Claim OwnershipThe Risk Wheelhouse
Subscribed: 0Played: 2
Subscribe
© 2026 Wheelhouse Advisors LLC
Description
The Risk Wheelhouse is designed to explore how RiskTech is transforming the way companies approach risk management today and into the future. The podcast aims to provide listeners with valuable insights into integrated risk management (IRM) practices and emerging technologies. Each episode will feature a "Deep Dive" into specific topics or research reports developed by Wheelhouse Advisors, helping listeners navigate the complexities of the modern risk landscape.
59 Episodes
Reverse
What happens when the firm that helped define integrated risk management turns a critical lens on the category's foundations? In this episode, analysts Ori Wellington and Sam Jones preview two major Wheelhouse Advisors research publications: The Integration Trap for GRC and the IRM50 AI Disruption Risk Index. The data reveals a surprising finding: when 50 IRM vendors are scored on structural exposure to AI disruption, market leadership and market durability turn out to be very different thing...
Growth used to win every boardroom vote. Now the data says something different: directors are prioritizing technology adoption and integration as the top 2026 investment, even as they admit their weakest expertise sits in AI, cybersecurity, and geopolitics. We unpack that paradox and show how uninformed speed turns “integration” into a superhighway for risk, unless you pair it with decision rights, embedded controls, and verifiable assurance. We trace the three forces of compression squeezin...
The ground rules of risk have changed, and waiting for the next headline won’t save the balance sheet. We take you inside “The 2026 Convergence: Integrated Risk Management in a New Era” and map how cyber, AI, third parties, geopolitics, and reputation have fused into one risk surface. Instead of chasing alerts, we focus on disruption economics: what a breach costs per minute, which processes bleed first, and how quickly you can recover without compounding fines. Cyber stops being an IT story ...
Shiny demos are everywhere, but what if that “next-gen SaaS” risk platform is still a construction zone under the hood? We unpack the Risk Tech Buyer Trap and show how modern UIs and AI buzz can disguise where vendors really are on the path to true integration maturity. Our conversation breaks down a clear four-stage transformation sequence—SaaS foundation, experience reset, object model stabilization, and finally productized integration—so you can pinpoint a platform’s real readiness and avo...
Risk work that lives in reports but not in decisions is a hidden tax on performance. We tackle that problem head-on by unpacking the IRM Navigator, an operating model that connects standards and roles to the real systems and moments where choices are made. Instead of treating risk as a sidecar, we show how to embed it into approvals, planning, and daily operations so decision velocity and decision quality rise together. We start by locating the Navigator within a clear four-layer stack: prin...
Integrated Risk Management (IRM) is repeatedly underfunded for a structural reason: leaders keep forcing IRM into an ROI construct that demands a single, auditable chain of causality, while IRM is designed to distribute value across multiple domains at once. In this episode, Ori Wellington and Sam Jones explain why ROI framing collapses into assumption-stacked narrative under CFO scrutiny, and why risk leaders need a finance-compatible alternative that remains decision-grade. The episode’s an...
Season 6 opens with a clear message for Technology Risk Management leaders: autonomy is no longer constrained by model capability, it is constrained by infrastructure discipline and auditable management controls. In S6E1, Ori Wellington and Sam Jones translate NVIDIA’s CES 2026 signals into a practical blueprint for Autonomous IRM, defined as continuous, AI-enabled verification and response loops that operate within explicit policy boundaries and generate audit-grade evidence by design. As in...
ServiceNow’s planned $7.75B all-cash acquisition of Armis (targeted to close in H2 2026) is easy to misfile as “just another cybersecurity deal.” In this episode, Wheelhouse Advisors’ Ori Wellington and Sam Jones explain why it is actually a defining IRM market signal, one that raises the standard for what “risk management at scale” should mean going into 2026 procurement cycles. The core message is simple and disruptive: IRM is shifting from artifact completion to verified outcomes. Risk reg...
Most ERM programs are still built to prove activity, not to produce decisions. In 2025, that gap is becoming visible at the board level, and it is getting punished. The new performance standard is measurable: time to decision and time to evidence. If your ERM platform runs on annual cycles and manual synthesis, you are not steering the enterprise, you are documenting the past. In this episode, we unpack the 2025 IRM Navigator™ Vendor Compass for Enterprise Risk Management (ERM) and explain wh...
