Risk is Our Business

In this return episode of Risk Is Our Business, Captain Michael Rasmussen welcomes Kristina Wiese Tranberg back to the bridge, joined by Karoline Corfitz and Morten Bjerregaard, for a practical deep dive into internal controls and their role in modern GRC. Building on Kristina’s previous appearance, the conversation shifts from operating models and transformation to a core question of what is the real value of controls? The group explores how organizations can move beyond checkbox compliance toward control optimization that supports business outcomes rather than slowing them down. They also challenge a common disconnect. Many organizations aim for an enterprise-wide view of risk, but lack an enterprise view of controls. Without understanding how controls operate across processes and functions, can risk truly be understood at scale? The discussion then examines the relationship between risk owners and control owners, and when they should be the same, when they should be different, and how that choice affects accountability and effectiveness. They also unpack the 1-10-100 rule, illustrating how the cost of fixing issues escalates the later they are detected, and why embedding controls early in processes is critical. This episode offers a grounded, experience-led perspective on aligning risk, controls, and ownership across the enterprise. 

In this episode of Risk Is Our Business, Captain Michael Rasmussen sits down with Michael Erlandsson Jensen at April Coffee in Copenhagen, a busy café whose ambient hum feels oddly right for a conversation grounded in real-world experience. Michael opens by tracing his path through global risk management, and from there the two find their way into something that doesn't get discussed enough: how differently risk culture actually plays out depending on where you are in the world. The Danish and broader European approach tends to weave risk into everyday business dialogue—collaborative, embedded, almost organic. That's a sharp contrast to the more compliance-first environments Michael has worked in across parts of the Middle East and the U.S., where risk can feel like something done to the business rather than with it. That tension shapes the heart of the conversation. For Michael, good risk management isn't about control or enforcement, it's about facilitation. Helping the business understand its own risks, take ownership of them, and actually talk about them. Bad risk management, by contrast, is disconnected from decisions that matter, buried in process, and more interested in checking boxes than in being useful. They also dig into risk appetite a concept that's often treated as a document to file away and forget. Michael pushes back on that, reframing it as something that should reflect how an organization actually behaves, not just what it says on paper. The real work, he argues, is closing the gap between strategy, risk, and what happens on the ground day to day. It's a grounded, cross-cultural take on GRC and a reminder that the real work of risk doesn't live in frameworks. It lives in conversations.

In this episode of Risk Is Our Business, Captain Michael Rasmussen brings together a cross-functional crew of risk, audit, cyber, and technology leaders for a candid conversation recorded in the Netherlands. Joined by David Ngu, Brett Steinmetz, Jos Bredero, and Eric Groen, the discussion opens with a simple question: what actually keeps you up at 1 a.m. when it comes to risk? From there, the conversation explores the key drivers shaping risk management in the Netherlands, and how they compare to broader European and U.S. approaches. The group reflects on how Europe tends to lean more toward principles and outcomes-based thinking, while the U.S. often emphasizes rules and compliance and how those differences play out in practice across organizations and industries. They then turn to the role of professional services firms, unpacking what a successful engagement really looks like. Rather than focusing purely on tooling, the discussion emphasizes the importance of a business-oriented approach, ensuring that technology implementations are grounded in real operational needs, not just frameworks or features. The episode closes with each guest offering a key takeaway and practical insights drawn from their experience working across risk, controls, cyber, and consulting. This is a grounded look at how risk is actually managed on the ground (across regions, disciplines, and perspectives) when the frameworks meet reality.

In this return episode of Risk Is Our Business, Captain Michael Rasmussen reconnects with Tony Martin-Vegue for a wide-ranging conversation built around his new book, From Heatmaps to Histograms: A Practical Guide to Cyber Risk Quantification. At the center of the discussion is a simple but uncomfortable idea: most organizations aren’t really measuring cyber risk, they’re describing it. Heatmaps, scoring models, and qualitative frameworks may look familiar, but they rarely help leaders make better decisions. Tony breaks down what’s going wrong, and why. Along the way, he uses an unexpected historical example (the Hanoi Rat Massacre of 1902) to illustrate how well-intentioned interventions can create worse outcomes when incentives, measurement, and behavior are misaligned. The conversation moves through the core themes of the book: Why cybersecurity often behaves like two separate disciplines under one label Why quantitative risk is less about advanced math and more about structured thinking The biggest myth about data that keeps organizations stuck in qualitative approaches Where methods like Monte Carlo simulation and FAIR fit and where they don’t They also explore why many cyber risk quantification programs fail, what it takes to make them practical, and how the same principles apply beyond cyber to operational risk more broadly. At over an hour, this is one of the most in-depth conversations on the show! It's less a summary and more a working session on how to move from risk reporting to decision-making.

In this episode of Risk Is Our Business, Captain Michael Rasmussen connects over a slightly distant comms link (via Teams) with Hakkı Sarp, Enterprise Risk Management leader at QIAGEN, for a conversation on how risk management is being reshaped by today’s fast-moving environment. They begin by examining the limitations of traditional risk practices, and why approaches built for slower, more predictable conditions are struggling to keep up with the velocity and complexity organizations now face. From there, the discussion turns to AI and separating real value from hype, including identifying where it is genuinely enhancing risk management today versus where expectations may be running ahead of reality. Hakkı and Michael explore the dual challenge of predicting risks while remaining adaptable, and how organizations must balance short-term financial pressures with longer-term sustainability considerations that don’t always fit neatly into existing frameworks. They also unpack the role of risk culture and what it really means, why it’s so difficult to embed, and how leadership behaviors ultimately determine whether risk is lived or simply documented. The conversation closes with a simple but powerful perspective on how leaders should approach risk in a world where uncertainty is constant and conditions change faster than frameworks can keep up.

In this return episode of Risk Is Our Business, Captain Michael Rasmussen welcomes back Graeme Keith for a sequel to Wrath of Math, this time shifting from models to meaning. They take aim at cookie-cutter risk management, unpacking what separates genuine practice from templated frameworks that look good on paper but fail to influence decisions. The conversation centers on Graeme’s recent writing on risk appetite, and his frustration with how often organizations discuss the risks they’re willing to take without addressing the more fundamental question of why are we taking those risks at all? From there, they explore how risk appetite is often less about numbers and more about culture, intent, and context, and why effective risk management must always be anchored to the decisions it is meant to support. Without that connection, risk becomes descriptive rather than directional. They also dive into the realities of interconnected risk, the current state of risk technology, and where the discipline may be heading by 2030, including whether tools are helping organizations make better decisions, or simply producing more sophisticated noise. If Wrath of Math challenged how we quantify risk, this episode challenges how we make sense of it and whether risk management is truly helping us navigate, or just giving us more charts while we drift.

