The Risk Wheelhouse Podcast
The Risk Wheelhouse is the podcast dedicated to exploring how RiskTech is reshaping the future of risk management. Hosted by our experts, Ori Wellington and Sam Jones, each episode delves deep into Integrated Risk Management (IRM), offering insights into the latest trends, technologies, and strategies. Join us to stay ahead in the ever-evolving risk landscape and empower your organization with actionable knowledge.
S4E9: The SaaS Domino Effect - How Compromised OAuth Tokens Created a Cybersecurity Nightmare
Behind every digital business lies an invisible web of trust: the OAuth tokens silently connecting your applications. What happens when these trusted connections become your greatest vulnerability? A sophisticated attack campaign recently exploited these connections, bypassing traditional security measures to breach major cybersecurity companies including Cloudflare, Palo Alto Networks, and Proofpoint. Rather than directly attacking primary platforms, threat actors targeted Drift's OAuth integration tokens, effectively stealing the keys that allowed them to impersonate this trusted web chat tool when connecting to enterprise Salesforce instances.
S4E8: Beyond Binders - GRC's Radical Shift to Integrated Risk Management and Enterprise Trust
Governance, Risk, and Compliance (GRC) has undergone a remarkable transformation. What was once the "department of no" – characterized by manual checklists, endless audits, and rooms full of binders – has evolved into a strategic verification backbone powering trust across organizations.
This radical shift positions GRC at the center of Integrated Risk Management (IRM), where policies, controls, and compliance data flow dynamically through organizations to provide real-time assurance. The market reflects this evolution, with GRC projected to grow from $12.1 billion in 2025 to $25.1 billion by 2032 – not as an unavoidable cost, but as a strategic investment that builds market-enhancing trust and enables bolder innovation.
S4E7: The Academic Reckoning of Risk Management
Risk management evolution isn't just about new acronyms. It's about organizational survival in an increasingly complex world. When we examine the journey from checkbox compliance to genuine integration, we uncover profound lessons about how businesses navigate danger and why some approaches fundamentally fail when pressure hits.
This deep dive traces the fascinating progression from Governance, Risk and Compliance (GRC) through Enterprise Risk Management (ERM) to today's Integrated Risk Management (IRM) framework. Drawing from John Wheeler's powerful "Risk Ignored" series, we explore how GRC emerged after Sarbanes-Oxley as an elegant solution on paper that quickly collapsed under its own weight. As Norman Marks memorably quipped, GRC often stood for "Governance, Risk Management, and Confusion."
S4E6: When AI Agents Outnumber Humans
The rapid proliferation of AI agents throughout enterprise environments isn't just another tech trend—it's a fundamental transformation of how organizations operate. When Nikesh Arora, CEO of Palo Alto Networks, warns that "there's going to be more agents than humans running around trying to help manage your enterprise," he's highlighting a seismic shift that demands immediate attention.
S4E5: Wheelhouse's 2025 IRM Navigator™ Vendor Compass for Risk Management Consulting
The fog of risk management is lifting. What was once a checkbox exercise has transformed into a strategic imperative that drives enterprise resilience and competitive advantage. Dive deep with us as we explore the groundbreaking 2025 IRM Navigator™ Vendor Compass for Risk Management Consulting Report from Wheelhouse Advisors. This essential analysis maps the dramatic evolution underway in how organizations operationalize Integrated Risk Management (IRM) and the crucial role expert consulting now plays in this landscape.
S4E4: How Workiva's 32% Stock Surge Reveals a Deeper Industry Transformation
Workiva's spectacular 32% stock surge after their Q2 2025 earnings reveals something much deeper than just a strong quarter. Their $215 million revenue (up 21% year-over-year) and impressive 114% net retention rate signal the market's growing confidence in their strategic transformation—a shift that parallels the entire risk management industry's evolution.
What makes this story fascinating is the context. Before this surge, Workiva had struggled, with their stock down 24% over two years due to overreliance on specific regulatory drivers like the EU's Corporate Sustainability Reporting Directive. When regulations faced delays, revenue recognition suffered, spooking investors. This vulnerability exposed a fundamental weakness in their business model.
S4E3: An Extinction Level Event - Risk in the Digital Age
Modern risk management stands at a precipice of transformation where AI-driven platforms are causing what ServiceNow's CEO Bill McDermott calls an "extinction-level event" for traditional software vendors. This profound shift is reshaping how organizations approach enterprise resilience, with implications for businesses across all sectors.
S4E2: Autonomous IRM - Orchestrating Risk at Machine Speed
The digital age has accelerated risk to unprecedented speeds, creating a fundamental challenge for organizations: how can you manage threats that move faster than humans can react? This paradigm shift has given rise to Autonomous Integrated Risk Management (IRM), a revolutionary approach that transitions from human-speed reactions to machine-speed foresight and response.
