Risk is Our Business

In this episode of Risk Is Our Business, Captain Michael Rasmussen welcomes Richard Chambers, Senior Advisor at AuditBoard and one of the most influential voices in internal audit and assurance, to discuss how risk, audit, and compliance have evolved in a decade defined by unprecedented velocity and volatility.
Richard reflects on the shifting mindset across GRC—from static frameworks and predictable cycles to a world where risk signals move fast, interdependencies compound, and organizations must adapt with greater speed and clarity than ever before.
The conversation draws a sharp distinction between good and bad audit in this environment. Bad audit is adversarial, a corporate police force focused on fault-finding and paperwork. Good audit is a value protector, a trusted partner helping management navigate uncertainty, make sound decisions, and keep the organization moving toward its objectives. If the business fears internal audit, something fundamental is broken.
They then examine modern risk management, emphasizing that effective programs are grounded in realistic assessments of likelihood and materiality, not abstract heat maps or theatrical risk registers. Risk is not something to be avoided; it is something to be understood so the organization can move with intention.
Compliance enters the discussion as well, particularly the cultural divide between the U.S.’s checkbox-heavy approach and Europe’s more risk-based, integrity-oriented model. Compliance, Richard argues, is ultimately about who the organization chooses to be.
The episode closes by looking ahead five years—where AI, automation, and intelligence-driven assurance will shape the role of audit, risk, and compliance. The mission remains the same, but the tools and tempo of the work are changing at warp speed.

In this episode of Risk Is Our Business, Captain Michael Rasmussen beams aboard Ana Valdez Rodgers, VP of Internal Audit, and Melissa Pici, Global Director of Governance, Risk & Compliance, of Syniverse to talk about what really keeps GRC leaders up at night.
They dive into how GRC isn’t about ticking boxes but about aligning governance, risk, and compliance with the organization’s purpose and strategy. Drawing on Syniverse’s experience, Ana and Melissa share how their Risk and Assurance Council helps shape culture, break silos, and make GRC part of everyday decision-making, not just a quarterly ritual.
They also reflect on Syniverse’s GRC Trailblazer Award, what it took to earn it, and why lasting success starts with strategy and process before technology ever enters the room. Because GRC isn’t something you buy, it’s something you do.
As the conversation turns forward-looking, they chart where Syniverse’s GRC program is headed next, envisioning a future where alignment, automation, and purpose drive risk strategy. Because as Captain Kirk once said, risk is our business, and as this episode reminds us, a business that doesn’t take risks is a business out of business.

In this episode of Risk Is Our Business, Captain Michael Rasmussen beams aboard Renee Murphy, independent analyst, storyteller, and founder of The Storyteller’s Circle, to reflect on insights emerging from a recent workshop they led together. One theme rose quickly to the surface: are risk registers keeping pace with reality, or are many organizations still flying with decade-old assumptions?
They explore how today’s emerging risks, from AI misuse and deepfakes to data poisoning and automated misinformation, demand more than recycled top-10 lists and stale heat maps. If the world is shifting at warp speed, risk management must evolve its star charts too.
From there, the conversation jumps to the bridge of the Enterprise (naturally). Renee and Michael unpack the risk postures of Starfleet captains and how every organization needs the right mix of boldness and restraint to navigate uncertainty without flying the ship into a spatial anomaly.
They round out the episode exploring the fear and promise of AI—not as a looming replacement for the crew, but as a co-pilot that enhances perception, speeds analysis, and reveals risks before red alerts sound.
Because great risk management doesn’t just brace for the unknown, it boldly goes toward it with intelligence, imagination, and the right crew at the helm.

In this episode of Risk Is Our Business, Captain Michael Rasmussen beams aboard Ernest Legrand, CEO, technologist, and author of Guardians of Uncertainty: The Making of Influential Risk Managers in the Modern World, to explore what it really means to lead through volatility.
Drawing on lessons from his book and decades of experience across insurance, AI, and geospatial technology, Ernest discusses how elite risk managers transform uncertainty into strategy. Together, they chart the evolution of risk leadership,  from compliance and insurance frameworks to dynamic decision-making built on data, foresight, and empathy.
From the human side of decision-making to the architecture of trust, Ernest shares lessons from the world’s top risk leaders, those who turn unpredictability into opportunity, and governance into a living, adaptive system.
For executives, risk professionals, and board leaders alike, this episode offers a reminder that uncertainty isn’t a void to avoid, it’s the terrain of leadership itself.

In this episode of Risk Is Our Business, Captain Michael Rasmussen beams aboard Richard Anderson, Chair, Non-Executive Director, and host of The Risk Appetite Podcast, to explore what separates bad risk management from good, and why so many organizations still get it wrong.
Together they chart the difference between process-driven compliance and purpose-driven risk. Bad risk management, they argue, is obsessed with heat maps, registers, and rituals; good risk management understands context, links to objectives, and drives intelligent decision-making.
The discussion turns to the UK landscape, where Richard and Michael assess whether organizations are truly getting risk management right. The answer, as ever, depends, on sector, circumstance, and above all, personality. From there, the conversation warps into the heart of governance i.e., risk appetite—not as a box-ticking exercise, but as a compass defined by context and aligned with objectives.
They close by examining risk culture and communication, emphasizing how scenario planning and storytelling can help leaders make sense of uncertainty. For anyone trying to bridge the gap between compliance and comprehension, this episode is a navigational chart for risk done right, because every enterprise, at warp or impulse, needs to know just how much uncertainty it can handle.

