Claim OwnershipThe Risk Wheelhouse
Subscribed: 0Played: 1
Subscribe
© 2026 Wheelhouse Advisors LLC
Description
The Risk Wheelhouse is designed to explore how RiskTech is transforming the way companies approach risk management today and into the future. The podcast aims to provide listeners with valuable insights into integrated risk management (IRM) practices and emerging technologies. Each episode will feature a "Deep Dive" into specific topics or research reports developed by Wheelhouse Advisors, helping listeners navigate the complexities of the modern risk landscape.
56 Episodes
Reverse
Shiny demos are everywhere, but what if that “next-gen SaaS” risk platform is still a construction zone under the hood? We unpack the Risk Tech Buyer Trap and show how modern UIs and AI buzz can disguise where vendors really are on the path to true integration maturity. Our conversation breaks down a clear four-stage transformation sequence—SaaS foundation, experience reset, object model stabilization, and finally productized integration—so you can pinpoint a platform’s real readiness and avo...
Risk work that lives in reports but not in decisions is a hidden tax on performance. We tackle that problem head-on by unpacking the IRM Navigator, an operating model that connects standards and roles to the real systems and moments where choices are made. Instead of treating risk as a sidecar, we show how to embed it into approvals, planning, and daily operations so decision velocity and decision quality rise together. We start by locating the Navigator within a clear four-layer stack: prin...
Integrated Risk Management (IRM) is repeatedly underfunded for a structural reason: leaders keep forcing IRM into an ROI construct that demands a single, auditable chain of causality, while IRM is designed to distribute value across multiple domains at once. In this episode, Ori Wellington and Sam Jones explain why ROI framing collapses into assumption-stacked narrative under CFO scrutiny, and why risk leaders need a finance-compatible alternative that remains decision-grade. The episode’s an...
Season 6 opens with a clear message for Technology Risk Management leaders: autonomy is no longer constrained by model capability, it is constrained by infrastructure discipline and auditable management controls. In S6E1, Ori Wellington and Sam Jones translate NVIDIA’s CES 2026 signals into a practical blueprint for Autonomous IRM, defined as continuous, AI-enabled verification and response loops that operate within explicit policy boundaries and generate audit-grade evidence by design. As in...
ServiceNow’s planned $7.75B all-cash acquisition of Armis (targeted to close in H2 2026) is easy to misfile as “just another cybersecurity deal.” In this episode, Wheelhouse Advisors’ Ori Wellington and Sam Jones explain why it is actually a defining IRM market signal, one that raises the standard for what “risk management at scale” should mean going into 2026 procurement cycles. The core message is simple and disruptive: IRM is shifting from artifact completion to verified outcomes. Risk reg...
Most ERM programs are still built to prove activity, not to produce decisions. In 2025, that gap is becoming visible at the board level, and it is getting punished. The new performance standard is measurable: time to decision and time to evidence. If your ERM platform runs on annual cycles and manual synthesis, you are not steering the enterprise, you are documenting the past. In this episode, we unpack the 2025 IRM Navigator™ Vendor Compass for Enterprise Risk Management (ERM) and explain wh...
Feeling lost in a sea of “next‑gen” risk tools that all promise unified visibility and maturity? We break the cycle of flashy demos and stalled implementations with a practical, research‑backed way to evaluate vendors and build a roadmap that actually advances your program. Anchored by the IRM Navigator Curve from Wheelhouse Advisors, we chart the journey from fragmented, audit‑driven dysfunction to a destination we call risk agency, where human judgment and machine action work together withi...
A hard truth drives this conversation: leaders are seeing the risks but not making the moves. We unpack the 76–42–22 drop-off, visibility to engagement to action, and show why the real bottleneck isn’t data, it’s decision architecture. If your board keeps asking for tighter numbers and firmer timelines, you’re living the reporting plateau. Precision can be counterproductive for emerging risks: it invites model debates, signals high-cost commitments, and rationalizes delay. We walk through a ...
The latest episode of The Risk Wheelhouse tackles one of the strangest sights in this year’s risk technology landscape. The 2025 Gartner Magic Quadrant for Governance, Risk, and Compliance arrives with an empty Visionaries quadrant. No challengers, no upstarts, just silence where innovation used to live. Rather than treating this as a warning sign, Ori Wellington and Sam Jones explain why the quiet is a signal that GRC has finally stabilized into what it was always best suited to be: the inst...
