Risk is Our Business

In this episode of Risk Is Our Business, Michael Rasmussen beams into EY Germany to speak with Patrick Risch and Benjamin Lüders, two senior officers on the frontier of governance, risk, and compliance transformation. Together, they explore how to navigate the multidimensional challenges of orchestrating GRC across systems, silos, and starships, otherwise known as modern enterprises.
Their mission is to create a unified command structure where GRC isn't just a regulatory afterthought, but an enterprise-wide operating model aligned with strategy, resilience, and purpose. From aligning core processes to enabling agility with cutting-edge technology, Patrick and Benjamin map out how successful organizations are shifting from fragmented control systems to integrated, mission-ready frameworks.
They also introduce the concept of digital twins, not as a sci-fi abstraction, but as real-time simulations of organizational ecosystems that help leaders monitor, adapt, and course-correct with greater precision. It’s a new model of GRC that reflects the living, breathing dynamics of business.
Finally, they reflect on the unique risks and opportunities facing German companies as they transition from traditional governance models to more dynamic, tech-enabled approaches. It's a sector where regulations are strict, expectations high, and the path to transformation requires both cultural alignment and technological firepower.
If your enterprise is preparing for deep space exploration, or simply the next compliance cycle, this episode offers a navigational chart for GRC leaders ready to break free of orbit.

In this episode of Risk Is Our Business, Michael Rasmussen beams up Graeme Keith, mathematician, strategist, and CEO of Stochastic ApS, for a charged discussion on the fundamental divide between Risk Management 1 and Risk Management 2. Spoiler alert: most organizations are stuck in RM1, clinging to risk registers, risk appetite statements, and heatmaps that do little more than appease auditors. But as Graeme explains, like the Kobayashi Maru, those are unwinnable exercises that distract from supporting decisions with logic, evidence, and quantitative clarity.
Together, they dissect the common symptoms of bad risk management: using the wrong method in the wrong context, misunderstanding what “quantification” really means, and misapplying Monte Carlo simulations in a sea of poorly designed software tools. Graeme expands on his recent GRC Report article The Misery of Risk Matrices, pushing back on the false sense of security these subjective tools create. He argues that the real R in GRC should stand for risk-informed decision-making, not retroactive compliance filler.
The episode also unpacks why the growing push toward quantification often defaults to Monte Carlo analysis. Graeme offers a breakdown of where Monte Carlo simulations shine, where they fail, and what risk leaders should be asking when evaluating quantification tools and methodologies.
At warp core, this conversation is about upgrading risk from visual comfort to strategic relevance, from vague heatmaps to models that support action under uncertainty. If you’re ready to move beyond the checkbox galaxy and into the decision-making nebula, The Wrath of Math is required listening.

In this episode of Risk Is Our Business, Michael Rasmussen beams aboard Kristina Wiese Tranberg, ESG compliance leader, AI ambassador, and creator of the GRC board game GRC Master, for a lively discussion on making governance, risk, and compliance not only effective, but engaging.
With more than two decades of experience steering internal control transformations and operationalizing ESG strategy, Kristina brings a rare blend of strategic rigor and creative energy to the command deck. Together, they explore the human side of GRC, why success isn’t just about tools or frameworks, but about building cultures that do GRC, not just buy it.
Kristina shares how she developed GRC Master to make training more accessible, memorable, and yes, fun. From cross-functional collaboration to AI integration, she explains how gamification can build real fluency in GRC while strengthening control environments across the enterprise.
As they chart the path toward adaptive, people-centered operating models, it becomes clear that in the future of GRC, the technology may power the ship, but it’s the crew that makes the mission possible.

In this episode of Risk Is Our Business, host Michael Rasmussen sets course with Norman Marks, renowned author, former chief audit executive, and one of the most respected minds in the risk and audit universe, for a conversation that ventures well beyond compliance into the stars of strategy and purpose.
Drawing from his acclaimed books Auditing That Matters and World-Class Risk Management, Norman argues that risk management isn’t about playing it safe, it’s about enabling intelligent, informed decisions that propel the enterprise forward. Quoting Thomas Aquinas, Michael reminds us, “If the highest aim of a captain were to preserve his ship, he would keep it in port forever.” But in a world of shifting risks and high-stakes missions, the goal isn’t to anchor—it’s to voyage.
Together, Rasmussen and Marks explore why every objective has its own risk appetite, how to distinguish world-class internal audit from box-checking mediocrity, and what it means to embed risk into the helm of strategic decision-making.
If you’re ready to audit at warp speed and leave the port behind, this episode is your star map.

In this episode of Risk Is Our Business, Michael Rasmussen is joined by Jennifer Geary, seasoned CRO, COO, and bestselling author, for a conversation that explores risk not as a bureaucratic burden, but as a navigational system for achieving mission success.
With decades of hands-on experience across fintech, banking, NGOs, and tech, Jennifer brings both operational grit and boardroom perspective to the discussion. Together, they examine why risk management must start with organizational objectives, not with fear or compliance, and how that mindset shift unlocks true strategic value.
They also dive into the UK Corporate Governance Code and the growing influence of Provision 29. With London Stock Exchange-listed companies operating far beyond the UK, Jennifer and Michael explore how expectations for internal control and risk reporting are now rippling across countries, reshaping how boards think about assurance and oversight.
The episode also ventures into international waters, unpacking key differences in how the US and Europe approach regulation and risk culture. From fragmented American frameworks to more principles-based European regimes, the contrasts reveal both challenges and opportunities for global risk leaders.
Finally, no modern episode would be complete without AI on the radar. Jennifer shares her perspective on the emerging risks AI presents, and how risk professionals can harness AI themselves to strengthen controls, forecast threats, and evolve alongside the technology that’s redefining the enterprise.
For anyone looking to move risk from checkbox to compass, and chart a course through complexity with clarity, this episode delivers.

