relying on spreadsheets, emails, and shared documents to track controls is incredibly inefficient and shifts focus away from delivering meaning insight and action. True operational efficiency only happens when organisations develop a single source of truth though transition to a unified, connected technology platform.

-- Graeme Fleming, Industry Principal @ Workiva

The internal audit profession is at a crossroads: here is what the auditor of the future actually looks like.
r/grc
The internal audit profession is at a crossroads: here is what the auditor of the future actually looks like.

I have spent over 25 years in this profession, from Big 4, global internal audit leadership and now working with audit teams at hundreds of organisations. And I wanted to share where I think internal audit is heading here because I see these questions come up constantly in this community.

Most audit functions today are still stuck in a traditional compliance mode. They follow a rigid annual plan, flag non-compliance regardless of its real business impact, and write backwards looking reports. In a volatile market defined by rapid regulatory shifts like CSRD and intense disruption, acting as a corporate historian is no longer enough.

The shift that needs to happen is moving from a rearview mirror approach to becoming a strategic co-pilot. This means transitioning from a cost center focused on ticking boxes to a driver of operational intelligence. The future of the profession belongs to audit teams that protect enduring value creation by aligning directly with corporate objectives, mastering data fluency, and providing proactive assurance over emerging risks before they turn into crises.

Boards are demanding deeper insight into complex areas like AI governance, cyber resilience, and sustainability reporting, even as headcount stays flat. To navigate this corporate accountability landscape, audit leaders must move beyond fragmented spreadsheets and adopt integrated frameworks that foster agility and trust.

I went deeper on how to bridge this talent gap, build technology fluency & reposition your team as a genuine partner to leadership in my latest white paper.

And I'm curious, how is your team evolving its approach to meet these shifting board expectations this year? Let me know.

-- Graeme Fleming, Industry Principal @ Workiva

r/grc

What should I know before starting AI risk management?

Workiva
commented

Dealing with production LLM drift is a massive challenge, and you've hit the exact wall where traditional, bottom-up validation checks break down because real-world user input is inherently messy. From a GRC and Internal Audit standpoint, the solution isn't just heavier input filtering; you need to transition to a formal AI Governance framework backed by independent, real-time automated monitoring tools. Instead of relying solely on reactive, rule-based inline checks that spike your latency, you should consider implementing specialized LLM observability platforms (like Arize, TruEra, or Whylabs) that continuously evaluate entire conversation trajectories for behavioral drift and semantic anomalies against your defined corporate risk boundaries before they can escalate into severe operational or reputational issues.

-- Graeme Fleming, Industry Principal @ Workiva

r/grc

Control testing using AI

Workiva
commented

Building an AI-driven control testing framework is a game-changer, but it requires more than just technical integration; it requires a shift in how we view the auditor’s role. I’ve found that the most successful frameworks aren’t just about the "how" of the technology, but the governance surrounding it. Here is a refined approach to building that framework:

  1. Champion Governance, Not Just AdoptionAs auditors, we shouldn't just be the early adopters; we must be the champions of AI governance. Before a single test is run, you must establish confidence in: The Model: Understanding the "black box" to ensure the AI's logic is sound and unbiased. The Sources: Ensuring the data fed into the AI is accurate, complete, and has clear lineage. Data Security: Protecting sensitive organizational data and ensuring compliance with emerging regulations like the EU AI Act.

  2. Focus on High-Impact Use CasesI recommend starting with areas where AI can provide the most immediate efficiency and insight:ERP Anomaly Detection: Use AI to perform tests across 100% of large datasets rather than sampling, identifying risks from process narratives that manual reviews might miss. Automated Evidence Requests: Streamline the "chase" by using AI to trigger and validate evidence collection. Drafting & Reporting: Leverage AI to generate initial drafts of audit reports based on testing results, freeing your team for strategic analysis.

  3. Maintain a "Human-in-the-Loop" Audit TrailEven with advanced AI, the three lines of defense remain critical. You must maintain a transparent, tamper-proof audit trail within a unified platform so that third-line reviewers and external auditors can verify the AI’s work. By focusing on trust and security as much as speed, you transform the internal audit function into a proactive, strategic partner that harnesses AI safely and effectively.

--Graeme Fleming, Industry Principal @ Workiva

r/grc

Organisation wide Risk Assessment

Workiva
commented

To move beyond asset-level assessments, you must start with your organisation’s core strategic objectives and identify the 'principal risks,' whether strategic, financial, operational, or ESG-related, that impact the strategy. Tools like the COSO Internal Control—Integrated Framework or ISO 31000 provide a structured, globally recognized roadmap for linking risk management directly to business performance. This top-down approach ensures you are managing the risks that truly matter to the C-suite, rather than getting lost in the weeds of individual assets.

--Graeme Fleming, Industry Principal @ Workiva

r/InternalAudit

SOX resources? And advice needed

Workiva
commented

Transitioning to a SOX-focused role in industry is a great move, as it deepens your understanding of how internal controls underpin financial integrity. For resources, I highly recommend looking at the COSO Internal Control—Integrated Framework, which is the gold standard for designing and evaluating SOx controls.

Regarding the cycle, you’ll typically perform walkthroughs and risk assessments early in the year, followed by interim testing of controls, and then a final push for year-end testing and remediation to support the annual attestation. Just remember that SOX isn't just a routine exercise; it's about building a robust engine of controls that allows the business to move faster and more safely.

--Graeme Fleming, Industry Principal @ Workiva