In this episode of Risk Is Our Business, Captain Michael Rasmussen is joined by Karan Rao, Head of Enterprise Risk at Embark Student Corp., for a conversation that started not in a boardroom but on LinkedIn. A post from Karan caught Michael’s attention on how the best risk managers aren’t the ones with the most complex models, but the ones who can walk into a room, read the people, interrogate the data, and explain risk so clearly that action becomes unavoidable. From there, the discussion dives into the human side of risk. They explore why understanding behavior is just as important as understanding data, and why the ability to communicate, write, and present with clarity separates those who inform from those who influence. Risk leaders, they argue, don’t hide behind dashboards, they translate insight into decisions. They also discuss the importance of developing skills that compound over time: communication, storytelling, emotional intelligence, and business understanding. Karan shares how ideas from Atlas of the Heart shape his approach to risk leadership, helping him connect emotion, clarity, and decision-making in high-stakes environments. This episode is about moving risk from a reporting function to a leadership discipline, one where the ability to engage the room matters just as much as the data on the screen.

In this episode of Risk Is Our Business, Captain Michael Rasmussen welcomes Anne Louise Higgins, Global Head of Cyber Governance, Risk and Control at BNY Mellon, for a conversation about how the risk profession has evolved and who will be leading it into the future. Anne reflects on the growing role of women in risk management and cybersecurity, and how diversity of experience and perspective strengthens decision-making at every level of the enterprise. From there, the discussion broadens into how the practice of risk management itself has changed over time, from compliance-driven reporting toward more integrated, business-aligned approaches. They also explore the cultural differences in how risk is approached in the United States versus Europe, and how those perspectives shape governance, accountability, and engagement with leadership. The conversation then turns to risk technology, what currently stands out in the market, and how emerging capabilities are reshaping the way organizations understand and manage uncertainty. Michael and Anne also discuss the future of careers in risk, cyber, and GRC, particularly in an era increasingly shaped by AI and rapid technological change. The episode closes with practical insights on how professionals can future-proof their careers and build the skills, adaptability, and strategic mindset needed to stay relevant on the bridge as the risk landscape continues to evolve.

In this episode of Risk Is Our Business, Captain Michael Rasmussen connects over a slightly long-distance subspace channel (also known as a video call) with Alex Dali, President of the G31000 Risk Institute, to explore the evolution of one of the most widely recognized frameworks in modern risk management. Alex walks through the story of ISO 31000, where the standard came from, how it has evolved since its original release, and what the next phase of its development may look like as organizations confront an increasingly complex risk landscape. Along the way, they unpack the difference between bad risk management (overly procedural, disconnected from decisions, and driven by checklists and heat maps) and good risk management, which aligns with organizational objectives and supports leadership in navigating uncertainty. The conversation also turns to the current state of risk technology, including the ongoing search for tools that genuinely support the principles of ISO 31000 rather than forcing risk management into rigid compliance workflows. From there, they explore how AI may reshape the discipline, the role technology should play in enabling better decision-making, and how the Chief Risk Officer role itself may evolve as risk becomes more integrated with strategy and business operations. The discussion offers a thoughtful look at how risk management standards, technology, and leadership must evolve together if organizations are to navigate uncertainty with clarity rather than simply documenting it.

In this episode of Risk Is Our Business, Captain Michael Rasmussen is joined by Geoff Trickey, founder of Psychological Consultancy and creator of the Risk Type Compass™, alongside Elliot Phillips, Principal Risk Psychologist, for a conversation that shifts the focus of risk management from systems to psychology. They begin by unpacking psychometrics—what it is, how it works, and why measuring personality traits can provide powerful insight into how individuals and teams perceive and respond to uncertainty. From there, they explore the concept of risk psychology and how risk-taking is not simply situational or financial, but deeply rooted in personality. Geoff explains the origins of the Risk Type Compass™ and walks through its eight distinct risk types and how individuals are categorized, what differentiates them, and how those differences shape decision-making and risk culture within organizations. The discussion highlights an often-overlooked dimension of diversity—diversity of risk disposition. When leaders understand the varied ways people approach uncertainty, they can build more balanced teams, improve governance conversations, and avoid collective blind spots. The episode also examines how organizations use this approach in practice, not as a personality exercise, but as a measurable way to strengthen risk management, enhance communication, and align decision-making with strategic objectives. If every enterprise is a starship navigating uncertainty, this conversation reminds us that understanding the temperament of the crew may be just as important as the strength of the shields.

In this return episode of Risk Is Our Business, Captain Michael Rasmussen welcomes back Amir Ramezanpour to unpack the thinking behind his new book, Beyond Controls: Reshaping Risk Into Intelligent Advantage. The conversation begins with a direct challenge to risk managers: too much of risk management is still focused on controls. Controls that validate compliance. Controls that document activity. Controls that comfort regulators. But in an AI-driven, high-velocity environment, are controls alone enough? Amir explains why the title Beyond Controls is intentionally provocative and why some initially resist it while agreeing with the substance. The core argument is not about removing controls, but about elevating risk into something more powerful: risk intelligence. That means turning fragmented risk data into meaningful insight that helps leaders make better decisions amid uncertainty. They explore how good risk intelligence supports business objectives, how it enables clarity rather than bureaucracy, and how organizations can move from static oversight to more adaptive, learning-oriented models. The discussion also touches on the role of AI, agentic AI, and digital twins, not as hype, but as tools that can help organizations anticipate rather than simply react. Finally, Amir shares practical advice for leaders who want to begin building this vision today—start with mindset, anchor to objectives, and design systems that support decisions, not just documentation. If traditional risk management built stronger guardrails, this episode asks how we build something smarter, an engine that helps the enterprise move forward with confidence.

In this episode of Risk Is Our Business, Captain Michael Rasmussen is joined by Chyono Flynn, Head of Enterprise Risk Management at Rolls-Royce, for a candid conversation about the realities of running risk management inside one of the world’s most complex engineering organizations. They begin with what really keeps risk leaders awake at 2 a.m., which is not abstract frameworks, but execution risk, governance expectations, and whether the organization truly understands its most critical exposures. From there, the discussion moves into the UK Corporate Governance Code, with particular focus on Provision 29, and what it means in practice for boards, executives, and risk teams responsible for viability and long-term resilience. Chyono and Michael draw clear distinctions between bad risk management  (compliance-driven, disconnected, and report-heavy) and good risk management that engages the business, informs decisions, and earns trust at the executive and board level. They explore how to communicate the value of risk in a way that resonates, how to build and sustain a healthy risk culture, and why partnership matters more than policing. They also discuss the role of technology as an enabler rather than a solution in itself, and how tools must support judgement, insight, and dialogue rather than replace them. This episode offers a grounded look at what enterprise risk management looks like when governance expectations are high, stakes are real, and risk must help the organization stay on course, even when the pressure is on and sleep is in short supply.

