In this episode of Risk Is Our Business, Captain Michael Rasmussen beams aboard Ana Valdez Rodgers, VP of Internal Audit, and Melissa Pici, Global Director of Governance, Risk & Compliance, of Syniverse to talk about what really keeps GRC leaders up at night. They dive into how GRC isn’t about ticking boxes but about aligning governance, risk, and compliance with the organization’s purpose and strategy. Drawing on Syniverse’s experience, Ana and Melissa share how their Risk and Assurance Council helps shape culture, break silos, and make GRC part of everyday decision-making, not just a quarterly ritual. They also reflect on Syniverse’s GRC Trailblazer Award, what it took to earn it, and why lasting success starts with strategy and process before technology ever enters the room. Because GRC isn’t something you buy, it’s something you do. As the conversation turns forward-looking, they chart where Syniverse’s GRC program is headed next, envisioning a future where alignment, automation, and purpose drive risk strategy. Because as Captain Kirk once said, risk is our business, and as this episode reminds us, a business that doesn’t take risks is a business out of business.

In this episode of Risk Is Our Business, Captain Michael Rasmussen beams aboard Renee Murphy, independent analyst, storyteller, and founder of The Storyteller’s Circle, to reflect on insights emerging from a recent workshop they led together. One theme rose quickly to the surface: are risk registers keeping pace with reality, or are many organizations still flying with decade-old assumptions? They explore how today’s emerging risks, from AI misuse and deepfakes to data poisoning and automated misinformation, demand more than recycled top-10 lists and stale heat maps. If the world is shifting at warp speed, risk management must evolve its star charts too. From there, the conversation jumps to the bridge of the Enterprise (naturally). Renee and Michael unpack the risk postures of Starfleet captains and how every organization needs the right mix of boldness and restraint to navigate uncertainty without flying the ship into a spatial anomaly. They round out the episode exploring the fear and promise of AI—not as a looming replacement for the crew, but as a co-pilot that enhances perception, speeds analysis, and reveals risks before red alerts sound. Because great risk management doesn’t just brace for the unknown, it boldly goes toward it with intelligence, imagination, and the right crew at the helm.

In this episode of Risk Is Our Business, Captain Michael Rasmussen beams aboard Ernest Legrand, CEO, technologist, and author of Guardians of Uncertainty: The Making of Influential Risk Managers in the Modern World, to explore what it really means to lead through volatility. Drawing on lessons from his book and decades of experience across insurance, AI, and geospatial technology, Ernest discusses how elite risk managers transform uncertainty into strategy. Together, they chart the evolution of risk leadership,  from compliance and insurance frameworks to dynamic decision-making built on data, foresight, and empathy. From the human side of decision-making to the architecture of trust, Ernest shares lessons from the world’s top risk leaders, those who turn unpredictability into opportunity, and governance into a living, adaptive system. For executives, risk professionals, and board leaders alike, this episode offers a reminder that uncertainty isn’t a void to avoid, it’s the terrain of leadership itself.

In this episode of Risk Is Our Business, Captain Michael Rasmussen beams aboard Richard Anderson, Chair, Non-Executive Director, and host of The Risk Appetite Podcast, to explore what separates bad risk management from good, and why so many organizations still get it wrong. Together they chart the difference between process-driven compliance and purpose-driven risk. Bad risk management, they argue, is obsessed with heat maps, registers, and rituals; good risk management understands context, links to objectives, and drives intelligent decision-making. The discussion turns to the UK landscape, where Richard and Michael assess whether organizations are truly getting risk management right. The answer, as ever, depends, on sector, circumstance, and above all, personality. From there, the conversation warps into the heart of governance i.e., risk appetite—not as a box-ticking exercise, but as a compass defined by context and aligned with objectives. They close by examining risk culture and communication, emphasizing how scenario planning and storytelling can help leaders make sense of uncertainty. For anyone trying to bridge the gap between compliance and comprehension, this episode is a navigational chart for risk done right, because every enterprise, at warp or impulse, needs to know just how much uncertainty it can handle.

