In this episode of Risk Is Our Business, Captain Michael Rasmussen beams aboard Renee Murphy, independent industry analyst, storyteller, and one of the most recognizable voices in GRC, to tackle one of the most misunderstood dimensions of risk: reputation.

Renee explains why reputational risk remains so elusive for many organizations, and why ERM frameworks often have metrics for finance and operations but almost none for reputation, customer experience, or employee experience. Together, they dissect recent examples of brand turbulence (from Cracker Barrel to Anheuser-Busch to Target) and explore why reputational fallout can and should be quantified.

The conversation ventures into ESG and stewardship, showing how environmental and social commitments carry enormous reputational weight and why they can’t be managed in isolation. Renee emphasizes the need for risk leaders to engage with every department, especially sales and marketing, since some of the biggest reputational crises are born from campaigns gone wrong.

For boards, CROs, and GRC professionals, this episode reframes reputational risk not as an abstract concept but as a measurable, manageable force that determines whether your organization is trusted or left adrift in the void.

In this episode of Risk Is Our Business, Captain Michael Rasmussen beams aboard Amir Ramezanpour, Vice President of Global Risk Technology and Intelligence, and Global Risk Transformation Office at Manulife, to explore how risk must be defined, framed, and operationalized in a world of constant unpredictability.

Michael and Amir both lean on ISO 31000’s central principle, risk as the effect of uncertainty on objectives, to emphasize why context and clarity of objectives are mission-critical. From there, the conversation dives into risk intelligence, and how organizations can plan for the unplannable by building frameworks and operations designed to thrive in turbulence.

They explore engagement with the first line of defense, asking whether risk is still seen as a bureaucratic pain or whether it can become a trusted partner in helping leaders make better business decisions. Amir shares his vision for how agentic AI and digital twins will power the future of risk management, automating the routine, enabling what-if scenario planning, and equipping leaders to simulate futures before charting their course.

Rather than striving to eliminate uncertainty, Amir reminds us that the real mission is to navigate it. By grounding risk in objectives, engaging the first line as active copilots, and harnessing new tools like risk intelligence and AI-driven simulations, leaders can transform unpredictability into strategic advantage. For those ready to lead at warp, the path forward is to embrace uncertainty with purpose, clarity, and resilience.

In this warp-speed episode of Risk Is Our Business, Captain Michael Rasmussen connects across the comms with Akira Muranaka, GRC/IRM/ESG Technology Manager and global risk assurance veteran, to explore how enterprises can reimagine GRC as a driver of objectives rather than a compliance checkbox.

Akira explains why the future of risk management depends on moving away from ritualistic controls and toward a risk-based approach that enables the business to take the right risks with confidence. Together, they navigate the question every enterprise faces: should GRC run on a single monolithic platform, or is the future an architecture of integrated technologies stitched together to match organizational needs?

The discussion dives into what Akira looks for in GRC tools, the core capabilities that matter most for scalability, resilience, and trust. From there, they scan the horizon: what GRC technology and the risk programs they support will look like in the next five years, as AI, automation, and architecture reshape how enterprises govern uncertainty.

For GRC leaders, technologists, and boards alike, this episode is a star chart to the next era of digital trust, one where GRC isn’t trapped in compliance nebulas but powered by risk engines designed to accelerate the enterprise mission.

In this bridge-level episode of Risk Is Our Business, Captain Michael Rasmussen beams aboard Tayler Kuhn, Director of Internal Audit, IT, and Jeanne Cline, Chief Audit Executive at StoneX Group Inc., to explore the evolving role of internal audit in the GRC galaxy.

Their discussion begins with how internal audit has changed over the years, from back-office compliance to a strategic function collaborating across governance, risk, and compliance. They highlight the mission-critical truth that a business not taking risks is a business out of business, and that internal audit’s role is to help the enterprise understand, navigate, and take the right risks.

The conversation explores how technology is reshaping both GRC broadly and internal audit specifically at StoneX, including how AI is already influencing assurance work and where it’s headed. Tayler and Jeanne share their vision of the next 2–3 years, where the internal audit profession is more automated and data-driven, spending less time on testing and manual work and more time analyzing risks, understanding interconnectivity, and supporting strategic decisions.

They also confront the identity of the profession itself, whether to call it internal audit or assurance, and how that language shift reflects a broader transformation in purpose. At warp speed, this episode charts a course for internal auditors and GRC leaders alike to move beyond testing artifacts, toward enabling resilience, strategy, and performance

In this transmission of Risk Is Our Business, Captain Michael Rasmussen connects across the comms with Ayoub Fandi, Security Assurance Automation Team Lead at GitLab and founder of the GRC Engineer Podcast and Newsletter, for a deep dive into what might be the next frontier of governance, risk, and compliance: GRC engineering.