In this episode of Risk Is Our Business, Captain Michael Rasmussen is joined by Fayadh Alenezi, strategic risk leadership architect and presilience advisor, for a candid discussion on where risk management stands today and where it needs to go next. They begin by unpacking the current state of practice and what works, what doesn’t, and why too much risk management still feels like process without purpose. From there, the conversation moves into risk intelligence and the importance of good information, meaningful insight, and decision-relevant signals rather than noise. Fayadh introduces the concept of presilience, shifting the focus from reacting to disruption toward building the foresight and decision capability to stay ahead of it. This naturally leads into a deeper discussion on risk leadership and what distinguishes strong risk leaders from framework managers, and why mindset, judgment, and clarity matter as much as models and data. They also explore risk culture, with particular attention to the Middle East and Saudi Arabia, where cultural context, leadership norms, and rapid transformation shape how risk is perceived and practiced. The discussion connects these themes to Vision 2030, and how it is acting as a catalyst for more mature, strategic, and leadership-driven approaches to risk management across the Kingdom. Rather than treating risk as a compliance obligation, this episode reframes it as a leadership discipline—one rooted in intelligence, culture, and the ability to act with confidence before the alarm sounds.

Recorded live at the GPRC Summit in Riyadh, this episode of Risk Is Our Business features Thamer Al Hamed, Executive General Manager of GRC and Data Management, in a timely conversation on how risk management and resilience are converging as strategic capabilities in Saudi Arabia. Michael and Thamer explore the relationship between risk and resilience, asking whether they truly belong together and how that relationship changes at national and organizational scale. The discussion then turns to the Saudi context, examining both the challenges and the opportunities shaping the evolution of GRC across the Kingdom. A central theme is Vision 2030, and the role GRC plays in enabling it. Thamer explains how Vision 2030 has become a powerful catalyst for the growth and maturity of governance, risk, and compliance practices—shifting GRC from a supporting function into a strategic enabler of transformation, accountability, and long-term value creation. They also discuss how GRC is being received across organizations, how mindsets are changing, and what it takes for risk management to move beyond formality and into real decision support. The conversation closes with Thamer reflecting on his own career journey and how he sees both his role, and the broader GRC landscape in Saudi Arabia, evolving as 2030 approaches. This episode offers a clear window into how risk, resilience, and governance are being redefined in one of the world’s fastest-moving transformation agendas.

In this return voyage of Risk Is Our Business, Captain Michael Rasmussen reconnects with Stefan Gershater for a candid, occasionally interrupted conversation from opposite ends of a video call—a fitting setup for a discussion about signal, noise, and what actually matters in modern risk management. The episode centers on the real value of risk and GRC software, and how leaders should measure it. Stefan brings a healthy skepticism to the conversation, challenging an industry that too often sells efficiency for efficiency’s sake. Over dinner in London, he recalls receiving a message from a vendor promising to save him 80% of his time. His reaction was blunt: No one cares how hard risk teams work, they care about outcomes, decisions, and results. From there, the discussion explores what risk leaders should actually evaluate in risk technology. Rather than control-heavy platforms built primarily for compliance, Stefan argues for solutions designed to support value creation, decision-making, and the achievement of objectives. They unpack what “good” looks like when it comes to risk data, data strategy, and visualization, and why many tools still struggle to present risk in ways the business can act on. As the conversation turns to how risk technology should evolve, reality intervenes. A call from Stefan’s CEO pulls him away from the bridge mid-discussion, an unscripted reminder that risk management doesn’t live in dashboards or demos, but in the real-time demands of leadership. This episode is a sharp look at why not all risk software deserves a place on the bridge, and why separating meaningful intelligence from false alerts has never mattered more.

In this episode of Risk Is Our Business, Captain Michael Rasmussen is joined by Christopher Hetner, Senior Cyber Risk Advisor serving the boardroom community and former senior cybersecurity advisor to the Chair of the U.S. Securities and Exchange Commission. The conversation opens by tackling a deceptively simple question: what do we even call this space anymore? Information security, IT security, cybersecurity, cyber risk, digital risk, digital resilience — are these distinct disciplines with meaningful nuance, or different labels for the same underlying reality? Christopher and Michael unpack how language shapes expectations, accountability, and how risk is understood across the enterprise. From there, they dive into Michael’s widely discussed essay, “The CISO Is Dead: A Eulogy and a Resurrection,”exploring why the title provoked resistance while the substance resonated. The discussion reframes the modern CISO not as a narrow security operator, but as a steward of digital risk and resilience in a world where every function, product, and decision carries a digital footprint. They explore the dangers of cybersecurity leaders operating in isolation, the limits of traditional security-centric models, and why cyber risk can no longer live on its own island. The conversation then turns to the boardroom, what directors tend to understand about cyber and digital risk, where gaps remain, and how risk leaders can engage boards more effectively by shifting from technical reporting to strategic navigation. Rather than treating cyber risk as a technical problem to be delegated, this episode makes the case for digital risk and resilience as a bridge-level responsibility, one that requires shared ownership, clearer language, and leadership capable of steering the enterprise through an increasingly interconnected and uncertain risk universe.

In this episode of Risk Is Our Business, Captain Michael Rasmussen opens a subspace channel with Bradley Jewett, Chief Financial Officer at LeadVenture and a seasoned operating executive who helped shape enterprise risk management inside Microsoft and BMC Software. The discussion begins by contrasting bad risk management (periodic, siloed, and designed to check a box) with good risk management that actively informs how organizations make decisions. From there, Brad introduces the philosophy he championed at Microsoft: the Rhythm of Risk. Rather than positioning risk as a separate function, Brad describes an approach where risk management keeps pace with the enterprise itself. Strategic planning cycles, annual operating plans, mergers and acquisitions, audit planning, SEC reporting, investor communications, and product roadmaps all become natural moments for risk to surface and influence outcomes. Risk moves in time with the business, strategic and operational, top-down and bottom-up. Recorded over a live video link, the conversation also explores how this mindset was received by leadership, what it took to set expectations that risk should shape daily decisions, and why aligning risk to the organization’s cadence is far more effective than standalone frameworks or annual exercises. The episode offers a practical, experience-led perspective on what it means to keep risk on the bridge, not as a warning light, but as a steady navigational rhythm guiding the enterprise through uncertainty at warp speed.

In this episode of Risk Is Our Business, Captain Michael Rasmussen beams into a cross-continental conversation with Karsten Findeis, Head of Risk Management at Nordex Group, and Dr. Ayman Nagi, Corporate Risk Manager, for a deep look at how risk maturity evolves inside a global renewable-energy manufacturer. They discuss how Nordex has transformed its risk mindset over the past decade, shifting from a compliance-driven obligation to a strategic discipline that captures both risks and opportunities. By treating risk as the effect of uncertainty on objectives, the team explains how they’ve moved beyond the old hazard-and-harm framing to a more balanced, value-creating approach that resonates across the business. Karsten and Ayman share how Nordex built trust with the organization, how the perception of risk has shifted from burden to business partner, and why logging opportunities alongside risks reflects a more advanced, enterprise-wide understanding of uncertainty. They also dig into IDW PS 340, how its requirements have sharpened their processes, and how implementing the right technology elevated data quality, reporting, and decision-making across the fleet. They also chart where risk management at Nordex is headed in the coming years, from enhanced digital twins to deeper integration with strategic planning and operational execution. For organizations navigating uncertain markets, the Nordex journey offers a blueprint for turning risk into propulsion rather than drag.