The ground under GRC is shifting, and it’s not subtle. We break down how unified integrated risk management is replacing checklist compliance with an operating model that ties performance, resilience, assurance, and compliance together. From AI governance to ESG at the board level, we follow the money, the deals, and the data to show where risk management is actually going—and how to get there without drowning in spreadsheets. We dive into why AI governance is now table stakes for any seriou...
Resilience isn’t a binder anymore. It’s a live system that has to perform under pressure. We pull apart the 2025 IRM Navigator™ Vendor Compass for Operational Risk Management (ORM) to show how ORM moved from back-office compliance to the execution engine of enterprise resilience. The stakes are massive. They include billions in spend, tighter regulations across the US, UK, and EU, and a rising demand for continuous, auditable proof that controls actually work when services fail. We break dow...
Your “encrypted” data may still be regulated and today the rules start to bite. We unpack how the Department of Justice’s Data Security Program moves from guidance to strict enforcement and why it reframes data governance as a national security mandate. From redefining “covered data” to treating anonymized and encrypted datasets as in-scope when they enable linkage or inference, we walk through what changes right now for risk leaders, counsel, and compliance teams. We detail the two buckets ...
Autonomous IRM is moving from the lab into the core of enterprise risk, compliance, and security and the stakes couldn’t be higher. When a self-learning agent flags threats, scores claims, or polices policy violations, who is accountable, how do we intervene, and what proof can we show regulators and customers? We unpack the three frameworks shaping credible answers: ISO/IEC 42001 as a certifiable management system that embeds AI governance into everyday processes, the EU AI Act as hard law w...
Corporate governance is undergoing a revolution in the UK, and Provision 29 of the 2024 Corporate Governance Code stands at the epicenter of this transformation. Far beyond traditional financial oversight, this groundbreaking rule mandates unprecedented transparency from company boards about their internal controls across all domains – financial, operational, compliance, and critically, technology. Taking effect in 2026, Provision 29 requires boards to actively monitor and review their risk ...
Artificial intelligence stands at a crossroads of breathtaking innovation and urgent need for responsible guardrails. Every breakthrough brings questions about safety, fairness, and accountability that can no longer be afterthoughts. The European Union has responded with the AI Act – the world's first comprehensive legal framework for artificial intelligence – and its General Purpose AI Code of Practice has already secured commitments from tech giants like OpenAI, Google, Microsoft, and Anthr...
Behind every digital business lies an invisible web of trust: the OAuth tokens silently connecting your applications. What happens when these trusted connections become your greatest vulnerability? A sophisticated attack campaign recently exploited these connections, bypassing traditional security measures to breach major cybersecurity companies including Cloudflare, Palo Alto Networks, and Proofpoint. Rather than directly attacking primary platforms, threat actors targeted Drift's OAuth int...
Governance, Risk, and Compliance (GRC) has undergone a remarkable transformation. What was once the "department of no" – characterized by manual checklists, endless audits, and rooms full of binders – has evolved into a strategic verification backbone powering trust across organizations. This radical shift positions GRC at the center of Integrated Risk Management (IRM), where policies, controls, and compliance data flow dynamically through organizations to provide real-time assurance. The ma...
Risk management evolution isn't just about new acronyms—it's about organizational survival in an increasingly complex world. When we examine the journey from checkbox compliance to genuine integration, we uncover profound lessons about how businesses navigate danger and why some approaches fundamentally fail when pressure hits. This deep dive traces the fascinating progression from Governance, Risk and Compliance (GRC) through Enterprise Risk Management (ERM) to today's Integrated Risk Manag...
The rapid proliferation of AI agents throughout enterprise environments isn't just another tech trend—it's a fundamental transformation of how organizations operate. When Nikesh Arora, CEO of Palo Alto Networks, warns that "there's going to be more agents than humans running around trying to help manage your enterprise," he's highlighting a seismic shift that demands immediate attention. These aren't simple chatbots. We're talking about autonomous systems requiring privileged access to your ...
The fog of risk management is lifting. What was once a checkbox exercise has transformed into a strategic imperative that drives enterprise resilience and competitive advantage. Dive deep with us as we explore the groundbreaking 2025 IRM Navigator™ Vendor Compass for Risk Management Consulting Report from Wheelhouse Advisors. This essential analysis maps the dramatic evolution underway in how organizations operationalize Integrated Risk Management (IRM) and the crucial role expert consulting...
Comments
Download from Google Play
Download from App Store
United States