Risk is Our Business

Michael Rasmussen
  • 5.0 (4)
  • BUSINESS

Welcome to Risk Is Our Business, where we explore the principles of Governance, Risk Management, and Compliance — to reliably achieving objectives, navigating uncertainty, and act with integrity. Here, we follow the Prime Directive of Risk Management: No decision or strategy moves forward without understanding its impact on our objectives, our resilience, and our values. Because risk isn’t the enemy, it’s the mission. After all, risk is our business. Join us as we go boldly into the world of GRC.

  1. 3D AGO

    Beyond Controls: Rebuilding the Risk Engine with Amir Ramezanpour

    In this return episode of Risk Is Our Business, Captain Michael Rasmussen welcomes back Amir Ramezanpour to unpack the thinking behind his new book, Beyond Controls: Reshaping Risk Into Intelligent Advantage. The conversation begins with a direct challenge to risk managers: too much of risk management is still focused on controls. Controls that validate compliance. Controls that document activity. Controls that comfort regulators. But in an AI-driven, high-velocity environment, are controls alone enough? Amir explains why the title Beyond Controls is intentionally provocative and why some initially resist it while agreeing with the substance. The core argument is not about removing controls, but about elevating risk into something more powerful: risk intelligence. That means turning fragmented risk data into meaningful insight that helps leaders make better decisions amid uncertainty. They explore how good risk intelligence supports business objectives, how it enables clarity rather than bureaucracy, and how organizations can move from static oversight to more adaptive, learning-oriented models. The discussion also touches on the role of AI, agentic AI, and digital twins, not as hype, but as tools that can help organizations anticipate rather than simply react. Finally, Amir shares practical advice for leaders who want to begin building this vision today—start with mindset, anchor to objectives, and design systems that support decisions, not just documentation. If traditional risk management built stronger guardrails, this episode asks how we build something smarter, an engine that helps the enterprise move forward with confidence.

    35 min

  2. FEB 9

    Steering Through Uncertainty: Enterprise Risk at Rolls-Royce with Chyono Flynn

    In this episode of Risk Is Our Business, Captain Michael Rasmussen is joined by Chyono Flynn, Head of Enterprise Risk Management at Rolls-Royce, for a candid conversation about the realities of running risk management inside one of the world’s most complex engineering organizations. They begin with what really keeps risk leaders awake at 2 a.m., which is not abstract frameworks, but execution risk, governance expectations, and whether the organization truly understands its most critical exposures. From there, the discussion moves into the UK Corporate Governance Code, with particular focus on Provision 29, and what it means in practice for boards, executives, and risk teams responsible for viability and long-term resilience. Chyono and Michael draw clear distinctions between bad risk management  (compliance-driven, disconnected, and report-heavy) and good risk management that engages the business, informs decisions, and earns trust at the executive and board level. They explore how to communicate the value of risk in a way that resonates, how to build and sustain a healthy risk culture, and why partnership matters more than policing. They also discuss the role of technology as an enabler rather than a solution in itself, and how tools must support judgement, insight, and dialogue rather than replace them. This episode offers a grounded look at what enterprise risk management looks like when governance expectations are high, stakes are real, and risk must help the organization stay on course, even when the pressure is on and sleep is in short supply.

    32 min

  3. FEB 2

    Before the Alarm Sounds: Risk Intelligence, Presilience, and Leadership with Fayadh Alenezi

    In this episode of Risk Is Our Business, Captain Michael Rasmussen is joined by Fayadh Alenezi, strategic risk leadership architect and presilience advisor, for a candid discussion on where risk management stands today and where it needs to go next. They begin by unpacking the current state of practice and what works, what doesn’t, and why too much risk management still feels like process without purpose. From there, the conversation moves into risk intelligence and the importance of good information, meaningful insight, and decision-relevant signals rather than noise. Fayadh introduces the concept of presilience, shifting the focus from reacting to disruption toward building the foresight and decision capability to stay ahead of it. This naturally leads into a deeper discussion on risk leadership and what distinguishes strong risk leaders from framework managers, and why mindset, judgment, and clarity matter as much as models and data. They also explore risk culture, with particular attention to the Middle East and Saudi Arabia, where cultural context, leadership norms, and rapid transformation shape how risk is perceived and practiced. The discussion connects these themes to Vision 2030, and how it is acting as a catalyst for more mature, strategic, and leadership-driven approaches to risk management across the Kingdom. Rather than treating risk as a compliance obligation, this episode reframes it as a leadership discipline—one rooted in intelligence, culture, and the ability to act with confidence before the alarm sounds.

