In this episode of Risk Is Our Business, Michael Rasmussen charts a course with Klaus Jaeck and Daniel Cassel of Horváth to explore the next frontier in enterprise risk management, where resilience is just the baseline, and business confidence is the true objective.

Recorded at Corporate Risk Minds 2025 in Berlin, Klaus and Daniel offer a sharp perspective on how risk management is evolving across the region, moving beyond regulatory routines and static controls into dynamic systems that align risk with strategy, trust, and decision-making agility. They unpack why trust and resilience, while critical, aren’t enough on their own, and why organizations need something more to thrive in the vast unknowns of modern business.

They also take us deep into the heart of GRC transformation in Germany—what’s working, what’s lagging, and how digitalization, ESG, and a growing risk consciousness are reshaping expectations. The conversation explores how risk leaders can act less like tactical responders and more like bridge officers, guiding the ship, not just guarding the hull.

And yes, they have fun along the way. As Klaus and Daniel say, “no risk, no fun”, but with the right GRC model, it’s a mission worth taking.

In this episode of Risk Is Our Business, Michael Rasmussen beams into EY Germany to speak with Patrick Risch and Benjamin Lüders, two senior officers on the frontier of governance, risk, and compliance transformation. Together, they explore how to navigate the multidimensional challenges of orchestrating GRC across systems, silos, and starships, otherwise known as modern enterprises.

Their mission is to create a unified command structure where GRC isn't just a regulatory afterthought, but an enterprise-wide operating model aligned with strategy, resilience, and purpose. From aligning core processes to enabling agility with cutting-edge technology, Patrick and Benjamin map out how successful organizations are shifting from fragmented control systems to integrated, mission-ready frameworks.

They also introduce the concept of digital twins, not as a sci-fi abstraction, but as real-time simulations of organizational ecosystems that help leaders monitor, adapt, and course-correct with greater precision. It’s a new model of GRC that reflects the living, breathing dynamics of business.

Finally, they reflect on the unique risks and opportunities facing German companies as they transition from traditional governance models to more dynamic, tech-enabled approaches. It's a sector where regulations are strict, expectations high, and the path to transformation requires both cultural alignment and technological firepower.

If your enterprise is preparing for deep space exploration, or simply the next compliance cycle, this episode offers a navigational chart for GRC leaders ready to break free of orbit.

In this episode of Risk Is Our Business, Michael Rasmussen beams up Graeme Keith, mathematician, strategist, and CEO of Stochastic ApS, for a charged discussion on the fundamental divide between Risk Management 1 and Risk Management 2. Spoiler alert: most organizations are stuck in RM1, clinging to risk registers, risk appetite statements, and heatmaps that do little more than appease auditors. But as Graeme explains, like the Kobayashi Maru, those are unwinnable exercises that distract from supporting decisions with logic, evidence, and quantitative clarity.

Together, they dissect the common symptoms of bad risk management: using the wrong method in the wrong context, misunderstanding what “quantification” really means, and misapplying Monte Carlo simulations in a sea of poorly designed software tools. Graeme expands on his recent GRC Report article The Misery of Risk Matrices, pushing back on the false sense of security these subjective tools create. He argues that the real R in GRC should stand for risk-informed decision-making, not retroactive compliance filler.

The episode also unpacks why the growing push toward quantification often defaults to Monte Carlo analysis. Graeme offers a breakdown of where Monte Carlo simulations shine, where they fail, and what risk leaders should be asking when evaluating quantification tools and methodologies.

At warp core, this conversation is about upgrading risk from visual comfort to strategic relevance, from vague heatmaps to models that support action under uncertainty. If you’re ready to move beyond the checkbox galaxy and into the decision-making nebula, The Wrath of Math is required listening.

In this episode of Risk Is Our Business, Michael Rasmussen beams aboard Kristina Wiese Tranberg, ESG compliance leader, AI ambassador, and creator of the GRC board game GRC Master, for a lively discussion on making governance, risk, and compliance not only effective, but engaging.

With more than two decades of experience steering internal control transformations and operationalizing ESG strategy, Kristina brings a rare blend of strategic rigor and creative energy to the command deck. Together, they explore the human side of GRC, why success isn’t just about tools or frameworks, but about building cultures that do GRC, not just buy it.

Kristina shares how she developed GRC Master to make training more accessible, memorable, and yes, fun. From cross-functional collaboration to AI integration, she explains how gamification can build real fluency in GRC while strengthening control environments across the enterprise.