Ayoub explains what GRC engineering is, what it does, and the value it provides, moving GRC away from after-the-fact verification and closer to the design phase, where software engineering problem-solving can be applied to solve long-standing compliance and assurance challenges. Together, they map out the core elements of GRC engineering, explore where it should be applied, and ask whether its cyber-heavy focus today limits its potential, or whether it’s destined for broader adoption across the enterprise galaxy.

The conversation also scans the role of agentic AI in this evolving discipline, from automating repetitive assurance checks to embedding risk intelligence directly into systems that power organizational strategy. Along the way, they highlight how GRC engineering can transform perception, from compliance burden to strategic enabler, much like replacing impulse drives with warp cores.

GRC engineering is a structural shift. For GRC leaders, engineers, and innovators, this is a star chart to the future of assurance and resilience.

In this stardate transmission of Risk Is Our Business, Captain Michael Rasmussen beams in Emma Price, Deloitte Partner and UK Enterprise Risk Management Lead, to chart how risk management has transformed across decades, and where it’s set to warp next.

Their voyage begins with language itself: from business continuity and disaster recovery to the all-encompassing term “resilience.” Emma explains why substituting “risk” with “resilience” often earns more traction in boardrooms and beyond, and how resilience can unify disciplines too often stranded in siloes. From there, they confront the bad and ugly of risk programs, such as isolated operations, failure to account for interconnectivity, and compliance exercises masquerading as strategy.

The discussion moves through third-party risk, the growing role of external intelligence on geopolitical, economic, and regulatory turbulence, and the big drivers shaping risk programs in the UK today. Emma and Michael scan the horizon of ERM’s future, from strategy and technology to the value of managed services, and debate how risk leaders can avoid drifting into orbit around checklists and instead plot resilient, forward-facing courses.

For risk officers, boards, and strategists, this episode is a navigational chart across the risk nebula, and a reminder that the enterprise mission demands not paperwork, but perspective, integration, and resilience at warp speed.

In this star-mapping episode of Risk Is Our Business, Captain Michael Rasmussen beams aboard Tony Martin-Vegue, risk consultant, advisor, and author of the upcoming book Heatmaps to Histograms: A Practical Guide to Cyber Risk Quantification. With 25 years navigating the galaxy of cyber risk, Tony has guided enterprises from the gravitational pull of checklists and color-coded charts into the warp lanes of defensible, quantitative analysis.

Their journey begins with the dark matter of bad risk management: programs designed to placate auditors, check boxes, or reassure customers without truly informing decisions. From there, they plot a course toward what good risk management looks like—proactive, integrated, and tied directly to organizational objectives. Tony traces the lineage of risk management back to the late 1600s, when probability theory first emerged, showing how centuries of thinking have led us to today’s crossroads.

The conversation dives into heatmaps, when they can still provide navigational value, and when they collapse under the weight of oversimplification. From there, they move to the promise of histograms, simulations, and CRQ models that help businesses not only understand thresholds and acceptable levels of risk, but also chart their path with clarity and confidence.

For CISOs, CROs, and risk leaders, this episode is both history lesson and star chart, a reminder that risk management isn’t about artifacts to prove you exist, but about enabling the mission. If your current program is orbiting in circles, this is the transmission that will help you break free, align your coordinates, and accelerate to warp speed.

In this mission-critical episode of Risk Is Our Business, host Michael Rasmussen opens the comms with Hardik Mehta, Global Head of Risk and Regulatory Compliance at JPMorgan Chase. With two decades of experience across Uber, Microsoft, and global advisory firms, Hardik has charted risk programs that span continents, cloud migrations, and regulatory galaxies.

Their conversation starts with what keeps him up at night: the turbulence of geopolitical risk, ever-changing regulations, data security challenges, and the inertia of legacy platforms slowing cloud adoption. From there, they examine what bad risk management looks like (siloed programs cut off from strategy) versus what good risk management should deliver (i.e., integrated, technology-enabled frameworks that guide the enterprise toward its objectives).

Resilience comes to the forefront as Hardik explains how he weaves it into risk strategy, not as an afterthought but as a forward-facing capability. He emphasizes the need for both left-brain precision in quantification and right-brain imagination in creative foresight, a duality essential for navigating uncertainty. The discussion explores the technologies enabling better risk programs today, the role of risk intelligence in scanning horizons, and how AI is reshaping the future of risk management.

For boards, CROs, and risk leaders, this episode is a navigational chart for transforming risk into resilience, and for steering your enterprise at warp speed toward intelligent, mission-aligned futures.