    27 min

  4. JAN 26

    Risk, Resilience, and Vision 2030: The Future of GRC in Saudi Arabia with Thamer Al Hamed

    Recorded live at the GPRC Summit in Riyadh, this episode of Risk Is Our Business features Thamer Al Hamed, Executive General Manager of GRC and Data Management, in a timely conversation on how risk management and resilience are converging as strategic capabilities in Saudi Arabia. Michael and Thamer explore the relationship between risk and resilience, asking whether they truly belong together and how that relationship changes at national and organizational scale. The discussion then turns to the Saudi context, examining both the challenges and the opportunities shaping the evolution of GRC across the Kingdom. A central theme is Vision 2030, and the role GRC plays in enabling it. Thamer explains how Vision 2030 has become a powerful catalyst for the growth and maturity of governance, risk, and compliance practices—shifting GRC from a supporting function into a strategic enabler of transformation, accountability, and long-term value creation. They also discuss how GRC is being received across organizations, how mindsets are changing, and what it takes for risk management to move beyond formality and into real decision support. The conversation closes with Thamer reflecting on his own career journey and how he sees both his role, and the broader GRC landscape in Saudi Arabia, evolving as 2030 approaches. This episode offers a clear window into how risk, resilience, and governance are being redefined in one of the world’s fastest-moving transformation agendas.

    22 min

  5. JAN 19

    Red Alerts and False Signals: Separating Real Risk Intelligence from GRC Noise with Stefan Gershater

    In this return voyage of Risk Is Our Business, Captain Michael Rasmussen reconnects with Stefan Gershater for a candid, occasionally interrupted conversation from opposite ends of a video call—a fitting setup for a discussion about signal, noise, and what actually matters in modern risk management. The episode centers on the real value of risk and GRC software, and how leaders should measure it. Stefan brings a healthy skepticism to the conversation, challenging an industry that too often sells efficiency for efficiency’s sake. Over dinner in London, he recalls receiving a message from a vendor promising to save him 80% of his time. His reaction was blunt: No one cares how hard risk teams work, they care about outcomes, decisions, and results. From there, the discussion explores what risk leaders should actually evaluate in risk technology. Rather than control-heavy platforms built primarily for compliance, Stefan argues for solutions designed to support value creation, decision-making, and the achievement of objectives. They unpack what “good” looks like when it comes to risk data, data strategy, and visualization, and why many tools still struggle to present risk in ways the business can act on. As the conversation turns to how risk technology should evolve, reality intervenes. A call from Stefan’s CEO pulls him away from the bridge mid-discussion, an unscripted reminder that risk management doesn’t live in dashboards or demos, but in the real-time demands of leadership. This episode is a sharp look at why not all risk software deserves a place on the bridge, and why separating meaningful intelligence from false alerts has never mattered more.

    27 min

  6. JAN 12

    Beyond the Security Console: Digital Risk and Resilience on the Bridge with Christopher Hetner

    In this episode of Risk Is Our Business, Captain Michael Rasmussen is joined by Christopher Hetner, Senior Cyber Risk Advisor serving the boardroom community and former senior cybersecurity advisor to the Chair of the U.S. Securities and Exchange Commission. The conversation opens by tackling a deceptively simple question: what do we even call this space anymore? Information security, IT security, cybersecurity, cyber risk, digital risk, digital resilience — are these distinct disciplines with meaningful nuance, or different labels for the same underlying reality? Christopher and Michael unpack how language shapes expectations, accountability, and how risk is understood across the enterprise. From there, they dive into Michael’s widely discussed essay, “The CISO Is Dead: A Eulogy and a Resurrection,”exploring why the title provoked resistance while the substance resonated. The discussion reframes the modern CISO not as a narrow security operator, but as a steward of digital risk and resilience in a world where every function, product, and decision carries a digital footprint. They explore the dangers of cybersecurity leaders operating in isolation, the limits of traditional security-centric models, and why cyber risk can no longer live on its own island. The conversation then turns to the boardroom, what directors tend to understand about cyber and digital risk, where gaps remain, and how risk leaders can engage boards more effectively by shifting from technical reporting to strategic navigation. Rather than treating cyber risk as a technical problem to be delegated, this episode makes the case for digital risk and resilience as a bridge-level responsibility, one that requires shared ownership, clearer language, and leadership capable of steering the enterprise through an increasingly interconnected and uncertain risk universe.

