The weekly risk pack for senior leadership was a 14-slide deck. Building it consumed most of a Friday for a senior risk analyst — pulling CSV exports out of the GRC platform, cross-checking movement against the previous week, writing the executive summary paragraph, formatting the deck, then circulating it for review before Monday's leadership meeting.

The deck was always a week out of date by the time leadership read it. And the analyst writing the ‘what changed and why’ paragraph was the same person who'd been heads-down in the data for two days — too close to the trees to see the wood.

The mandate was to turn it into a real-time pipeline that runs itself, with the executive summary generated, not assembled.

Source (n8n + Archer/OneTrust)

An n8n workflow runs every 15 minutes against the RSA Archer REST API for the risk register and against OneTrust for vendor/third-party movements. Both responses are normalised into a common schema and snapshotted into Postgres so we can compute clean deltas against the previous pull.

Transform

Risk movements bucketed by domain (operational, financial, compliance, cyber). Top movers ranked, new risks flagged, overdue treatments aggregated. Pure-Python step inside the n8n flow — no LLM at this stage.

Synthesise (LLM)

The structured movement summary plus last week's narrative is sent to an LLM that returns a fixed JSON schema: a 3-paragraph executive narrative covering what changed, why it probably moved, and what leadership should care about. No free-form HTML escapes; templated into the dashboard/email.

Render

Live web dashboard for the real-time view + a scheduled email digest (also via n8n) that mirrors the old deck's structure for stakeholders who preferred a written brief.

The structured summary alone — ‘3 high-severity risks moved up, 7 treatments overdue, 2 new risks in operational’ — is just numbers. Leadership wanted a one-paragraph ‘and what that means’ sat above the numbers.

• Rule-based templates produced text that read like rule-based templates. Leadership stopped reading them within two weeks.
• An LLM, fed the structured deltas and previous week's narrative as context, writes a paragraph that varies sensibly with the data — sometimes leading on a trend, sometimes on a specific event, sometimes on what didn't happen but might be expected to.
• The output is constrained to a fixed JSON schema, then templated into the email/dashboard. No free-form HTML escapes.
• Every generated paragraph is human-reviewable before it goes out — the analyst becomes an editor instead of a writer.

Leadership now treats the dashboard as the source of truth for the weekly meeting — they open it during the meeting, not before. The analyst who used to spend Friday building the deck is now spending Friday investigating the things the deck used to be too late to flag.

• Ship the email digest before the dashboard. Stakeholders converted to the new format via email first; the dashboard adoption followed naturally. We built dashboard-first; should have led with email.
• Build a feedback widget into the email — ‘was this useful?’ — to feed eval. The narrative quality drifts with leadership's evolving priorities; we should have made that feedback loop explicit.
• Treat the previous-week narrative as a first-class artefact in the pipeline, not just a context blob. Versioned, reviewable, queryable.