Feeling lost in a sea of “next‑gen” risk tools that all promise unified visibility and maturity? We break the cycle of flashy demos and stalled implementations with a practical, research‑backed way to evaluate vendors and build a roadmap that actually advances your program. Anchored by the IRM Navigator Curve from Wheelhouse Advisors, we chart the journey from fragmented, audit‑driven dysfunction to a destination we call risk agency, where human judgment and machine action work together withi...
A hard truth drives this conversation: leaders are seeing the risks but not making the moves. We unpack the 76–42–22 drop-off, visibility to engagement to action, and show why the real bottleneck isn’t data, it’s decision architecture. If your board keeps asking for tighter numbers and firmer timelines, you’re living the reporting plateau. Precision can be counterproductive for emerging risks: it invites model debates, signals high-cost commitments, and rationalizes delay. We walk through a ...
The latest episode of The Risk Wheelhouse tackles one of the strangest sights in this year’s risk technology landscape. The 2025 Gartner Magic Quadrant for Governance, Risk, and Compliance arrives with an empty Visionaries quadrant. No challengers, no upstarts, just silence where innovation used to live. Rather than treating this as a warning sign, Ori Wellington and Sam Jones explain why the quiet is a signal that GRC has finally stabilized into what it was always best suited to be: the inst...
The ground under GRC is shifting, and it’s not subtle. We break down how unified integrated risk management is replacing checklist compliance with an operating model that ties performance, resilience, assurance, and compliance together. From AI governance to ESG at the board level, we follow the money, the deals, and the data to show where risk management is actually going—and how to get there without drowning in spreadsheets. We dive into why AI governance is now table stakes for any seriou...
Resilience isn’t a binder anymore. It’s a live system that has to perform under pressure. We pull apart the 2025 IRM Navigator™ Vendor Compass for Operational Risk Management (ORM) to show how ORM moved from back-office compliance to the execution engine of enterprise resilience. The stakes are massive. They include billions in spend, tighter regulations across the US, UK, and EU, and a rising demand for continuous, auditable proof that controls actually work when services fail. We break dow...
Your “encrypted” data may still be regulated and today the rules start to bite. We unpack how the Department of Justice’s Data Security Program moves from guidance to strict enforcement and why it reframes data governance as a national security mandate. From redefining “covered data” to treating anonymized and encrypted datasets as in-scope when they enable linkage or inference, we walk through what changes right now for risk leaders, counsel, and compliance teams. We detail the two buckets ...
Autonomous IRM is moving from the lab into the core of enterprise risk, compliance, and security and the stakes couldn’t be higher. When a self-learning agent flags threats, scores claims, or polices policy violations, who is accountable, how do we intervene, and what proof can we show regulators and customers? We unpack the three frameworks shaping credible answers: ISO/IEC 42001 as a certifiable management system that embeds AI governance into everyday processes, the EU AI Act as hard law w...
Corporate governance is undergoing a revolution in the UK, and Provision 29 of the 2024 Corporate Governance Code stands at the epicenter of this transformation. Far beyond traditional financial oversight, this groundbreaking rule mandates unprecedented transparency from company boards about their internal controls across all domains – financial, operational, compliance, and critically, technology. Taking effect in 2026, Provision 29 requires boards to actively monitor and review their risk ...
Artificial intelligence stands at a crossroads of breathtaking innovation and urgent need for responsible guardrails. Every breakthrough brings questions about safety, fairness, and accountability that can no longer be afterthoughts. The European Union has responded with the AI Act – the world's first comprehensive legal framework for artificial intelligence – and its General Purpose AI Code of Practice has already secured commitments from tech giants like OpenAI, Google, Microsoft, and Anthr...
Behind every digital business lies an invisible web of trust: the OAuth tokens silently connecting your applications. What happens when these trusted connections become your greatest vulnerability? A sophisticated attack campaign recently exploited these connections, bypassing traditional security measures to breach major cybersecurity companies including Cloudflare, Palo Alto Networks, and Proofpoint. Rather than directly attacking primary platforms, threat actors targeted Drift's OAuth int...
Governance, Risk, and Compliance (GRC) has undergone a remarkable transformation. What was once the "department of no" – characterized by manual checklists, endless audits, and rooms full of binders – has evolved into a strategic verification backbone powering trust across organizations. This radical shift positions GRC at the center of Integrated Risk Management (IRM), where policies, controls, and compliance data flow dynamically through organizations to provide real-time assurance. The ma...
Comments
Download from Google Play
Download from App Store
United States