In this episode of Risk Is Our Business, Captain Michael Rasmussen beams aboard Renee Murphy, independent industry analyst, storyteller, and one of the most recognizable voices in GRC, to tackle one of the most misunderstood dimensions of risk: reputation. Renee explains why reputational risk remains so elusive for many organizations, and why ERM frameworks often have metrics for finance and operations but almost none for reputation, customer experience, or employee experience. Together, they dissect recent examples of brand turbulence (from Cracker Barrel to Anheuser-Busch to Target) and explore why reputational fallout can and should be quantified.  The conversation ventures into ESG and stewardship, showing how environmental and social commitments carry enormous reputational weight and why they can’t be managed in isolation. Renee emphasizes the need for risk leaders to engage with every department, especially sales and marketing, since some of the biggest reputational crises are born from campaigns gone wrong. For boards, CROs, and GRC professionals, this episode reframes reputational risk not as an abstract concept but as a measurable, manageable force that determines whether your organization is trusted or left adrift in the void.

In this episode of Risk Is Our Business, Captain Michael Rasmussen beams aboard Amir Ramezanpour, Vice President of Global Risk Technology and Intelligence, and Global Risk Transformation Office at Manulife, to explore how risk must be defined, framed, and operationalized in a world of constant unpredictability. Michael and Amir both lean on ISO 31000’s central principle, risk as the effect of uncertainty on objectives, to emphasize why context and clarity of objectives are mission-critical. From there, the conversation dives into risk intelligence, and how organizations can plan for the unplannable by building frameworks and operations designed to thrive in turbulence. They explore engagement with the first line of defense, asking whether risk is still seen as a bureaucratic pain or whether it can become a trusted partner in helping leaders make better business decisions. Amir shares his vision for how agentic AI and digital twins will power the future of risk management, automating the routine, enabling what-if scenario planning, and equipping leaders to simulate futures before charting their course. Rather than striving to eliminate uncertainty, Amir reminds us that the real mission is to navigate it. By grounding risk in objectives, engaging the first line as active copilots, and harnessing new tools like risk intelligence and AI-driven simulations, leaders can transform unpredictability into strategic advantage. For those ready to lead at warp, the path forward is to embrace uncertainty with purpose, clarity, and resilience.

In this warp-speed episode of Risk Is Our Business, Captain Michael Rasmussen connects across the comms with Akira Muranaka, GRC/IRM/ESG Technology Manager and global risk assurance veteran, to explore how enterprises can reimagine GRC as a driver of objectives rather than a compliance checkbox. Akira explains why the future of risk management depends on moving away from ritualistic controls and toward a risk-based approach that enables the business to take the right risks with confidence. Together, they navigate the question every enterprise faces: should GRC run on a single monolithic platform, or is the future an architecture of integrated technologies stitched together to match organizational needs? The discussion dives into what Akira looks for in GRC tools, the core capabilities that matter most for scalability, resilience, and trust. From there, they scan the horizon: what GRC technology and the risk programs they support will look like in the next five years, as AI, automation, and architecture reshape how enterprises govern uncertainty. For GRC leaders, technologists, and boards alike, this episode is a star chart to the next era of digital trust, one where GRC isn’t trapped in compliance nebulas but powered by risk engines designed to accelerate the enterprise mission.

In this bridge-level episode of Risk Is Our Business, Captain Michael Rasmussen beams aboard Tayler Kuhn, Director of Internal Audit, IT, and Jeanne Cline, Chief Audit Executive at StoneX Group Inc., to explore the evolving role of internal audit in the GRC galaxy. Their discussion begins with how internal audit has changed over the years, from back-office compliance to a strategic function collaborating across governance, risk, and compliance. They highlight the mission-critical truth that a business not taking risks is a business out of business, and that internal audit’s role is to help the enterprise understand, navigate, and take the right risks. The conversation explores how technology is reshaping both GRC broadly and internal audit specifically at StoneX, including how AI is already influencing assurance work and where it’s headed. Tayler and Jeanne share their vision of the next 2–3 years, where the internal audit profession is more automated and data-driven, spending less time on testing and manual work and more time analyzing risks, understanding interconnectivity, and supporting strategic decisions. They also confront the identity of the profession itself, whether to call it internal audit or assurance, and how that language shift reflects a broader transformation in purpose. At warp speed, this episode charts a course for internal auditors and GRC leaders alike to move beyond testing artifacts, toward enabling resilience, strategy, and performance

In this transmission of Risk Is Our Business, Captain Michael Rasmussen connects across the comms with Ayoub Fandi, Security Assurance Automation Team Lead at GitLab and founder of the GRC Engineer Podcast and Newsletter, for a deep dive into what might be the next frontier of governance, risk, and compliance: GRC engineering. Ayoub explains what GRC engineering is, what it does, and the value it provides, moving GRC away from after-the-fact verification and closer to the design phase, where software engineering problem-solving can be applied to solve long-standing compliance and assurance challenges. Together, they map out the core elements of GRC engineering, explore where it should be applied, and ask whether its cyber-heavy focus today limits its potential, or whether it’s destined for broader adoption across the enterprise galaxy. The conversation also scans the role of agentic AI in this evolving discipline, from automating repetitive assurance checks to embedding risk intelligence directly into systems that power organizational strategy. Along the way, they highlight how GRC engineering can transform perception, from compliance burden to strategic enabler, much like replacing impulse drives with warp cores. GRC engineering is a structural shift. For GRC leaders, engineers, and innovators, this is a star chart to the future of assurance and resilience.

