In this episode of Risk Is Our Business, Captain Michael Rasmussen welcomes aboard Mark Heywood, writer, presenter, creative director, novelist, screenwriter, and former global crisis-management leader, for a conversation that travels well beyond the neutral zone of traditional risk models. Together, they explore why risk and resilience can’t be governed by left-brain logic alone, and why the future of the discipline requires imagination, narrative, and the kind of storytelling that has steered starships and boardrooms alike. Mark draws from his dual life in operational resilience and the arts to explain what happens when organizations rely solely on spreadsheets, heat maps, and linear thinking. They discuss how right-brain capabilities (creativity, empathy, narrative framing, and world-building) are essential for helping leaders actually understand risk, not just document it. From micro-simulations and tabletop exercises to gamification and immersive storytelling, Mark outlines how to design experiences that engage decision-makers emotionally as well as analytically. The episode charts a course into the future where logic and imagination operate in tandem, where resilience teams think like screenwriters, and where storytelling becomes a strategic asset for preparing organizations to face the unexpected at warp speed.

In this episode of Risk Is Our Business, Captain Michael Rasmussen welcomes aboard Reshad Alam, Vice President of Information Systems Security at Regal Rexnord, for a conversation about navigating risk at enterprise scale, and why the greatest threat is often the one you can’t see coming. Reshad describes the sheer scope of Regal Rexnord’s global footprint, and with it, the vast digital surface he’s responsible for protecting. What keeps him up at night isn’t any single threat vector, but the unknowns—the blind spots, the emerging risks, the things security leaders can’t yet quantify. From there, the discussion expands into the evolving nature of the CISO role, which Michael sees not as security’s gatekeeper, but as the enterprise’s digital risk and resiliency officer, a creator of digital trust. Together they explore why a company unwilling to take risks is a company on the path to irrelevance, and why the job of security is not to say “no,” but to help the business take the right risks for the right reasons. They discuss the art of engaging the business on security, shifting away from fear-based messaging and toward shared objectives, shared language, and shared accountability. The episode also looks ahead at where the CISO role is heading, and of course, no future-focused conversation would be complete without AI. Reshad shares whether it excites him or worries him, and why, despite the threats, he’s far more energized by the potential of AI to strengthen defenses, accelerate detection, and enhance digital trust across the enterprise. For security and risk leaders charting their own course through uncertainty, this episode is a reminder that the mission isn’t to eliminate the unknown, it’s to navigate it with confidence, clarity, and a willingness to boldly go where the future demands.

In this episode of Risk Is Our Business, Captain Michael Rasmussen welcomes Richard Chambers, Senior Advisor at AuditBoard and one of the most influential voices in internal audit and assurance, to discuss how risk, audit, and compliance have evolved in a decade defined by unprecedented velocity and volatility. Richard reflects on the shifting mindset across GRC—from static frameworks and predictable cycles to a world where risk signals move fast, interdependencies compound, and organizations must adapt with greater speed and clarity than ever before. The conversation draws a sharp distinction between good and bad audit in this environment. Bad audit is adversarial, a corporate police force focused on fault-finding and paperwork. Good audit is a value protector, a trusted partner helping management navigate uncertainty, make sound decisions, and keep the organization moving toward its objectives. If the business fears internal audit, something fundamental is broken. They then examine modern risk management, emphasizing that effective programs are grounded in realistic assessments of likelihood and materiality, not abstract heat maps or theatrical risk registers. Risk is not something to be avoided; it is something to be understood so the organization can move with intention. Compliance enters the discussion as well, particularly the cultural divide between the U.S.’s checkbox-heavy approach and Europe’s more risk-based, integrity-oriented model. Compliance, Richard argues, is ultimately about who the organization chooses to be. The episode closes by looking ahead five years—where AI, automation, and intelligence-driven assurance will shape the role of audit, risk, and compliance. The mission remains the same, but the tools and tempo of the work are changing at warp speed.

In this episode of Risk Is Our Business, Captain Michael Rasmussen beams aboard Ana Valdez Rodgers, VP of Internal Audit, and Melissa Pici, Global Director of Governance, Risk & Compliance, of Syniverse to talk about what really keeps GRC leaders up at night. They dive into how GRC isn’t about ticking boxes but about aligning governance, risk, and compliance with the organization’s purpose and strategy. Drawing on Syniverse’s experience, Ana and Melissa share how their Risk and Assurance Council helps shape culture, break silos, and make GRC part of everyday decision-making, not just a quarterly ritual. They also reflect on Syniverse’s GRC Trailblazer Award, what it took to earn it, and why lasting success starts with strategy and process before technology ever enters the room. Because GRC isn’t something you buy, it’s something you do. As the conversation turns forward-looking, they chart where Syniverse’s GRC program is headed next, envisioning a future where alignment, automation, and purpose drive risk strategy. Because as Captain Kirk once said, risk is our business, and as this episode reminds us, a business that doesn’t take risks is a business out of business.