In this latest episode of Risk Is Our Business, Captain Michael Rasmussen connects via subspace (okay… a Zoom call) with Marc Leipoldt, CEO of Global Risk Advisory Services. Marc and Michael take a candid look at the state of operational risk management in financial services today. Has it become little more than a Basel-born compliance checkbox? Or can it truly guide strategic decision-making and protect the organization when volatility strikes? Together, they outline what good operational risk management really requires, starting with deep understanding of how the bank actually works—its processes, systems, and the complex interactions between them. Marc emphasizes that KRIs must be actionable and aligned to accountability, not just dashboards for dashboards’ sake. They also grapple with the messy truth of technology in risk. GRC tools are accelerators, not saviors, and without a clear strategy, strong governance, and well-defined processes, no platform will deliver the transformation banks are hoping for. And finally, Marc looks five years ahead. What will operational risk maturity look like across global banks? How will regulatory expectations evolve? And can risk finally break free from compliance-only thinking to become the steward of organizational foresight?

In this episode of Risk Is Our Business, Captain Michael Rasmussen welcomes aboard Mark Heywood, writer, presenter, creative director, novelist, screenwriter, and former global crisis-management leader, for a conversation that travels well beyond the neutral zone of traditional risk models. Together, they explore why risk and resilience can’t be governed by left-brain logic alone, and why the future of the discipline requires imagination, narrative, and the kind of storytelling that has steered starships and boardrooms alike. Mark draws from his dual life in operational resilience and the arts to explain what happens when organizations rely solely on spreadsheets, heat maps, and linear thinking. They discuss how right-brain capabilities (creativity, empathy, narrative framing, and world-building) are essential for helping leaders actually understand risk, not just document it. From micro-simulations and tabletop exercises to gamification and immersive storytelling, Mark outlines how to design experiences that engage decision-makers emotionally as well as analytically. The episode charts a course into the future where logic and imagination operate in tandem, where resilience teams think like screenwriters, and where storytelling becomes a strategic asset for preparing organizations to face the unexpected at warp speed.

In this episode of Risk Is Our Business, Captain Michael Rasmussen welcomes aboard Reshad Alam, Vice President of Information Systems Security at Regal Rexnord, for a conversation about navigating risk at enterprise scale, and why the greatest threat is often the one you can’t see coming. Reshad describes the sheer scope of Regal Rexnord’s global footprint, and with it, the vast digital surface he’s responsible for protecting. What keeps him up at night isn’t any single threat vector, but the unknowns—the blind spots, the emerging risks, the things security leaders can’t yet quantify. From there, the discussion expands into the evolving nature of the CISO role, which Michael sees not as security’s gatekeeper, but as the enterprise’s digital risk and resiliency officer, a creator of digital trust. Together they explore why a company unwilling to take risks is a company on the path to irrelevance, and why the job of security is not to say “no,” but to help the business take the right risks for the right reasons. They discuss the art of engaging the business on security, shifting away from fear-based messaging and toward shared objectives, shared language, and shared accountability. The episode also looks ahead at where the CISO role is heading, and of course, no future-focused conversation would be complete without AI. Reshad shares whether it excites him or worries him, and why, despite the threats, he’s far more energized by the potential of AI to strengthen defenses, accelerate detection, and enhance digital trust across the enterprise. For security and risk leaders charting their own course through uncertainty, this episode is a reminder that the mission isn’t to eliminate the unknown, it’s to navigate it with confidence, clarity, and a willingness to boldly go where the future demands.

In this episode of Risk Is Our Business, Captain Michael Rasmussen welcomes Richard Chambers, Senior Advisor at AuditBoard and one of the most influential voices in internal audit and assurance, to discuss how risk, audit, and compliance have evolved in a decade defined by unprecedented velocity and volatility. Richard reflects on the shifting mindset across GRC—from static frameworks and predictable cycles to a world where risk signals move fast, interdependencies compound, and organizations must adapt with greater speed and clarity than ever before. The conversation draws a sharp distinction between good and bad audit in this environment. Bad audit is adversarial, a corporate police force focused on fault-finding and paperwork. Good audit is a value protector, a trusted partner helping management navigate uncertainty, make sound decisions, and keep the organization moving toward its objectives. If the business fears internal audit, something fundamental is broken. They then examine modern risk management, emphasizing that effective programs are grounded in realistic assessments of likelihood and materiality, not abstract heat maps or theatrical risk registers. Risk is not something to be avoided; it is something to be understood so the organization can move with intention. Compliance enters the discussion as well, particularly the cultural divide between the U.S.’s checkbox-heavy approach and Europe’s more risk-based, integrity-oriented model. Compliance, Richard argues, is ultimately about who the organization chooses to be. The episode closes by looking ahead five years—where AI, automation, and intelligence-driven assurance will shape the role of audit, risk, and compliance. The mission remains the same, but the tools and tempo of the work are changing at warp speed.

In this episode of Risk Is Our Business, Captain Michael Rasmussen beams aboard Ana Valdez Rodgers, VP of Internal Audit, and Melissa Pici, Global Director of Governance, Risk & Compliance, of Syniverse to talk about what really keeps GRC leaders up at night. They dive into how GRC isn’t about ticking boxes but about aligning governance, risk, and compliance with the organization’s purpose and strategy. Drawing on Syniverse’s experience, Ana and Melissa share how their Risk and Assurance Council helps shape culture, break silos, and make GRC part of everyday decision-making, not just a quarterly ritual. They also reflect on Syniverse’s GRC Trailblazer Award, what it took to earn it, and why lasting success starts with strategy and process before technology ever enters the room. Because GRC isn’t something you buy, it’s something you do. As the conversation turns forward-looking, they chart where Syniverse’s GRC program is headed next, envisioning a future where alignment, automation, and purpose drive risk strategy. Because as Captain Kirk once said, risk is our business, and as this episode reminds us, a business that doesn’t take risks is a business out of business.

In this episode of Risk Is Our Business, Captain Michael Rasmussen beams aboard Renee Murphy, independent analyst, storyteller, and founder of The Storyteller’s Circle, to reflect on insights emerging from a recent workshop they led together. One theme rose quickly to the surface: are risk registers keeping pace with reality, or are many organizations still flying with decade-old assumptions? They explore how today’s emerging risks, from AI misuse and deepfakes to data poisoning and automated misinformation, demand more than recycled top-10 lists and stale heat maps. If the world is shifting at warp speed, risk management must evolve its star charts too. From there, the conversation jumps to the bridge of the Enterprise (naturally). Renee and Michael unpack the risk postures of Starfleet captains and how every organization needs the right mix of boldness and restraint to navigate uncertainty without flying the ship into a spatial anomaly. They round out the episode exploring the fear and promise of AI—not as a looming replacement for the crew, but as a co-pilot that enhances perception, speeds analysis, and reveals risks before red alerts sound. Because great risk management doesn’t just brace for the unknown, it boldly goes toward it with intelligence, imagination, and the right crew at the helm.