In this stardate transmission of Risk Is Our Business, Captain Michael Rasmussen beams in Emma Price, Deloitte Partner and UK Enterprise Risk Management Lead, to chart how risk management has transformed across decades, and where it’s set to warp next. Their voyage begins with language itself: from business continuity and disaster recovery to the all-encompassing term “resilience.” Emma explains why substituting “risk” with “resilience” often earns more traction in boardrooms and beyond, and how resilience can unify disciplines too often stranded in siloes. From there, they confront the bad and ugly of risk programs, such as isolated operations, failure to account for interconnectivity, and compliance exercises masquerading as strategy. The discussion moves through third-party risk, the growing role of external intelligence on geopolitical, economic, and regulatory turbulence, and the big drivers shaping risk programs in the UK today. Emma and Michael scan the horizon of ERM’s future, from strategy and technology to the value of managed services, and debate how risk leaders can avoid drifting into orbit around checklists and instead plot resilient, forward-facing courses. For risk officers, boards, and strategists, this episode is a navigational chart across the risk nebula, and a reminder that the enterprise mission demands not paperwork, but perspective, integration, and resilience at warp speed.

In this star-mapping episode of Risk Is Our Business, Captain Michael Rasmussen beams aboard Tony Martin-Vegue, risk consultant, advisor, and author of the upcoming book Heatmaps to Histograms: A Practical Guide to Cyber Risk Quantification. With 25 years navigating the galaxy of cyber risk, Tony has guided enterprises from the gravitational pull of checklists and color-coded charts into the warp lanes of defensible, quantitative analysis. Their journey begins with the dark matter of bad risk management: programs designed to placate auditors, check boxes, or reassure customers without truly informing decisions. From there, they plot a course toward what good risk management looks like—proactive, integrated, and tied directly to organizational objectives. Tony traces the lineage of risk management back to the late 1600s, when probability theory first emerged, showing how centuries of thinking have led us to today’s crossroads. The conversation dives into heatmaps, when they can still provide navigational value, and when they collapse under the weight of oversimplification. From there, they move to the promise of histograms, simulations, and CRQ models that help businesses not only understand thresholds and acceptable levels of risk, but also chart their path with clarity and confidence. For CISOs, CROs, and risk leaders, this episode is both history lesson and star chart, a reminder that risk management isn’t about artifacts to prove you exist, but about enabling the mission. If your current program is orbiting in circles, this is the transmission that will help you break free, align your coordinates, and accelerate to warp speed.

In this mission-critical episode of Risk Is Our Business, host Michael Rasmussen opens the comms with Hardik Mehta, Global Head of Risk and Regulatory Compliance at JPMorgan Chase. With two decades of experience across Uber, Microsoft, and global advisory firms, Hardik has charted risk programs that span continents, cloud migrations, and regulatory galaxies. Their conversation starts with what keeps him up at night: the turbulence of geopolitical risk, ever-changing regulations, data security challenges, and the inertia of legacy platforms slowing cloud adoption. From there, they examine what bad risk management looks like (siloed programs cut off from strategy) versus what good risk management should deliver (i.e., integrated, technology-enabled frameworks that guide the enterprise toward its objectives). Resilience comes to the forefront as Hardik explains how he weaves it into risk strategy, not as an afterthought but as a forward-facing capability. He emphasizes the need for both left-brain precision in quantification and right-brain imagination in creative foresight, a duality essential for navigating uncertainty. The discussion explores the technologies enabling better risk programs today, the role of risk intelligence in scanning horizons, and how AI is reshaping the future of risk management. For boards, CROs, and risk leaders, this episode is a navigational chart for transforming risk into resilience, and for steering your enterprise at warp speed toward intelligent, mission-aligned futures.