In this episode of Risk Is Our Business, Captain Michael Rasmussen beams aboard Renee Murphy, independent analyst, storyteller, and founder of The Storyteller’s Circle, to reflect on insights emerging from a recent workshop they led together. One theme rose quickly to the surface: are risk registers keeping pace with reality, or are many organizations still flying with decade-old assumptions? They explore how today’s emerging risks, from AI misuse and deepfakes to data poisoning and automated misinformation, demand more than recycled top-10 lists and stale heat maps. If the world is shifting at warp speed, risk management must evolve its star charts too. From there, the conversation jumps to the bridge of the Enterprise (naturally). Renee and Michael unpack the risk postures of Starfleet captains and how every organization needs the right mix of boldness and restraint to navigate uncertainty without flying the ship into a spatial anomaly. They round out the episode exploring the fear and promise of AI—not as a looming replacement for the crew, but as a co-pilot that enhances perception, speeds analysis, and reveals risks before red alerts sound. Because great risk management doesn’t just brace for the unknown, it boldly goes toward it with intelligence, imagination, and the right crew at the helm.

In this episode of Risk Is Our Business, Captain Michael Rasmussen beams aboard Ernest Legrand, CEO, technologist, and author of Guardians of Uncertainty: The Making of Influential Risk Managers in the Modern World, to explore what it really means to lead through volatility. Drawing on lessons from his book and decades of experience across insurance, AI, and geospatial technology, Ernest discusses how elite risk managers transform uncertainty into strategy. Together, they chart the evolution of risk leadership,  from compliance and insurance frameworks to dynamic decision-making built on data, foresight, and empathy. From the human side of decision-making to the architecture of trust, Ernest shares lessons from the world’s top risk leaders, those who turn unpredictability into opportunity, and governance into a living, adaptive system. For executives, risk professionals, and board leaders alike, this episode offers a reminder that uncertainty isn’t a void to avoid, it’s the terrain of leadership itself.

In this episode of Risk Is Our Business, Captain Michael Rasmussen beams aboard Richard Anderson, Chair, Non-Executive Director, and host of The Risk Appetite Podcast, to explore what separates bad risk management from good, and why so many organizations still get it wrong. Together they chart the difference between process-driven compliance and purpose-driven risk. Bad risk management, they argue, is obsessed with heat maps, registers, and rituals; good risk management understands context, links to objectives, and drives intelligent decision-making. The discussion turns to the UK landscape, where Richard and Michael assess whether organizations are truly getting risk management right. The answer, as ever, depends, on sector, circumstance, and above all, personality. From there, the conversation warps into the heart of governance i.e., risk appetite—not as a box-ticking exercise, but as a compass defined by context and aligned with objectives. They close by examining risk culture and communication, emphasizing how scenario planning and storytelling can help leaders make sense of uncertainty. For anyone trying to bridge the gap between compliance and comprehension, this episode is a navigational chart for risk done right, because every enterprise, at warp or impulse, needs to know just how much uncertainty it can handle.

In this episode of Risk Is Our Business, Captain Michael Rasmussen beams aboard Renee Murphy, independent industry analyst, storyteller, and one of the most recognizable voices in GRC, to tackle one of the most misunderstood dimensions of risk: reputation. Renee explains why reputational risk remains so elusive for many organizations, and why ERM frameworks often have metrics for finance and operations but almost none for reputation, customer experience, or employee experience. Together, they dissect recent examples of brand turbulence (from Cracker Barrel to Anheuser-Busch to Target) and explore why reputational fallout can and should be quantified.  The conversation ventures into ESG and stewardship, showing how environmental and social commitments carry enormous reputational weight and why they can’t be managed in isolation. Renee emphasizes the need for risk leaders to engage with every department, especially sales and marketing, since some of the biggest reputational crises are born from campaigns gone wrong. For boards, CROs, and GRC professionals, this episode reframes reputational risk not as an abstract concept but as a measurable, manageable force that determines whether your organization is trusted or left adrift in the void.