In this episode of Risk Is Our Business, we chart a course through the unknown with Andrew Olsen, Director of Risk Management at Stewart Title and an expert in integrated risk and third-party oversight. Andrew joins host Michael Rasmussen to explore the next frontiers of risk management, from today’s operational challenges to the emerging threats just over the horizon.
What keeps a modern risk leader up at night? For Andrew, it’s not just cyber threats or regulatory pressure, it’s the uncharted impact of artificial intelligence, the growing complexity of third-party ecosystems, and the need to evolve risk technology before it falls behind the threats it’s meant to monitor.
In this candid conversation, Andrew unpacks the real-world hurdles of vendor risk management, shares how he's currently leveraging technology to stay ahead, and lays out his vision for the future of risk tools — systems that are not just dashboards and data, but active copilots in decision-making. He also reflects on how risk teams can escape the back-office echo chamber and deliver visible, strategic value to the enterprise.
From warp-speed change to boardroom translation, this episode is a reminder that risk management isn’t about slowing down, it’s about navigating smarter.

In this episode of Risk Is Our Business, Michael Rasmussen sits down with Elena Pykohva — award-winning risk expert, international educator, and author of ' Operational Risk Management in Financial Services: A Practical Guide to Establishing Effective Solutions'. Together, they explore what it takes to move operational risk beyond checklists and siloes, and toward something far more powerful: a fully engaged, enterprise-wide force for good.
With deep experience across financial services, from G-SIFIs to fintechs, Elena brings both strategic insight and hard-earned lessons from the field. She shares why operational risk must be reimagined, not as a compliance exercise, but as a people-powered, forward-looking discipline that drives real impact. Together, they discuss what distinguishes effective operational risk from empty frameworks, how to dismantle siloes that isolate risk professionals, and why conversation, culture, and connection are essential to delivering outcomes that matter.
If you’re ready to leave behind fragmented models and engage risk as a dynamic, interactive driver of strategy, culture, and resilience, this episode is your star map.

In this episode of Risk Is Our Business, we embark on a journey with two forward-thinking leaders from Deloitte, Daniel Jørgensen and Rasmus Krighaar, who are reshaping the landscape of risk management and compliance. With deep expertise in AI, machine learning, advanced analytics, and GRC, they discuss the evolution of governance, risk, and compliance (GRC)—not just from a technological standpoint, but from a mentality perspective.
The conversation dives into Denmark’s unique compliance culture, where the cherished tradition of following rules has shaped its approach to risk management. Daniel and Rasmus explore how this cultural commitment to compliance has positioned Denmark as a leader in various fields, from regulation to governance.
Later, the discussion shifts to Denmark’s leadership in ESG, where Daniel and Rasmus highlight how the country’s commitment to sustainability is setting a global standard.
The episode also covers how AI is transforming GRC, enabling smarter, faster decisions, and how Deloitte is embracing the rise of digital twins to drive the next wave of innovation in GRC.
Join us on this cosmic journey as Daniel and Rasmus navigate the complex intersection of culture, technology, and governance—boldly going where few have gone before.

In this episode of Risk Is Our Business, Captain Michael Rasmussen is joined by Franck Baron—President of IFRIMA and Group General Manager for Risk Management & Insurance at International SOS—for a deep-space dive into the evolving world of enterprise risk. With a career spanning Mars to Danone, AXA to Firmenich, and leadership roles across Europe and Asia-Pacific, Franck offers a global perspective few can match.
They explore how the risk profession has changed over the years, and why those changes matter. From the growing confusion between risk and compliance to the cultural divides between U.S., European, and Asia-Pacific approaches, Franck unpacks the nuance behind the titles and frameworks. He makes the case for keeping risk and compliance distinct, even in a world where compliance risks are rising fast.
Most importantly, they ask the question: what does good risk management really look like inside an organization? Franck shares what works, what doesn’t, and how risk leaders can earn influence not by shouting the loudest, but by enabling better decisions, stronger resilience, and clearer strategy.
If you’ve ever felt like your risk program was stuck in orbit, this conversation might just give you the coordinates to chart a new course.

In this episode of Risk Is Our Business, Captain Michael Rasmussen welcomes aboard Laura Fox, Risk Director at AstroPay, for a high-warp journey through the risk galaxy. Laura reflects on her experience as a woman navigating a still male-dominated corner of the business universe, and why diverse leadership isn’t just a nice-to-have—it reshapes how teams approach uncertainty, challenge groupthink, and make smarter decisions.
She also tackles the great divide between best practice and boots-on-the-ground reality. From under-resourced teams to overengineered frameworks, Laura shares where theory often falls short—and how to bridge that gap without losing sight of what actually works.
From building risk frameworks from scratch to spotting the strategic opportunities others miss, Laura shows us what it takes to bring risk out of the engine room and into the command deck—where it belongs.
Tune in as they boldly go beyond the compliance checkbox and into the vibrant unknown of proactive, people-first risk leadership.