In this galaxy-spanning episode of Risk Is Our Business, Captain Michael Rasmussen beams aboard Todd Fitzgerald, former Fortune 500 CISO, cybersecurity hall-of-famer, and #1 best-selling author of CISO Compass. With over 25 years navigating the outer reaches of information security, Todd has seen the CISO role evolve from the days of dial-up to today’s warp-speed threat environment. Their mission is to chart the vast and sometimes confusing constellation of terminology in our sector, from information security, to cybersecurity, to digital risk, cyber risk, and beyond, and explore why these distinctions matter when steering an enterprise through uncertainty. They trace the history of the CISO from its 1990s origins to its current form as a strategic officer on the bridge, responsible not just for defense but for enabling the business to boldly go toward its objectives. From cyber risk quantification done right (and how to make it more than a numbers game) to managing the digital supply chain and interconnected risk, Todd offers a star map of practical strategies. He tackles the long-standing perception of security as the “department of no” and reframes it as a mission-critical enabler, helping organizations comprehend what’s an acceptable risk and navigate toward opportunity without drifting into a black hole. For any security leader, risk officer, or governance professional, this episode is a tricorder reading of where we’ve been, where we’re headed, and how to ensure your cybersecurity program is aligned with the Prime Directive: enabling the mission.

In this transmission of Risk Is Our Business, host Michael Rasmussen connects over comms with Tim Leech, pioneer of Objective Centric Risk and Uncertainty Management (#OCRUM), longtime board advisor, and someone who’s spent decades trying to rescue enterprise risk from the black hole of checkbox compliance. Recorded over a long-distance call (no transporters this time), this episode dives straight into the uncomfortable truth of modern ERM often being more about optics than outcomes. Tim and Michael dismantle the illusion of risk registers and heat maps, exposing how many programs are built to pacify boards and regulators rather than support real decision-making. But Tim doesn’t stop at critique. He offers a new model, one where risk starts with the people who actually run the business, where strategy sets the coordinates, and where the board isn’t kept in the dark behind colored charts but engaged with objective-driven insight. Together, they explore how to overcome resistance across the enterprise, align the crew, and finally bring risk back to the bridge—not as an afterthought, but as a core navigational system. If your program is still flying blind on outdated frameworks, it’s time to recalibrate.

In this starlog entry of Risk Is Our Business, recorded live at the Risk-In Conference in Zurich, Captain Michael Rasmussen sits down with Pascal Busch, Global Head of ERM & BCM at Acino and creator of VirtueSpark, for a deep-space transmission on the future of enterprise risk. What keeps a seasoned risk commander up at night? Pascal opens up about the unknown anomalies in the system, such as inefficiencies, blind spots, and missed signals that still plague too many GRC programs. But he’s not just scanning for threats, he’s building the future. From digital twins to decision intelligence, Pascal charts a course toward a risk program that’s faster, smarter, and fully integrated into the mission of value creation. Together, they explore where his tech journey is today, where he wants it to be in two years, and how risk professionals can move from compliance copilots to strategic navigators, guiding organizations through the turbulence of uncertainty with precision and purpose. If your risk program feels stuck in the past, it’s time to reroute power to the engines. Because as Pascal makes clear, the future of GRC isn’t about avoiding risk, it’s about managing it at warp speed.

In this episode of Risk Is Our Business, Michael Rasmussen welcomes Stefan Gershater, Head of Risk and Governance at the Co-op, for a bold and unflinching conversation that challenges the very foundations of modern risk management. Broadcasting from the front lines of strategic uncertainty, Stefan shares insights from his forthcoming book, a deep critique of the risk orthodoxy shaped by accounting firms, software vendors, and low expectations. He argues that what passes for risk management in many boardrooms is little more than a comforting illusion—one that fails to serve strategy, enable decisions, or engage with the complexity of the real world. Together, they explore the good, the bad, and the ugly of today’s risk practices, from the myth of “risk appetite” to the misuse of assurance resources and the danger of chasing frameworks over outcomes. But this isn’t just a teardown, it’s a mission briefing. Stefan lays out how risk can be reimagined as a cognitive, analytical, and strategic asset that improves decision velocity and organizational intelligence. For risk professionals ready to break orbit and leave behind the gravitational pull of mediocrity, this episode is both roadmap and rallying cry.

