To Visualize Risk, You Need Two Lenses—Essential Takeaways from the Mitratech Interact 2025 General Session
As today's business environment becomes more unpredictable, interconnected, and technologically driven, the traditional view of risk—focused primarily on controls, compliance, and containment—is no longer sufficient. Organizations must now see risk through a wider lens to avoid failure and inform success.
The central message was delivered during the general session "From Gatekeepers to Growth Partners: Embedding Risk at the Heart of the Organization" at the 2025 Mitratech Interact Conference in Dallas.
Moderated by Justin Silverman, Chief Product Officer at Mitratech, the session featured a dynamic dialogue between John A. Wheeler, CEO of Wheelhouse Advisors, and Andrea Elliott, Chief Compliance Officer at ACI Worldwide. They offered a forward-looking perspective on how organizations can evolve their risk practices to become more strategic, resilient, and business-aligned.
The Future of Risk
"Traditional risk assessment is like looking through a monocle—narrow, tactical, and largely focused on what's directly in front of you. In contrast, what organizations need today is more like AI-enabled glasses—panoramic, contextual, and intelligent enough to support real-time, risk-informed decision-making across the enterprise."
- John A. Wheeler
A Strategic Analogy: Monocles, Smart Glasses, and the Future of Risk
Wheeler introduced a compelling analogy to frame the discussion:
"Traditional risk assessment is like looking through a monocle—narrow, tactical, and largely focused on what's directly in front of you. In contrast, what organizations need today is more like AI-enabled glasses—panoramic, contextual, and intelligent enough to support real-time, risk-informed decision-making across the enterprise."
This analogy captured the limitations of outdated risk models that rely solely on static risk registers, backward-looking controls, and narrowly defined compliance objectives. While helpful in isolation, these monocular approaches provide only partial visibility—failing to account for how risk interacts with strategy, performance, technology, and external volatility.
The smart glasses lens, by contrast, represents a more modern and integrated approach—one that enables executives to synthesize both quantitative risk data and qualitative business signals, respond to change proactively and align decisions with risk appetite and long-term objectives.
Wheeler explained that these two lenses—assurance and compliance on one side and performance and resilience on the other—must be held together by a unifying approach that aligns with enterprise value. By balancing tactical and strategic risk perspectives, organizations can move from merely checking boxes to making smarter, faster, and more informed decisions.
Risk in Practice: ACI Worldwide's Maturation Journey
Andrea Elliott illustrated how these concepts are being implemented at ACI Worldwide. Drawing from a structured maturity model built around three organizing principles—Simplify, Integrate, and Enable—she shared how ACI has advanced its risk management capabilities from a fragmented compliance function to an embedded, value-adding discipline.
Simplify
ACI began by streamlining second-line activities, identifying redundant tasks, and eliminating friction between control functions. This involved investing in automation where possible, clarifying roles and responsibilities, and eliminating low-value risk activities that previously created bottlenecks or confusion.Integrate
The next stage involved embedding risk into broader organizational processes, including departmental planning, budgeting, and executive reporting. Risk ownership became distributed—not centralized—and decision-makers began to view risk through a shared lens that spanned business units, geographies, and functions.Enable
The final phase involved shifting from risk oversight to risk empowerment. The first line of defense—those closest to operational execution—was equipped with tools, guidance, and support from the second line to make risk-informed decisions in real-time. Risk no longer had to be "escalated" for action; it became part of how the business operated.
By the time ACI reached the "Managed" and "Optimized" stages of this model, risk had evolved from a siloed governance function into a strategic capability—capable of enhancing resilience, accelerating strategic alignment, and improving stakeholder confidence.
Elliott emphasized that this journey required strong executive sponsorship, cultural alignment, and a willingness to evolve risk beyond its traditional confines. Technology played a role, but the transformation hinged on mindset and leadership.
The Dual Lens of IRM
The solution is not to pick one perspective over another but to integrate both.
The assurance and compliance lens provides foundational protection—ensuring accountability, audit readiness, and control integrity.
The performance and resilience lens ensures that risk insights are forward-looking, tied to business objectives, and capable of driving enterprise agility.
The Case for Two Lenses: Tactical and Strategic Integration
Throughout the session, Wheeler and Elliott reinforced the idea that risk cannot be treated as a one-dimensional concept. Organizations that over-rely on compliance frameworks and risk heat maps often miss broader risks related to innovation, digital transformation, third-party dependencies, and geopolitical instability.
Conversely, organizations that chase performance without adequate control structures expose themselves to cascading operational failures, reputational harm, and regulatory scrutiny.
The solution is not to pick one perspective over another but to integrate both.
The assurance and compliance lens provides foundational protection—ensuring accountability, audit readiness, and control integrity.
The performance and resilience lens ensures that risk insights are forward-looking, tied to business objectives, and capable of driving enterprise agility.
Using both lenses allows risk leaders to operate in dual mode: protecting the organization's core while enabling its future.
Essential Takeaways
To conclude the session, Wheeler and Elliott jointly shared six strategic takeaways for organizations seeking to elevate risk management into a source of business value:
Clarify the value proposition. Risk programs must directly support business outcomes, not just avoid adverse events.
Build integrated programs. Risk, compliance, legal, and audit must be aligned, not isolated.
Use real-time signals. Risk is dynamic. Organizations need continuous monitoring, not point-in-time assessments.
Balance protection with performance. Mature programs safeguard assets while also enabling innovation and growth.
Adopt forward-looking tools. Scenario analysis, predictive modeling, and simulation techniques are now essential—not optional.
Make strategic risk thinking part of daily business rhythm. Risk insight must be built into decision cycles, not bolted on afterward, especially in domains like AI governance, cyber resilience, and global supply chain risk.
From Control to Capability
The session concluded with a clear call to action: organizations must stop viewing risk as an isolated compliance function and start managing it as a core capability that drives value, trust, and long-term resilience.
Seeing risk clearly—through both lenses—means building programs that are not only responsive but also predictive. It means enabling the first line, supporting the second, and engaging the board with important insights. It means letting go of outdated frameworks that reduce risk to red-yellow-green charts with little connection to executives' decisions.
For those willing to adopt a broader vision, the reward is significant: better decisions, faster responses, fewer surprises—and a competitive edge grounded in clarity.
Explore More:
