In these two episodes of The Innovation Exchange podcast, Workday’s Mark Woollen speaks with leaders from PwC and Relish about how partner-built innovations are helping organizations move faster without sacrificing trust, compliance, or control.
Speed without safety is a gamble. In today’s landscape, the fastest-growing organizations aren’t the ones cutting corners - they’re the ones building smarter guardrails. In an era defined by agility, the quiet enabler is trust: trust in systems, in controls, and in the data decisions are built on. For governance to keep up with the pace of innovation, it can't be a layer added after the fact. It has to be part of the platform.
That idea sits at the heart of two recent episodes of The Innovation Exchange, a Workday podcast series focused on partner-led innovation. In these conversations, Mark Woollen, GVP of partner innovation, speaks with PwC’s Nicole Pledger and Relish’s Dan Park about how automation, auditability, and access control are being embedded directly into the Workday experience.
Together, the conversations explore two dimensions of enterprise trust: continuous compliance that keeps evolving organizations secure, and automated validation that prevents fraud before it starts.
Digital transformation is accelerating across finance and HR. Organizations are redesigning workflows, consolidating systems, and adopting new automation. As Pledger sees it, risk frameworks often lag behind.
“A lot of clients are transforming processes, but not their view of risk. That’s a missed opportunity.”
Nicole Pledger
Principal, cyber, data & tech risk
PwC
What PwC is observing across industries isn’t a failure of compliance intent, it’s a structural issue. As businesses scale and roles evolve, access permissions expand. Temporary privileges become permanent. One-off exceptions accumulate and, over time, those small shifts compound.
Pledger refers to this as “security drift”—the gradual misalignment between how access controls were originally designed and how they operate months or years later. The challenge isn’t that organizations don’t conduct access reviews,it’s that many still rely on periodic, manual processes built for slower environments. In a real-time enterprise, quarterly reviews may not keep pace with daily change, and the consequence is exposure that can grows quietly.
PwC’s view is that governance must operate at the same velocity as the system itself. Controls need to be continuous, contextual, and embedded. That perspective led PwC to develop its Segregation of Duties and Sensitive Access app. Built directly on the Workday platform, the app supports access controls and permissions to help maintain alignment with internal policy and external regulations—even as roles, workflows, and organizations evolve.
Watch and listen to this full episode on YouTube, Spotify, or Apple Podcasts.
The goal isn’t more oversight, it’s smarter oversight. Early adopters have reported up to a 75% reduction in manual review efforts, along with improved audit readiness and clearer insight into access health. That’s the result of governance that scales with the business—quietly, consistently, and without slowing innovation.
Enterprises are onboarding suppliers faster than ever. Global expansion, distributed teams, digital marketplaces, and real-time finance operations all demand speed. Procurement cycles that once took weeks are now expected to happen in days, often hours.
Governance, however, isn’t only about who has access inside the organization. Risk also comes from the outside. In our episode with Park, the lens shifts outward—to the growing complexity of third-party risk.
Supplier fraud isn’t new. But for many organizations, it has become both a bottleneck and a blind spot. According to Park, what’s changed isn’t just the tactics of fraudsters, it’s the environment in which fraud now operates.
“In today’s world, it’s all about time and speed. How quickly can we make a decision to move forward?”
Dan Park
Vice president
Relish
That acceleration creates opportunity. The faster the business moves, the more strain is placed on verification processes that were never designed for this pace.
Park highlights a structural mismatch: despite the modernization of core ERP systems, digitized workflows, and automated approvals, supplier validation has lagged behind. This critical function in many organizations continues to rely on manual checks, such as phone calls, email confirmations, disconnected data sources, and human interpretation.
Meanwhile, fraud tactics have become more sophisticated where bad actors mimic legitimate vendors, banking details are altered mid-process, and sanctioned entities exploit fragmented oversight. The red flags are subtler and the windows to catch them are smaller.
Park pointed to real-world consequences, including a case where doing business with a sanctioned entity resulted in a $10 million fine. In an environment defined by velocity, a single failure can carry outsized impact.
Relish’s key observation was that the system of record had modernized, but the trust layer often had not. That insight led to the development of Data Assure, a native Workday app that validates supplier identity, bank ownership, tax IDs, and sanctions data in real time during onboarding.
“First and foremost, it’s about fraud. We keep bad actors out by validating the entity name, tax ID, address, and bank account,” shares Park.
Watch and listen to this full episode on YouTube, Spotify, or Apple Podcasts.
By embedding verification directly into Workday workflows, validation happens at the point of entry, before transactions occur. The result is a process where trust is built in from the start, fraud risks are surfaced earlier, and onboarding moves with greater confidence.
For customers, the shift is practical. Fewer manual handoffs, reduced reliance on phone or email verification, and supplier records that are more consistent, secure, and audit-ready.
Across both conversations, a clear principle emerges: governance shouldn’t sit outside innovation, it should scale with it.
Whether addressing internal access controls or third-party risk, the common thread is proximity. Controls are most effective when they operate close to the work itself, not as an overlay. Monitoring happens continuously. Validation happens at the point of entry. Context is built into the workflow.
“It’s less about doing the work for a compliance professional, and more about context,” explains Pledger.
The organizations proving most resilient aren’t those layering on more manual oversight. They are the ones building assurance directly into their systems, where trust becomes structural rather than reactive. In that model, automation absorbs the friction, and people retain judgment.
What ultimately connects these perspectives is platform design.
When governance capabilities are built directly into a business’s system of record, they don’t require separate processes, duplicate data, or parallel oversight structures. They operate as part of how work happens.
Because these apps are built on Workday, they work within existing workflows rather than sitting alongside them. Controls inherit the same security model, data foundation, and user experience teams already rely on.
The result isn’t simply innovation layered on top of governance. It’s innovation and governance advancing together within a single environment.
Explore more partner-built apps, agents, integrations, and services on Workday Marketplace to see how organizations are extending the Workday platform while keeping trust at the center.
More Reading
At Workday DevCon, developers solve real problems and build solutions that matter. If you’re not already part of the action, 2026 is the year to jump in—either live or online.
The way work gets done is fundamentally changing. Discover how the Agent System of Record provides the visibility and governance needed to manage AI agents with total confidence.
In the inaugural episodes of The Innovation Exchange podcast, Mark Woollen speaks with leaders from Cloverleaf and Kainos about how partner-built innovations are shaping a more human-centered approach to enterprise AI.