In this episode of Risk Is Our Business, Captain Michael Rasmussen beams aboard Ernest Legrand, CEO, technologist, and author of Guardians of Uncertainty: The Making of Influential Risk Managers in the Modern World, to explore what it really means to lead through volatility. Drawing on lessons from his book and decades of experience across insurance, AI, and geospatial technology, Ernest discusses how elite risk managers transform uncertainty into strategy. Together, they chart the evolution of risk leadership,  from compliance and insurance frameworks to dynamic decision-making built on data, foresight, and empathy. From the human side of decision-making to the architecture of trust, Ernest shares lessons from the world’s top risk leaders, those who turn unpredictability into opportunity, and governance into a living, adaptive system. For executives, risk professionals, and board leaders alike, this episode offers a reminder that uncertainty isn’t a void to avoid, it’s the terrain of leadership itself.

In this episode of Risk Is Our Business, Captain Michael Rasmussen beams aboard Richard Anderson, Chair, Non-Executive Director, and host of The Risk Appetite Podcast, to explore what separates bad risk management from good, and why so many organizations still get it wrong. Together they chart the difference between process-driven compliance and purpose-driven risk. Bad risk management, they argue, is obsessed with heat maps, registers, and rituals; good risk management understands context, links to objectives, and drives intelligent decision-making. The discussion turns to the UK landscape, where Richard and Michael assess whether organizations are truly getting risk management right. The answer, as ever, depends, on sector, circumstance, and above all, personality. From there, the conversation warps into the heart of governance i.e., risk appetite—not as a box-ticking exercise, but as a compass defined by context and aligned with objectives. They close by examining risk culture and communication, emphasizing how scenario planning and storytelling can help leaders make sense of uncertainty. For anyone trying to bridge the gap between compliance and comprehension, this episode is a navigational chart for risk done right, because every enterprise, at warp or impulse, needs to know just how much uncertainty it can handle.

In this episode of Risk Is Our Business, Captain Michael Rasmussen beams aboard Renee Murphy, independent industry analyst, storyteller, and one of the most recognizable voices in GRC, to tackle one of the most misunderstood dimensions of risk: reputation. Renee explains why reputational risk remains so elusive for many organizations, and why ERM frameworks often have metrics for finance and operations but almost none for reputation, customer experience, or employee experience. Together, they dissect recent examples of brand turbulence (from Cracker Barrel to Anheuser-Busch to Target) and explore why reputational fallout can and should be quantified.  The conversation ventures into ESG and stewardship, showing how environmental and social commitments carry enormous reputational weight and why they can’t be managed in isolation. Renee emphasizes the need for risk leaders to engage with every department, especially sales and marketing, since some of the biggest reputational crises are born from campaigns gone wrong. For boards, CROs, and GRC professionals, this episode reframes reputational risk not as an abstract concept but as a measurable, manageable force that determines whether your organization is trusted or left adrift in the void.

In this episode of Risk Is Our Business, Captain Michael Rasmussen beams aboard Amir Ramezanpour, Vice President of Global Risk Technology and Intelligence, and Global Risk Transformation Office at Manulife, to explore how risk must be defined, framed, and operationalized in a world of constant unpredictability. Michael and Amir both lean on ISO 31000’s central principle, risk as the effect of uncertainty on objectives, to emphasize why context and clarity of objectives are mission-critical. From there, the conversation dives into risk intelligence, and how organizations can plan for the unplannable by building frameworks and operations designed to thrive in turbulence. They explore engagement with the first line of defense, asking whether risk is still seen as a bureaucratic pain or whether it can become a trusted partner in helping leaders make better business decisions. Amir shares his vision for how agentic AI and digital twins will power the future of risk management, automating the routine, enabling what-if scenario planning, and equipping leaders to simulate futures before charting their course. Rather than striving to eliminate uncertainty, Amir reminds us that the real mission is to navigate it. By grounding risk in objectives, engaging the first line as active copilots, and harnessing new tools like risk intelligence and AI-driven simulations, leaders can transform unpredictability into strategic advantage. For those ready to lead at warp, the path forward is to embrace uncertainty with purpose, clarity, and resilience.

In this warp-speed episode of Risk Is Our Business, Captain Michael Rasmussen connects across the comms with Akira Muranaka, GRC/IRM/ESG Technology Manager and global risk assurance veteran, to explore how enterprises can reimagine GRC as a driver of objectives rather than a compliance checkbox. Akira explains why the future of risk management depends on moving away from ritualistic controls and toward a risk-based approach that enables the business to take the right risks with confidence. Together, they navigate the question every enterprise faces: should GRC run on a single monolithic platform, or is the future an architecture of integrated technologies stitched together to match organizational needs? The discussion dives into what Akira looks for in GRC tools, the core capabilities that matter most for scalability, resilience, and trust. From there, they scan the horizon: what GRC technology and the risk programs they support will look like in the next five years, as AI, automation, and architecture reshape how enterprises govern uncertainty. For GRC leaders, technologists, and boards alike, this episode is a star chart to the next era of digital trust, one where GRC isn’t trapped in compliance nebulas but powered by risk engines designed to accelerate the enterprise mission.

In this bridge-level episode of Risk Is Our Business, Captain Michael Rasmussen beams aboard Tayler Kuhn, Director of Internal Audit, IT, and Jeanne Cline, Chief Audit Executive at StoneX Group Inc., to explore the evolving role of internal audit in the GRC galaxy. Their discussion begins with how internal audit has changed over the years, from back-office compliance to a strategic function collaborating across governance, risk, and compliance. They highlight the mission-critical truth that a business not taking risks is a business out of business, and that internal audit’s role is to help the enterprise understand, navigate, and take the right risks. The conversation explores how technology is reshaping both GRC broadly and internal audit specifically at StoneX, including how AI is already influencing assurance work and where it’s headed. Tayler and Jeanne share their vision of the next 2–3 years, where the internal audit profession is more automated and data-driven, spending less time on testing and manual work and more time analyzing risks, understanding interconnectivity, and supporting strategic decisions. They also confront the identity of the profession itself, whether to call it internal audit or assurance, and how that language shift reflects a broader transformation in purpose. At warp speed, this episode charts a course for internal auditors and GRC leaders alike to move beyond testing artifacts, toward enabling resilience, strategy, and performance

In this transmission of Risk Is Our Business, Captain Michael Rasmussen connects across the comms with Ayoub Fandi, Security Assurance Automation Team Lead at GitLab and founder of the GRC Engineer Podcast and Newsletter, for a deep dive into what might be the next frontier of governance, risk, and compliance: GRC engineering. Ayoub explains what GRC engineering is, what it does, and the value it provides, moving GRC away from after-the-fact verification and closer to the design phase, where software engineering problem-solving can be applied to solve long-standing compliance and assurance challenges. Together, they map out the core elements of GRC engineering, explore where it should be applied, and ask whether its cyber-heavy focus today limits its potential, or whether it’s destined for broader adoption across the enterprise galaxy. The conversation also scans the role of agentic AI in this evolving discipline, from automating repetitive assurance checks to embedding risk intelligence directly into systems that power organizational strategy. Along the way, they highlight how GRC engineering can transform perception, from compliance burden to strategic enabler, much like replacing impulse drives with warp cores. GRC engineering is a structural shift. For GRC leaders, engineers, and innovators, this is a star chart to the future of assurance and resilience.