    27 min

  7. JAN 5

    Keeping Time on the Bridge: The Rhythm of Risk with Bradley Jewett

    In this episode of Risk Is Our Business, Captain Michael Rasmussen opens a subspace channel with Bradley Jewett, Chief Financial Officer at LeadVenture and a seasoned operating executive who helped shape enterprise risk management inside Microsoft and BMC Software. The discussion begins by contrasting bad risk management (periodic, siloed, and designed to check a box) with good risk management that actively informs how organizations make decisions. From there, Brad introduces the philosophy he championed at Microsoft: the Rhythm of Risk. Rather than positioning risk as a separate function, Brad describes an approach where risk management keeps pace with the enterprise itself. Strategic planning cycles, annual operating plans, mergers and acquisitions, audit planning, SEC reporting, investor communications, and product roadmaps all become natural moments for risk to surface and influence outcomes. Risk moves in time with the business, strategic and operational, top-down and bottom-up. Recorded over a live video link, the conversation also explores how this mindset was received by leadership, what it took to set expectations that risk should shape daily decisions, and why aligning risk to the organization’s cadence is far more effective than standalone frameworks or annual exercises. The episode offers a practical, experience-led perspective on what it means to keep risk on the bridge, not as a warning light, but as a steady navigational rhythm guiding the enterprise through uncertainty at warp speed.

    21 min

  8. 12/15/2025

    From Hazards to Horizons: Charting Opportunity Risk at Warp with Nordex’s Risk Command Crew

    In this episode of Risk Is Our Business, Captain Michael Rasmussen beams into a cross-continental conversation with Karsten Findeis, Head of Risk Management at Nordex Group, and Dr. Ayman Nagi, Corporate Risk Manager, for a deep look at how risk maturity evolves inside a global renewable-energy manufacturer. They discuss how Nordex has transformed its risk mindset over the past decade, shifting from a compliance-driven obligation to a strategic discipline that captures both risks and opportunities. By treating risk as the effect of uncertainty on objectives, the team explains how they’ve moved beyond the old hazard-and-harm framing to a more balanced, value-creating approach that resonates across the business. Karsten and Ayman share how Nordex built trust with the organization, how the perception of risk has shifted from burden to business partner, and why logging opportunities alongside risks reflects a more advanced, enterprise-wide understanding of uncertainty. They also dig into IDW PS 340, how its requirements have sharpened their processes, and how implementing the right technology elevated data quality, reporting, and decision-making across the fleet. They also chart where risk management at Nordex is headed in the coming years, from enhanced digital twins to deeper integration with strategic planning and operational execution. For organizations navigating uncertain markets, the Nordex journey offers a blueprint for turning risk into propulsion rather than drag.

    21 min
See All (45)

Ratings & Reviews

5
out of 5
4 Ratings

About

Welcome to Risk Is Our Business, where we explore the principles of Governance, Risk Management, and Compliance — to reliably achieving objectives, navigating uncertainty, and act with integrity. Here, we follow the Prime Directive of Risk Management: No decision or strategy moves forward without understanding its impact on our objectives, our resilience, and our values. Because risk isn’t the enemy, it’s the mission. After all, risk is our business. Join us as we go boldly into the world of GRC.

Information

  • Creator
    Michael Rasmussen
  • Years Active
    2025 - 2026
  • Episodes
    45
  • Rating
    Clean
  • Copyright
    © Copyright 2025 All rights reserved.
  • Show Website
    Risk is Our Business