In this episode of Risk Is Our Business, Captain Michael Rasmussen beams aboard Amir Ramezanpour, Vice President of Global Risk Technology and Intelligence, and Global Risk Transformation Office at Manulife, to explore how risk must be defined, framed, and operationalized in a world of constant unpredictability. Michael and Amir both lean on ISO 31000’s central principle, risk as the effect of uncertainty on objectives, to emphasize why context and clarity of objectives are mission-critical. From there, the conversation dives into risk intelligence, and how organizations can plan for the unplannable by building frameworks and operations designed to thrive in turbulence. They explore engagement with the first line of defense, asking whether risk is still seen as a bureaucratic pain or whether it can become a trusted partner in helping leaders make better business decisions. Amir shares his vision for how agentic AI and digital twins will power the future of risk management, automating the routine, enabling what-if scenario planning, and equipping leaders to simulate futures before charting their course. Rather than striving to eliminate uncertainty, Amir reminds us that the real mission is to navigate it. By grounding risk in objectives, engaging the first line as active copilots, and harnessing new tools like risk intelligence and AI-driven simulations, leaders can transform unpredictability into strategic advantage. For those ready to lead at warp, the path forward is to embrace uncertainty with purpose, clarity, and resilience.

In this warp-speed episode of Risk Is Our Business, Captain Michael Rasmussen connects across the comms with Akira Muranaka, GRC/IRM/ESG Technology Manager and global risk assurance veteran, to explore how enterprises can reimagine GRC as a driver of objectives rather than a compliance checkbox. Akira explains why the future of risk management depends on moving away from ritualistic controls and toward a risk-based approach that enables the business to take the right risks with confidence. Together, they navigate the question every enterprise faces: should GRC run on a single monolithic platform, or is the future an architecture of integrated technologies stitched together to match organizational needs? The discussion dives into what Akira looks for in GRC tools, the core capabilities that matter most for scalability, resilience, and trust. From there, they scan the horizon: what GRC technology and the risk programs they support will look like in the next five years, as AI, automation, and architecture reshape how enterprises govern uncertainty. For GRC leaders, technologists, and boards alike, this episode is a star chart to the next era of digital trust, one where GRC isn’t trapped in compliance nebulas but powered by risk engines designed to accelerate the enterprise mission.

In this bridge-level episode of Risk Is Our Business, Captain Michael Rasmussen beams aboard Tayler Kuhn, Director of Internal Audit, IT, and Jeanne Cline, Chief Audit Executive at StoneX Group Inc., to explore the evolving role of internal audit in the GRC galaxy. Their discussion begins with how internal audit has changed over the years, from back-office compliance to a strategic function collaborating across governance, risk, and compliance. They highlight the mission-critical truth that a business not taking risks is a business out of business, and that internal audit’s role is to help the enterprise understand, navigate, and take the right risks. The conversation explores how technology is reshaping both GRC broadly and internal audit specifically at StoneX, including how AI is already influencing assurance work and where it’s headed. Tayler and Jeanne share their vision of the next 2–3 years, where the internal audit profession is more automated and data-driven, spending less time on testing and manual work and more time analyzing risks, understanding interconnectivity, and supporting strategic decisions. They also confront the identity of the profession itself, whether to call it internal audit or assurance, and how that language shift reflects a broader transformation in purpose. At warp speed, this episode charts a course for internal auditors and GRC leaders alike to move beyond testing artifacts, toward enabling resilience, strategy, and performance

In this transmission of Risk Is Our Business, Captain Michael Rasmussen connects across the comms with Ayoub Fandi, Security Assurance Automation Team Lead at GitLab and founder of the GRC Engineer Podcast and Newsletter, for a deep dive into what might be the next frontier of governance, risk, and compliance: GRC engineering. Ayoub explains what GRC engineering is, what it does, and the value it provides, moving GRC away from after-the-fact verification and closer to the design phase, where software engineering problem-solving can be applied to solve long-standing compliance and assurance challenges. Together, they map out the core elements of GRC engineering, explore where it should be applied, and ask whether its cyber-heavy focus today limits its potential, or whether it’s destined for broader adoption across the enterprise galaxy. The conversation also scans the role of agentic AI in this evolving discipline, from automating repetitive assurance checks to embedding risk intelligence directly into systems that power organizational strategy. Along the way, they highlight how GRC engineering can transform perception, from compliance burden to strategic enabler, much like replacing impulse drives with warp cores. GRC engineering is a structural shift. For GRC leaders, engineers, and innovators, this is a star chart to the future of assurance and resilience.