In this episode of Risk Is Our Business, Captain Michael Rasmussen beams aboard Renee Murphy, independent industry analyst, storyteller, and one of the most recognizable voices in GRC, to tackle one of the most misunderstood dimensions of risk: reputation.
Renee explains why reputational risk remains so elusive for many organizations, and why ERM frameworks often have metrics for finance and operations but almost none for reputation, customer experience, or employee experience. Together, they dissect recent examples of brand turbulence (from Cracker Barrel to Anheuser-Busch to Target) and explore why reputational fallout can and should be quantified. 
The conversation ventures into ESG and stewardship, showing how environmental and social commitments carry enormous reputational weight and why they can’t be managed in isolation. Renee emphasizes the need for risk leaders to engage with every department, especially sales and marketing, since some of the biggest reputational crises are born from campaigns gone wrong.
For boards, CROs, and GRC professionals, this episode reframes reputational risk not as an abstract concept but as a measurable, manageable force that determines whether your organization is trusted or left adrift in the void.

In this episode of Risk Is Our Business, Captain Michael Rasmussen beams aboard Amir Ramezanpour, Vice President of Global Risk Technology and Intelligence, and Global Risk Transformation Office at Manulife, to explore how risk must be defined, framed, and operationalized in a world of constant unpredictability.
Michael and Amir both lean on ISO 31000’s central principle, risk as the effect of uncertainty on objectives, to emphasize why context and clarity of objectives are mission-critical. From there, the conversation dives into risk intelligence, and how organizations can plan for the unplannable by building frameworks and operations designed to thrive in turbulence.
They explore engagement with the first line of defense, asking whether risk is still seen as a bureaucratic pain or whether it can become a trusted partner in helping leaders make better business decisions. Amir shares his vision for how agentic AI and digital twins will power the future of risk management, automating the routine, enabling what-if scenario planning, and equipping leaders to simulate futures before charting their course.
Rather than striving to eliminate uncertainty, Amir reminds us that the real mission is to navigate it. By grounding risk in objectives, engaging the first line as active copilots, and harnessing new tools like risk intelligence and AI-driven simulations, leaders can transform unpredictability into strategic advantage. For those ready to lead at warp, the path forward is to embrace uncertainty with purpose, clarity, and resilience.

In this warp-speed episode of Risk Is Our Business, Captain Michael Rasmussen connects across the comms with Akira Muranaka, GRC/IRM/ESG Technology Manager and global risk assurance veteran, to explore how enterprises can reimagine GRC as a driver of objectives rather than a compliance checkbox.
Akira explains why the future of risk management depends on moving away from ritualistic controls and toward a risk-based approach that enables the business to take the right risks with confidence. Together, they navigate the question every enterprise faces: should GRC run on a single monolithic platform, or is the future an architecture of integrated technologies stitched together to match organizational needs?
The discussion dives into what Akira looks for in GRC tools, the core capabilities that matter most for scalability, resilience, and trust. From there, they scan the horizon: what GRC technology and the risk programs they support will look like in the next five years, as AI, automation, and architecture reshape how enterprises govern uncertainty.
For GRC leaders, technologists, and boards alike, this episode is a star chart to the next era of digital trust, one where GRC isn’t trapped in compliance nebulas but powered by risk engines designed to accelerate the enterprise mission.

In this bridge-level episode of Risk Is Our Business, Captain Michael Rasmussen beams aboard Tayler Kuhn, Director of Internal Audit, IT, and Jeanne Cline, Chief Audit Executive at StoneX Group Inc., to explore the evolving role of internal audit in the GRC galaxy.
Their discussion begins with how internal audit has changed over the years, from back-office compliance to a strategic function collaborating across governance, risk, and compliance. They highlight the mission-critical truth that a business not taking risks is a business out of business, and that internal audit’s role is to help the enterprise understand, navigate, and take the right risks.
The conversation explores how technology is reshaping both GRC broadly and internal audit specifically at StoneX, including how AI is already influencing assurance work and where it’s headed. Tayler and Jeanne share their vision of the next 2–3 years, where the internal audit profession is more automated and data-driven, spending less time on testing and manual work and more time analyzing risks, understanding interconnectivity, and supporting strategic decisions.
They also confront the identity of the profession itself, whether to call it internal audit or assurance, and how that language shift reflects a broader transformation in purpose. At warp speed, this episode charts a course for internal auditors and GRC leaders alike to move beyond testing artifacts, toward enabling resilience, strategy, and performance

In this transmission of Risk Is Our Business, Captain Michael Rasmussen connects across the comms with Ayoub Fandi, Security Assurance Automation Team Lead at GitLab and founder of the GRC Engineer Podcast and Newsletter, for a deep dive into what might be the next frontier of governance, risk, and compliance: GRC engineering.
Ayoub explains what GRC engineering is, what it does, and the value it provides, moving GRC away from after-the-fact verification and closer to the design phase, where software engineering problem-solving can be applied to solve long-standing compliance and assurance challenges. Together, they map out the core elements of GRC engineering, explore where it should be applied, and ask whether its cyber-heavy focus today limits its potential, or whether it’s destined for broader adoption across the enterprise galaxy.
The conversation also scans the role of agentic AI in this evolving discipline, from automating repetitive assurance checks to embedding risk intelligence directly into systems that power organizational strategy. Along the way, they highlight how GRC engineering can transform perception, from compliance burden to strategic enabler, much like replacing impulse drives with warp cores.
GRC engineering is a structural shift. For GRC leaders, engineers, and innovators, this is a star chart to the future of assurance and resilience.