Recorded live at Corporate Risk Minds 2025 in Berlin, this episode of Risk Is Our Business features a conversation with Florian Worm—risk technologist, modeling expert, and one of the sharpest minds charting the next frontier in enterprise risk. Florian joins Michael Rasmussen on the bridge to explore the processes and paradigms reshaping risk management in a world where volatility is no longer an anomaly, it’s the environment. Together, they examine the limitations of legacy frameworks, the regulatory gravity of IDW PS 340, and why good risk quantification requires more than Monte Carlo curves and dashboards. In a galaxy of noise, it’s about decision-useful insight, grounded in rigor and relevance. At the heart of the episode is a deep dive into digital twins, not as sci-fi theory, but as a real-world capability to simulate risk environments, explore alternate futures, and make better decisions in real time. Whether you're scanning for weak signals, stress-testing for resilience, or mapping out mission-critical paths, digital twins are fast becoming the warp core of forward-looking risk. For those ready to chart a new course, this episode offers a shift from static risk logs to living systems, where uncertainty is mapped, modeled, and understood.  

In this episode of Risk Is Our Business, Michael Rasmussen charts a course with Klaus Jaeck and Daniel Cassel of Horváth to explore the next frontier in enterprise risk management, where resilience is just the baseline, and business confidence is the true objective. Recorded at Corporate Risk Minds 2025 in Berlin, Klaus and Daniel offer a sharp perspective on how risk management is evolving across the region, moving beyond regulatory routines and static controls into dynamic systems that align risk with strategy, trust, and decision-making agility. They unpack why trust and resilience, while critical, aren’t enough on their own, and why organizations need something more to thrive in the vast unknowns of modern business. They also take us deep into the heart of GRC transformation in Germany—what’s working, what’s lagging, and how digitalization, ESG, and a growing risk consciousness are reshaping expectations. The conversation explores how risk leaders can act less like tactical responders and more like bridge officers, guiding the ship, not just guarding the hull. And yes, they have fun along the way. As Klaus and Daniel say, “no risk, no fun”, but with the right GRC model, it’s a mission worth taking.

In this episode of Risk Is Our Business, Michael Rasmussen beams into EY Germany to speak with Patrick Risch and Benjamin Lüders, two senior officers on the frontier of governance, risk, and compliance transformation. Together, they explore how to navigate the multidimensional challenges of orchestrating GRC across systems, silos, and starships, otherwise known as modern enterprises. Their mission is to create a unified command structure where GRC isn't just a regulatory afterthought, but an enterprise-wide operating model aligned with strategy, resilience, and purpose. From aligning core processes to enabling agility with cutting-edge technology, Patrick and Benjamin map out how successful organizations are shifting from fragmented control systems to integrated, mission-ready frameworks. They also introduce the concept of digital twins, not as a sci-fi abstraction, but as real-time simulations of organizational ecosystems that help leaders monitor, adapt, and course-correct with greater precision. It’s a new model of GRC that reflects the living, breathing dynamics of business. Finally, they reflect on the unique risks and opportunities facing German companies as they transition from traditional governance models to more dynamic, tech-enabled approaches. It's a sector where regulations are strict, expectations high, and the path to transformation requires both cultural alignment and technological firepower. If your enterprise is preparing for deep space exploration, or simply the next compliance cycle, this episode offers a navigational chart for GRC leaders ready to break free of orbit.

In this episode of Risk Is Our Business, Michael Rasmussen beams up Graeme Keith, mathematician, strategist, and CEO of Stochastic ApS, for a charged discussion on the fundamental divide between Risk Management 1 and Risk Management 2. Spoiler alert: most organizations are stuck in RM1, clinging to risk registers, risk appetite statements, and heatmaps that do little more than appease auditors. But as Graeme explains, like the Kobayashi Maru, those are unwinnable exercises that distract from supporting decisions with logic, evidence, and quantitative clarity. Together, they dissect the common symptoms of bad risk management: using the wrong method in the wrong context, misunderstanding what “quantification” really means, and misapplying Monte Carlo simulations in a sea of poorly designed software tools. Graeme expands on his recent GRC Report article The Misery of Risk Matrices, pushing back on the false sense of security these subjective tools create. He argues that the real R in GRC should stand for risk-informed decision-making, not retroactive compliance filler. The episode also unpacks why the growing push toward quantification often defaults to Monte Carlo analysis. Graeme offers a breakdown of where Monte Carlo simulations shine, where they fail, and what risk leaders should be asking when evaluating quantification tools and methodologies. At warp core, this conversation is about upgrading risk from visual comfort to strategic relevance, from vague heatmaps to models that support action under uncertainty. If you’re ready to move beyond the checkbox galaxy and into the decision-making nebula, The Wrath of Math is required listening.