In this stardate transmission of Risk Is Our Business, Captain Michael Rasmussen beams in Emma Price, Deloitte Partner and UK Enterprise Risk Management Lead, to chart how risk management has transformed across decades, and where it’s set to warp next. Their voyage begins with language itself: from business continuity and disaster recovery to the all-encompassing term “resilience.” Emma explains why substituting “risk” with “resilience” often earns more traction in boardrooms and beyond, and how resilience can unify disciplines too often stranded in siloes. From there, they confront the bad and ugly of risk programs, such as isolated operations, failure to account for interconnectivity, and compliance exercises masquerading as strategy. The discussion moves through third-party risk, the growing role of external intelligence on geopolitical, economic, and regulatory turbulence, and the big drivers shaping risk programs in the UK today. Emma and Michael scan the horizon of ERM’s future, from strategy and technology to the value of managed services, and debate how risk leaders can avoid drifting into orbit around checklists and instead plot resilient, forward-facing courses. For risk officers, boards, and strategists, this episode is a navigational chart across the risk nebula, and a reminder that the enterprise mission demands not paperwork, but perspective, integration, and resilience at warp speed.

In this star-mapping episode of Risk Is Our Business, Captain Michael Rasmussen beams aboard Tony Martin-Vegue, risk consultant, advisor, and author of the upcoming book Heatmaps to Histograms: A Practical Guide to Cyber Risk Quantification. With 25 years navigating the galaxy of cyber risk, Tony has guided enterprises from the gravitational pull of checklists and color-coded charts into the warp lanes of defensible, quantitative analysis. Their journey begins with the dark matter of bad risk management: programs designed to placate auditors, check boxes, or reassure customers without truly informing decisions. From there, they plot a course toward what good risk management looks like—proactive, integrated, and tied directly to organizational objectives. Tony traces the lineage of risk management back to the late 1600s, when probability theory first emerged, showing how centuries of thinking have led us to today’s crossroads. The conversation dives into heatmaps, when they can still provide navigational value, and when they collapse under the weight of oversimplification. From there, they move to the promise of histograms, simulations, and CRQ models that help businesses not only understand thresholds and acceptable levels of risk, but also chart their path with clarity and confidence. For CISOs, CROs, and risk leaders, this episode is both history lesson and star chart, a reminder that risk management isn’t about artifacts to prove you exist, but about enabling the mission. If your current program is orbiting in circles, this is the transmission that will help you break free, align your coordinates, and accelerate to warp speed.

In this mission-critical episode of Risk Is Our Business, host Michael Rasmussen opens the comms with Hardik Mehta, Global Head of Risk and Regulatory Compliance at JPMorgan Chase. With two decades of experience across Uber, Microsoft, and global advisory firms, Hardik has charted risk programs that span continents, cloud migrations, and regulatory galaxies. Their conversation starts with what keeps him up at night: the turbulence of geopolitical risk, ever-changing regulations, data security challenges, and the inertia of legacy platforms slowing cloud adoption. From there, they examine what bad risk management looks like (siloed programs cut off from strategy) versus what good risk management should deliver (i.e., integrated, technology-enabled frameworks that guide the enterprise toward its objectives). Resilience comes to the forefront as Hardik explains how he weaves it into risk strategy, not as an afterthought but as a forward-facing capability. He emphasizes the need for both left-brain precision in quantification and right-brain imagination in creative foresight, a duality essential for navigating uncertainty. The discussion explores the technologies enabling better risk programs today, the role of risk intelligence in scanning horizons, and how AI is reshaping the future of risk management. For boards, CROs, and risk leaders, this episode is a navigational chart for transforming risk into resilience, and for steering your enterprise at warp speed toward intelligent, mission-aligned futures.

In this galaxy-spanning episode of Risk Is Our Business, Captain Michael Rasmussen beams aboard Todd Fitzgerald, former Fortune 500 CISO, cybersecurity hall-of-famer, and #1 best-selling author of CISO Compass. With over 25 years navigating the outer reaches of information security, Todd has seen the CISO role evolve from the days of dial-up to today’s warp-speed threat environment. Their mission is to chart the vast and sometimes confusing constellation of terminology in our sector, from information security, to cybersecurity, to digital risk, cyber risk, and beyond, and explore why these distinctions matter when steering an enterprise through uncertainty. They trace the history of the CISO from its 1990s origins to its current form as a strategic officer on the bridge, responsible not just for defense but for enabling the business to boldly go toward its objectives. From cyber risk quantification done right (and how to make it more than a numbers game) to managing the digital supply chain and interconnected risk, Todd offers a star map of practical strategies. He tackles the long-standing perception of security as the “department of no” and reframes it as a mission-critical enabler, helping organizations comprehend what’s an acceptable risk and navigate toward opportunity without drifting into a black hole. For any security leader, risk officer, or governance professional, this episode is a tricorder reading of where we’ve been, where we’re headed, and how to ensure your cybersecurity program is aligned with the Prime Directive: enabling the mission.