In this stardate transmission of Risk Is Our Business, Captain Michael Rasmussen beams in Emma Price, Deloitte Partner and UK Enterprise Risk Management Lead, to chart how risk management has transformed across decades, and where it’s set to warp next. Their voyage begins with language itself: from business continuity and disaster recovery to the all-encompassing term “resilience.” Emma explains why substituting “risk” with “resilience” often earns more traction in boardrooms and beyond, and how resilience can unify disciplines too often stranded in siloes. From there, they confront the bad and ugly of risk programs, such as isolated operations, failure to account for interconnectivity, and compliance exercises masquerading as strategy. The discussion moves through third-party risk, the growing role of external intelligence on geopolitical, economic, and regulatory turbulence, and the big drivers shaping risk programs in the UK today. Emma and Michael scan the horizon of ERM’s future, from strategy and technology to the value of managed services, and debate how risk leaders can avoid drifting into orbit around checklists and instead plot resilient, forward-facing courses. For risk officers, boards, and strategists, this episode is a navigational chart across the risk nebula, and a reminder that the enterprise mission demands not paperwork, but perspective, integration, and resilience at warp speed.

In this star-mapping episode of Risk Is Our Business, Captain Michael Rasmussen beams aboard Tony Martin-Vegue, risk consultant, advisor, and author of the upcoming book Heatmaps to Histograms: A Practical Guide to Cyber Risk Quantification. With 25 years navigating the galaxy of cyber risk, Tony has guided enterprises from the gravitational pull of checklists and color-coded charts into the warp lanes of defensible, quantitative analysis. Their journey begins with the dark matter of bad risk management: programs designed to placate auditors, check boxes, or reassure customers without truly informing decisions. From there, they plot a course toward what good risk management looks like—proactive, integrated, and tied directly to organizational objectives. Tony traces the lineage of risk management back to the late 1600s, when probability theory first emerged, showing how centuries of thinking have led us to today’s crossroads. The conversation dives into heatmaps, when they can still provide navigational value, and when they collapse under the weight of oversimplification. From there, they move to the promise of histograms, simulations, and CRQ models that help businesses not only understand thresholds and acceptable levels of risk, but also chart their path with clarity and confidence. For CISOs, CROs, and risk leaders, this episode is both history lesson and star chart, a reminder that risk management isn’t about artifacts to prove you exist, but about enabling the mission. If your current program is orbiting in circles, this is the transmission that will help you break free, align your coordinates, and accelerate to warp speed.

In this mission-critical episode of Risk Is Our Business, host Michael Rasmussen opens the comms with Hardik Mehta, Global Head of Risk and Regulatory Compliance at JPMorgan Chase. With two decades of experience across Uber, Microsoft, and global advisory firms, Hardik has charted risk programs that span continents, cloud migrations, and regulatory galaxies. Their conversation starts with what keeps him up at night: the turbulence of geopolitical risk, ever-changing regulations, data security challenges, and the inertia of legacy platforms slowing cloud adoption. From there, they examine what bad risk management looks like (siloed programs cut off from strategy) versus what good risk management should deliver (i.e., integrated, technology-enabled frameworks that guide the enterprise toward its objectives). Resilience comes to the forefront as Hardik explains how he weaves it into risk strategy, not as an afterthought but as a forward-facing capability. He emphasizes the need for both left-brain precision in quantification and right-brain imagination in creative foresight, a duality essential for navigating uncertainty. The discussion explores the technologies enabling better risk programs today, the role of risk intelligence in scanning horizons, and how AI is reshaping the future of risk management. For boards, CROs, and risk leaders, this episode is a navigational chart for transforming risk into resilience, and for steering your enterprise at warp speed toward intelligent, mission-aligned futures.

In this galaxy-spanning episode of Risk Is Our Business, Captain Michael Rasmussen beams aboard Todd Fitzgerald, former Fortune 500 CISO, cybersecurity hall-of-famer, and #1 best-selling author of CISO Compass. With over 25 years navigating the outer reaches of information security, Todd has seen the CISO role evolve from the days of dial-up to today’s warp-speed threat environment. Their mission is to chart the vast and sometimes confusing constellation of terminology in our sector, from information security, to cybersecurity, to digital risk, cyber risk, and beyond, and explore why these distinctions matter when steering an enterprise through uncertainty. They trace the history of the CISO from its 1990s origins to its current form as a strategic officer on the bridge, responsible not just for defense but for enabling the business to boldly go toward its objectives. From cyber risk quantification done right (and how to make it more than a numbers game) to managing the digital supply chain and interconnected risk, Todd offers a star map of practical strategies. He tackles the long-standing perception of security as the “department of no” and reframes it as a mission-critical enabler, helping organizations comprehend what’s an acceptable risk and navigate toward opportunity without drifting into a black hole. For any security leader, risk officer, or governance professional, this episode is a tricorder reading of where we’ve been, where we’re headed, and how to ensure your cybersecurity program is aligned with the Prime Directive: enabling the mission.

In this transmission of Risk Is Our Business, host Michael Rasmussen connects over comms with Tim Leech, pioneer of Objective Centric Risk and Uncertainty Management (#OCRUM), longtime board advisor, and someone who’s spent decades trying to rescue enterprise risk from the black hole of checkbox compliance. Recorded over a long-distance call (no transporters this time), this episode dives straight into the uncomfortable truth of modern ERM often being more about optics than outcomes. Tim and Michael dismantle the illusion of risk registers and heat maps, exposing how many programs are built to pacify boards and regulators rather than support real decision-making. But Tim doesn’t stop at critique. He offers a new model, one where risk starts with the people who actually run the business, where strategy sets the coordinates, and where the board isn’t kept in the dark behind colored charts but engaged with objective-driven insight. Together, they explore how to overcome resistance across the enterprise, align the crew, and finally bring risk back to the bridge—not as an afterthought, but as a core navigational system. If your program is still flying blind on outdated frameworks, it’s time to recalibrate.

In this starlog entry of Risk Is Our Business, recorded live at the Risk-In Conference in Zurich, Captain Michael Rasmussen sits down with Pascal Busch, Global Head of ERM & BCM at Acino and creator of VirtueSpark, for a deep-space transmission on the future of enterprise risk. What keeps a seasoned risk commander up at night? Pascal opens up about the unknown anomalies in the system, such as inefficiencies, blind spots, and missed signals that still plague too many GRC programs. But he’s not just scanning for threats, he’s building the future. From digital twins to decision intelligence, Pascal charts a course toward a risk program that’s faster, smarter, and fully integrated into the mission of value creation. Together, they explore where his tech journey is today, where he wants it to be in two years, and how risk professionals can move from compliance copilots to strategic navigators, guiding organizations through the turbulence of uncertainty with precision and purpose. If your risk program feels stuck in the past, it’s time to reroute power to the engines. Because as Pascal makes clear, the future of GRC isn’t about avoiding risk, it’s about managing it at warp speed.