As they chart the path toward adaptive, people-centered operating models, it becomes clear that in the future of GRC, the technology may power the ship, but it’s the crew that makes the mission possible.

In this episode of Risk Is Our Business, host Michael Rasmussen sets course with Norman Marks, renowned author, former chief audit executive, and one of the most respected minds in the risk and audit universe, for a conversation that ventures well beyond compliance into the stars of strategy and purpose.

Drawing from his acclaimed books Auditing That Matters and World-Class Risk Management, Norman argues that risk management isn’t about playing it safe, it’s about enabling intelligent, informed decisions that propel the enterprise forward. Quoting Thomas Aquinas, Michael reminds us, “If the highest aim of a captain were to preserve his ship, he would keep it in port forever.” But in a world of shifting risks and high-stakes missions, the goal isn’t to anchor—it’s to voyage.

Together, Rasmussen and Marks explore why every objective has its own risk appetite, how to distinguish world-class internal audit from box-checking mediocrity, and what it means to embed risk into the helm of strategic decision-making.

If you’re ready to audit at warp speed and leave the port behind, this episode is your star map.

In this episode of Risk Is Our Business, Michael Rasmussen is joined by Jennifer Geary, seasoned CRO, COO, and bestselling author, for a conversation that explores risk not as a bureaucratic burden, but as a navigational system for achieving mission success.

With decades of hands-on experience across fintech, banking, NGOs, and tech, Jennifer brings both operational grit and boardroom perspective to the discussion. Together, they examine why risk management must start with organizational objectives, not with fear or compliance, and how that mindset shift unlocks true strategic value.

They also dive into the UK Corporate Governance Code and the growing influence of Provision 29. With London Stock Exchange-listed companies operating far beyond the UK, Jennifer and Michael explore how expectations for internal control and risk reporting are now rippling across countries, reshaping how boards think about assurance and oversight.

The episode also ventures into international waters, unpacking key differences in how the US and Europe approach regulation and risk culture. From fragmented American frameworks to more principles-based European regimes, the contrasts reveal both challenges and opportunities for global risk leaders.

Finally, no modern episode would be complete without AI on the radar. Jennifer shares her perspective on the emerging risks AI presents, and how risk professionals can harness AI themselves to strengthen controls, forecast threats, and evolve alongside the technology that’s redefining the enterprise.

For anyone looking to move risk from checkbox to compass, and chart a course through complexity with clarity, this episode delivers.

In this episode of Risk Is Our Business, we chart a course through the unknown with Andrew Olsen, Director of Risk Management at Stewart Title and an expert in integrated risk and third-party oversight. Andrew joins host Michael Rasmussen to explore the next frontiers of risk management, from today’s operational challenges to the emerging threats just over the horizon.

What keeps a modern risk leader up at night? For Andrew, it’s not just cyber threats or regulatory pressure, it’s the uncharted impact of artificial intelligence, the growing complexity of third-party ecosystems, and the need to evolve risk technology before it falls behind the threats it’s meant to monitor.

In this candid conversation, Andrew unpacks the real-world hurdles of vendor risk management, shares how he's currently leveraging technology to stay ahead, and lays out his vision for the future of risk tools — systems that are not just dashboards and data, but active copilots in decision-making. He also reflects on how risk teams can escape the back-office echo chamber and deliver visible, strategic value to the enterprise.

From warp-speed change to boardroom translation, this episode is a reminder that risk management isn’t about slowing down, it’s about navigating smarter.

In this episode of Risk Is Our Business, Michael Rasmussen sits down with Elena Pykohva — award-winning risk expert, international educator, and author of ' Operational Risk Management in Financial Services: A Practical Guide to Establishing Effective Solutions'. Together, they explore what it takes to move operational risk beyond checklists and siloes, and toward something far more powerful: a fully engaged, enterprise-wide force for good.

With deep experience across financial services, from G-SIFIs to fintechs, Elena brings both strategic insight and hard-earned lessons from the field. She shares why operational risk must be reimagined, not as a compliance exercise, but as a people-powered, forward-looking discipline that drives real impact. Together, they discuss what distinguishes effective operational risk from empty frameworks, how to dismantle siloes that isolate risk professionals, and why conversation, culture, and connection are essential to delivering outcomes that matter.

If you’re ready to leave behind fragmented models and engage risk as a dynamic, interactive driver of strategy, culture, and resilience, this episode is your star map.