In this transmission of Risk Is Our Business, host Michael Rasmussen connects over comms with Tim Leech, pioneer of Objective Centric Risk and Uncertainty Management (#OCRUM), longtime board advisor, and someone who’s spent decades trying to rescue enterprise risk from the black hole of checkbox compliance. Recorded over a long-distance call (no transporters this time), this episode dives straight into the uncomfortable truth of modern ERM often being more about optics than outcomes. Tim and Michael dismantle the illusion of risk registers and heat maps, exposing how many programs are built to pacify boards and regulators rather than support real decision-making. But Tim doesn’t stop at critique. He offers a new model, one where risk starts with the people who actually run the business, where strategy sets the coordinates, and where the board isn’t kept in the dark behind colored charts but engaged with objective-driven insight. Together, they explore how to overcome resistance across the enterprise, align the crew, and finally bring risk back to the bridge—not as an afterthought, but as a core navigational system. If your program is still flying blind on outdated frameworks, it’s time to recalibrate.

In this starlog entry of Risk Is Our Business, recorded live at the Risk-In Conference in Zurich, Captain Michael Rasmussen sits down with Pascal Busch, Global Head of ERM & BCM at Acino and creator of VirtueSpark, for a deep-space transmission on the future of enterprise risk. What keeps a seasoned risk commander up at night? Pascal opens up about the unknown anomalies in the system, such as inefficiencies, blind spots, and missed signals that still plague too many GRC programs. But he’s not just scanning for threats, he’s building the future. From digital twins to decision intelligence, Pascal charts a course toward a risk program that’s faster, smarter, and fully integrated into the mission of value creation. Together, they explore where his tech journey is today, where he wants it to be in two years, and how risk professionals can move from compliance copilots to strategic navigators, guiding organizations through the turbulence of uncertainty with precision and purpose. If your risk program feels stuck in the past, it’s time to reroute power to the engines. Because as Pascal makes clear, the future of GRC isn’t about avoiding risk, it’s about managing it at warp speed.

In this episode of Risk Is Our Business, Michael Rasmussen welcomes Stefan Gershater, Head of Risk and Governance at the Co-op, for a bold and unflinching conversation that challenges the very foundations of modern risk management. Broadcasting from the front lines of strategic uncertainty, Stefan shares insights from his forthcoming book, a deep critique of the risk orthodoxy shaped by accounting firms, software vendors, and low expectations. He argues that what passes for risk management in many boardrooms is little more than a comforting illusion—one that fails to serve strategy, enable decisions, or engage with the complexity of the real world. Together, they explore the good, the bad, and the ugly of today’s risk practices, from the myth of “risk appetite” to the misuse of assurance resources and the danger of chasing frameworks over outcomes. But this isn’t just a teardown, it’s a mission briefing. Stefan lays out how risk can be reimagined as a cognitive, analytical, and strategic asset that improves decision velocity and organizational intelligence. For risk professionals ready to break orbit and leave behind the gravitational pull of mediocrity, this episode is both roadmap and rallying cry.

Recorded live at Corporate Risk Minds 2025 in Berlin, this episode of Risk Is Our Business features a conversation with Florian Worm—risk technologist, modeling expert, and one of the sharpest minds charting the next frontier in enterprise risk. Florian joins Michael Rasmussen on the bridge to explore the processes and paradigms reshaping risk management in a world where volatility is no longer an anomaly, it’s the environment. Together, they examine the limitations of legacy frameworks, the regulatory gravity of IDW PS 340, and why good risk quantification requires more than Monte Carlo curves and dashboards. In a galaxy of noise, it’s about decision-useful insight, grounded in rigor and relevance. At the heart of the episode is a deep dive into digital twins, not as sci-fi theory, but as a real-world capability to simulate risk environments, explore alternate futures, and make better decisions in real time. Whether you're scanning for weak signals, stress-testing for resilience, or mapping out mission-critical paths, digital twins are fast becoming the warp core of forward-looking risk. For those ready to chart a new course, this episode offers a shift from static risk logs to living systems, where uncertainty is mapped, modeled, and understood.