In this episode of Risk Is Our Business, Michael Rasmussen welcomes Stefan Gershater, Head of Risk and Governance at the Co-op, for a bold and unflinching conversation that challenges the very foundations of modern risk management. Broadcasting from the front lines of strategic uncertainty, Stefan shares insights from his forthcoming book, a deep critique of the risk orthodoxy shaped by accounting firms, software vendors, and low expectations. He argues that what passes for risk management in many boardrooms is little more than a comforting illusion—one that fails to serve strategy, enable decisions, or engage with the complexity of the real world. Together, they explore the good, the bad, and the ugly of today’s risk practices, from the myth of “risk appetite” to the misuse of assurance resources and the danger of chasing frameworks over outcomes. But this isn’t just a teardown, it’s a mission briefing. Stefan lays out how risk can be reimagined as a cognitive, analytical, and strategic asset that improves decision velocity and organizational intelligence. For risk professionals ready to break orbit and leave behind the gravitational pull of mediocrity, this episode is both roadmap and rallying cry.

Recorded live at Corporate Risk Minds 2025 in Berlin, this episode of Risk Is Our Business features a conversation with Florian Worm—risk technologist, modeling expert, and one of the sharpest minds charting the next frontier in enterprise risk. Florian joins Michael Rasmussen on the bridge to explore the processes and paradigms reshaping risk management in a world where volatility is no longer an anomaly, it’s the environment. Together, they examine the limitations of legacy frameworks, the regulatory gravity of IDW PS 340, and why good risk quantification requires more than Monte Carlo curves and dashboards. In a galaxy of noise, it’s about decision-useful insight, grounded in rigor and relevance. At the heart of the episode is a deep dive into digital twins, not as sci-fi theory, but as a real-world capability to simulate risk environments, explore alternate futures, and make better decisions in real time. Whether you're scanning for weak signals, stress-testing for resilience, or mapping out mission-critical paths, digital twins are fast becoming the warp core of forward-looking risk. For those ready to chart a new course, this episode offers a shift from static risk logs to living systems, where uncertainty is mapped, modeled, and understood.  

In this episode of Risk Is Our Business, Michael Rasmussen charts a course with Klaus Jaeck and Daniel Cassel of Horváth to explore the next frontier in enterprise risk management, where resilience is just the baseline, and business confidence is the true objective. Recorded at Corporate Risk Minds 2025 in Berlin, Klaus and Daniel offer a sharp perspective on how risk management is evolving across the region, moving beyond regulatory routines and static controls into dynamic systems that align risk with strategy, trust, and decision-making agility. They unpack why trust and resilience, while critical, aren’t enough on their own, and why organizations need something more to thrive in the vast unknowns of modern business. They also take us deep into the heart of GRC transformation in Germany—what’s working, what’s lagging, and how digitalization, ESG, and a growing risk consciousness are reshaping expectations. The conversation explores how risk leaders can act less like tactical responders and more like bridge officers, guiding the ship, not just guarding the hull. And yes, they have fun along the way. As Klaus and Daniel say, “no risk, no fun”, but with the right GRC model, it’s a mission worth taking.

In this episode of Risk Is Our Business, Michael Rasmussen beams into EY Germany to speak with Patrick Risch and Benjamin Lüders, two senior officers on the frontier of governance, risk, and compliance transformation. Together, they explore how to navigate the multidimensional challenges of orchestrating GRC across systems, silos, and starships, otherwise known as modern enterprises. Their mission is to create a unified command structure where GRC isn't just a regulatory afterthought, but an enterprise-wide operating model aligned with strategy, resilience, and purpose. From aligning core processes to enabling agility with cutting-edge technology, Patrick and Benjamin map out how successful organizations are shifting from fragmented control systems to integrated, mission-ready frameworks. They also introduce the concept of digital twins, not as a sci-fi abstraction, but as real-time simulations of organizational ecosystems that help leaders monitor, adapt, and course-correct with greater precision. It’s a new model of GRC that reflects the living, breathing dynamics of business. Finally, they reflect on the unique risks and opportunities facing German companies as they transition from traditional governance models to more dynamic, tech-enabled approaches. It's a sector where regulations are strict, expectations high, and the path to transformation requires both cultural alignment and technological firepower. If your enterprise is preparing for deep space exploration, or simply the next compliance cycle, this episode offers a navigational chart for GRC leaders ready to break free of orbit.

In this episode of Risk Is Our Business, Michael Rasmussen beams up Graeme Keith, mathematician, strategist, and CEO of Stochastic ApS, for a charged discussion on the fundamental divide between Risk Management 1 and Risk Management 2. Spoiler alert: most organizations are stuck in RM1, clinging to risk registers, risk appetite statements, and heatmaps that do little more than appease auditors. But as Graeme explains, like the Kobayashi Maru, those are unwinnable exercises that distract from supporting decisions with logic, evidence, and quantitative clarity. Together, they dissect the common symptoms of bad risk management: using the wrong method in the wrong context, misunderstanding what “quantification” really means, and misapplying Monte Carlo simulations in a sea of poorly designed software tools. Graeme expands on his recent GRC Report article The Misery of Risk Matrices, pushing back on the false sense of security these subjective tools create. He argues that the real R in GRC should stand for risk-informed decision-making, not retroactive compliance filler. The episode also unpacks why the growing push toward quantification often defaults to Monte Carlo analysis. Graeme offers a breakdown of where Monte Carlo simulations shine, where they fail, and what risk leaders should be asking when evaluating quantification tools and methodologies. At warp core, this conversation is about upgrading risk from visual comfort to strategic relevance, from vague heatmaps to models that support action under uncertainty. If you’re ready to move beyond the checkbox galaxy and into the decision-making nebula, The Wrath of Math is required listening.

In this episode of Risk Is Our Business, Michael Rasmussen beams aboard Kristina Wiese Tranberg, ESG compliance leader, AI ambassador, and creator of the GRC board game GRC Master, for a lively discussion on making governance, risk, and compliance not only effective, but engaging. With more than two decades of experience steering internal control transformations and operationalizing ESG strategy, Kristina brings a rare blend of strategic rigor and creative energy to the command deck. Together, they explore the human side of GRC, why success isn’t just about tools or frameworks, but about building cultures that do GRC, not just buy it. Kristina shares how she developed GRC Master to make training more accessible, memorable, and yes, fun. From cross-functional collaboration to AI integration, she explains how gamification can build real fluency in GRC while strengthening control environments across the enterprise. As they chart the path toward adaptive, people-centered operating models, it becomes clear that in the future of GRC, the technology may power the ship, but it’s the crew that makes the mission possible.

