Artificial intelligence has quietly moved to the core of risk management. Yet many organizations still wonder what AI actually contributes in practice, and what principles should guide its use. In Granite’s September expert conversation, experts Teppo Kattilakoski, Janne Viljamaa, and Kasper Kälviäinen shared how Granite AI helps risk management professionals in their daily work.
The goal of this article is to explain how Granite AI works in practice, so that even those who don’t yet use Granite can benefit from its principles.
We built Granite AI as an assistant that helps people; it doesn’t replace them. The user always makes the decisions, and every change is traceable. That’s how trust and transparency are created.
A model built on privacy and governance
Granite’s approach starts with data protection and governance. AI isn’t attached to the risk register as an isolated add-on; it operates within controlled boundaries. The feature is activated per customer, access is limited by user roles, and even field-specific restrictions can be applied if needed.
The goal is to minimize the risk that sensitive information ends up in the wrong place or outside the system entirely. Another key principle is that customer data is never used to train language models.
“AI is only as useful as the confidential data it can safely access. That’s why we built security and restrictions directly into Granite AI. The customer’s data remains under their control and is never used to train models,” sums up Kasper Kälviäinen.
AI identifies and prioritizes, humans make the decisions
Granite AI works on two levels. On the individual risk level, it enriches content by clarifying descriptions, suggesting mitigation measures, and highlighting likely causes or consequences. On the portfolio level, it detects qualitative patterns such as overlaps and biases in assessments.
This is especially useful in large organizations where the same phenomenon may be described in different ways across units.
“We don’t want to create AI risks for organizations. The AI suggests refinements and groupings, but the user decides what to keep. That way, quality improves without blurring responsibility,” says Janne Viljamaa.
Practical tip:
Start by using AI to visualize what you already have, where most time is spent, where descriptions are vague, and where assessments show recurring bias. This makes prioritization easier because decisions are based on data, not gut feeling.
Analyze and report without manual work
Traditional reporting often ends up as a long list, lots of rows and few insights. Granite AI turns that around. It compiles narrative summaries from audits, incidents, and assessments, highlighting recurring themes, potential root causes, recommended actions, and weak data areas. The difference shows in time saved and clarity gained.
“Good tools don’t just print a top-10 list; they help answer difficult questions,” says JanneViljamaa. “Where are the blind spots? What’s being left out? Why does the same issue keep recurring? AI should help you draw conclusions faster.”
Practical tip:
Start with a limited view, for example one unit’s risks or six months of incidents. Ask AI for three things: recurring observations, coverage gaps, and recommendations for what should be updated in the risk register.
Decision-making support: scenarios and compliance in one view
Management teams need visibility into what alternative futures mean in terms of risks. Granite AI helps compare scenarios against the current risk landscape.
For instance, if growth happens in new markets, which risks need to be reassessed? Where are current controls insufficient? How do responsibilities and timelines change?
The same logic applies to regulatory frameworks. When working with NIS2, AI can help map coverage, what’s already addressed and where new risks, controls, or follow-up measures should be added.
“When scenarios and compliance frameworks are connected to risk data, decision preparation speeds up. AI builds the framework, and the human decides what to move forward,” tells Teppo Kattilakoski.
Practical tip: Choose one key scenario and one compliance framework. Bring them into the same conversation as your risk register and ask AI for a preliminary comparison. The result isn’t final, but it quickly surfaces gaps and helps ensure decisions are not made from too narrow a view.
Spend less time cleaning data, more time making an impact
The biggest single benefit of Granite AI is in time management. When AI handles routine enrichment, grouping, and summarization, experts can focus on what truly matters: developing controls, engaging stakeholders, and running exercises. But this only works if the governance model and role definitions are clear.
AI isn’t an autopilot. It’s a well-trained second pair of eyes that highlights what matters and shortens the distance from data to decisions.
Practical tip: If your organization doesn’t yet have a mature process, start small. Choose two critical risks and one operational goal, such as a monthly management review. Try using AI-generated refinements and summaries to see how they improve the discussion and outcomes. Once the benefits are tangible, it’s easier to justify broader adoption.
In the end: AI brings rhythm, but people finish the job
Granite AI doesn’t make risk management automatic, nor does it replace expert judgment. Its purpose is to shorten the path from data to decision, make prioritization easier, and free time for work that truly creates value.
“The real benefit of Granite AI is that the essential insights surface quickly and decisions can be made with greater confidence. AI brings rhythm and structure, but people complete the work,” sums up Teppo Kattilakoski.
Granite’s experts would be happy to show how our AI tools can support your organisation’s risk management. Don’t hesitate to get in touch.
Article published on October 6, 2025.