In this episode of Risk Is Our Business, host Michael Rasmussen sets course with Norman Marks, renowned author, former chief audit executive, and one of the most respected minds in the risk and audit universe, for a conversation that ventures well beyond compliance into the stars of strategy and purpose. Drawing from his acclaimed books Auditing That Matters and World-Class Risk Management, Norman argues that risk management isn’t about playing it safe, it’s about enabling intelligent, informed decisions that propel the enterprise forward. Quoting Thomas Aquinas, Michael reminds us, “If the highest aim of a captain were to preserve his ship, he would keep it in port forever.” But in a world of shifting risks and high-stakes missions, the goal isn’t to anchor—it’s to voyage. Together, Rasmussen and Marks explore why every objective has its own risk appetite, how to distinguish world-class internal audit from box-checking mediocrity, and what it means to embed risk into the helm of strategic decision-making. If you’re ready to audit at warp speed and leave the port behind, this episode is your star map.

In this episode of Risk Is Our Business, Michael Rasmussen is joined by Jennifer Geary, seasoned CRO, COO, and bestselling author, for a conversation that explores risk not as a bureaucratic burden, but as a navigational system for achieving mission success. With decades of hands-on experience across fintech, banking, NGOs, and tech, Jennifer brings both operational grit and boardroom perspective to the discussion. Together, they examine why risk management must start with organizational objectives, not with fear or compliance, and how that mindset shift unlocks true strategic value. They also dive into the UK Corporate Governance Code and the growing influence of Provision 29. With London Stock Exchange-listed companies operating far beyond the UK, Jennifer and Michael explore how expectations for internal control and risk reporting are now rippling across countries, reshaping how boards think about assurance and oversight. The episode also ventures into international waters, unpacking key differences in how the US and Europe approach regulation and risk culture. From fragmented American frameworks to more principles-based European regimes, the contrasts reveal both challenges and opportunities for global risk leaders. Finally, no modern episode would be complete without AI on the radar. Jennifer shares her perspective on the emerging risks AI presents, and how risk professionals can harness AI themselves to strengthen controls, forecast threats, and evolve alongside the technology that’s redefining the enterprise. For anyone looking to move risk from checkbox to compass, and chart a course through complexity with clarity, this episode delivers.

In this episode of Risk Is Our Business, we chart a course through the unknown with Andrew Olsen, Director of Risk Management at Stewart Title and an expert in integrated risk and third-party oversight. Andrew joins host Michael Rasmussen to explore the next frontiers of risk management, from today’s operational challenges to the emerging threats just over the horizon. What keeps a modern risk leader up at night? For Andrew, it’s not just cyber threats or regulatory pressure, it’s the uncharted impact of artificial intelligence, the growing complexity of third-party ecosystems, and the need to evolve risk technology before it falls behind the threats it’s meant to monitor. In this candid conversation, Andrew unpacks the real-world hurdles of vendor risk management, shares how he's currently leveraging technology to stay ahead, and lays out his vision for the future of risk tools — systems that are not just dashboards and data, but active copilots in decision-making. He also reflects on how risk teams can escape the back-office echo chamber and deliver visible, strategic value to the enterprise. From warp-speed change to boardroom translation, this episode is a reminder that risk management isn’t about slowing down, it’s about navigating smarter.

In this episode of Risk Is Our Business, Michael Rasmussen sits down with Elena Pykohva — award-winning risk expert, international educator, and author of ' Operational Risk Management in Financial Services: A Practical Guide to Establishing Effective Solutions'. Together, they explore what it takes to move operational risk beyond checklists and siloes, and toward something far more powerful: a fully engaged, enterprise-wide force for good. With deep experience across financial services, from G-SIFIs to fintechs, Elena brings both strategic insight and hard-earned lessons from the field. She shares why operational risk must be reimagined, not as a compliance exercise, but as a people-powered, forward-looking discipline that drives real impact. Together, they discuss what distinguishes effective operational risk from empty frameworks, how to dismantle siloes that isolate risk professionals, and why conversation, culture, and connection are essential to delivering outcomes that matter. If you’re ready to leave behind fragmented models and engage risk as a dynamic, interactive driver of strategy, culture, and resilience, this episode is your star map.

In this episode of Risk Is Our Business, we embark on a journey with two forward-thinking leaders from Deloitte, Daniel Jørgensen and Rasmus Krighaar, who are reshaping the landscape of risk management and compliance. With deep expertise in AI, machine learning, advanced analytics, and GRC, they discuss the evolution of governance, risk, and compliance (GRC)—not just from a technological standpoint, but from a mentality perspective. The conversation dives into Denmark’s unique compliance culture, where the cherished tradition of following rules has shaped its approach to risk management. Daniel and Rasmus explore how this cultural commitment to compliance has positioned Denmark as a leader in various fields, from regulation to governance. Later, the discussion shifts to Denmark’s leadership in ESG, where Daniel and Rasmus highlight how the country’s commitment to sustainability is setting a global standard. The episode also covers how AI is transforming GRC, enabling smarter, faster decisions, and how Deloitte is embracing the rise of digital twins to drive the next wave of innovation in GRC. Join us on this cosmic journey as Daniel and Rasmus navigate the complex intersection of culture, technology, and governance—boldly going where few have gone before.

In this episode of Risk Is Our Business, Captain Michael Rasmussen is joined by Franck Baron—President of IFRIMA and Group General Manager for Risk Management & Insurance at International SOS—for a deep-space dive into the evolving world of enterprise risk. With a career spanning Mars to Danone, AXA to Firmenich, and leadership roles across Europe and Asia-Pacific, Franck offers a global perspective few can match. They explore how the risk profession has changed over the years, and why those changes matter. From the growing confusion between risk and compliance to the cultural divides between U.S., European, and Asia-Pacific approaches, Franck unpacks the nuance behind the titles and frameworks. He makes the case for keeping risk and compliance distinct, even in a world where compliance risks are rising fast. Most importantly, they ask the question: what does good risk management really look like inside an organization? Franck shares what works, what doesn’t, and how risk leaders can earn influence not by shouting the loudest, but by enabling better decisions, stronger resilience, and clearer strategy. If you’ve ever felt like your risk program was stuck in orbit, this conversation might just give you the coordinates to chart a new course.

In this episode of Risk Is Our Business, Captain Michael Rasmussen welcomes aboard Laura Fox, Risk Director at AstroPay, for a high-warp journey through the risk galaxy. Laura reflects on her experience as a woman navigating a still male-dominated corner of the business universe, and why diverse leadership isn’t just a nice-to-have—it reshapes how teams approach uncertainty, challenge groupthink, and make smarter decisions. She also tackles the great divide between best practice and boots-on-the-ground reality. From under-resourced teams to overengineered frameworks, Laura shares where theory often falls short—and how to bridge that gap without losing sight of what actually works. From building risk frameworks from scratch to spotting the strategic opportunities others miss, Laura shows us what it takes to bring risk out of the engine room and into the command deck—where it belongs. Tune in as they boldly go beyond the compliance checkbox and into the vibrant unknown of proactive, people-first risk leadership.