S4E1: The 2025 IRM50—Integrated Risk Management All-Stars
The baseball All-Stars aren't the only MVPs making headlines in Atlanta this summer. Just as the MLB's finest gather at Truist Park, Wheelhouse Advisors has released their game-changing 2025 IRM Navigator™ Viewpoint Report, spotlighting the 50 most influential players in integrated risk management.
This explosive market—projected to reach a staggering $147 billion by 2032—is undergoing a profound transformation. What was once a back-office compliance function has evolved into a strategic imperative for boards, CISOs, and transformation leaders worldwide. The Viewpoint Report cuts through the noise, evaluating over 220 global providers to identify the IRM50— 50 all-stars across five critical domains: Enterprise Risk Management, Governance Risk & Compliance, Operational Risk Management, Technology Risk Management, and—new this year—Risk Management Consulting.
S3E10: Concentration Breeds Collapse - What the UNFI Outage Taught Us About Hidden Risk and How IRM Fixes It
In Episode 10 of Season 3 of The Risk Wheelhouse, hosts Ori Wellington and Sam Jones go deep into a case that should make every executive sit up straight: the June 2025 cyberattack on United Natural Foods Inc. (UNFI). As the primary distributor for Whole Foods, UNFI represents a critical node in the North American food supply chain—and when that node collapsed, the results were immediate and jarring: empty shelves, viral photos, panicked customers, and a $300 million hit to UNFI’s market value.
But this episode isn’t just about groceries. It’s a cautionary tale for every industry.
S3E9: Starved from the Edges – Why Connected Intelligence Matters in Autonomous IRM
When Automation Moves Fast—and Misses the Point
In this episode of The Risk Wheelhouse, Ori Wellington and Sam Jones expose the blind spot threatening today’s most advanced risk tech: isolation.
Autonomous IRM is no longer theory. AI platforms like Tuskira are already simulating threats and triggering real-time responses. But as this episode reveals, most operate in a vacuum—starved of strategic input from the top and assurance feedback from the bottom.
The result? High-speed automation chasing low-value noise.
S3E8: The Risk Ignored - Losing the Secret Formula
When Risk Intelligence Is Just a Lie You Tell Yourself
In this episode of The Risk Wheelhouse, Ori Wellington and Sam Jones take listeners deep inside the boardroom drama, technology illusions, and costly consequences that define one of the most revealing chapters in risk history. Drawing from The Risk Ignored Part I, Chapter 4 by John A. Wheeler, they uncover how SunTrust’s billion-dollar implosion wasn’t just a financial disaster—it was a failure of architecture, mindset, and nerve.
And the kicker? The very tools sold to prevent this kind of catastrophe—first-generation GRC platforms—were part of the problem.
S3E7: Integrated Risk Thinking and the IRM Navigator™ Model
Why Integrated Risk Thinking (IRT) is the Strategic Superpower Your Business Has Been Missing
For organizations in today’s digital era, the biggest risk might not be what’s coming—but how you’re thinking.
Traditional risk management has always been reactive. It slices risk into categories—financial, operational, cybersecurity—and manages them in isolation. The result? Fragmented insights, missed signals, and a business strategy vulnerable to blind spots. Even Governance, Risk, and Compliance (GRC) platforms, once hailed as the future, have largely become digital filing cabinets—useful, but far from transformative.
That’s where Integrated Risk Thinking (IRT) changes the game.
S3E6: The Strategic Risk Revolution—Why Traditional GRC Is Falling Short
In Episode S3E6 of The Risk Wheelhouse Podcast, hosts Ori Wellington and Sam Jones unpack a revealing analysis by McKinsey & Company, highlighting critical weaknesses in traditional Governance, Risk, and Compliance (GRC) frameworks. Despite significant investment, many organizations report disappointing results from legacy GRC approaches. Wellington and Jones discuss five systemic shortcomings identified by McKinsey that underscore why traditional GRC struggles in today’s complex, rapidly evolving business environment.
S3E5: The Workiva Sell-Off Reveals What's Really Driving Today's IRM Market
A minor tremor—or a market wake-up call?
In the latest episode of The Risk Wheelhouse, hosts Ori Wellington and Sam Jones break down a seemingly routine market fluctuation that revealed far more than expected. Season 3, Episode 5—The Workiva Sell-Off Reveals What’s Really Driving Today’s IRM Market—examines how the sudden drop in Workiva’s stock price, despite favorable earnings, exposed a deeper truth about the state of Integrated Risk Management (IRM) in 2025.
At first glance, the culprit seemed small: whispers of delays to the EU’s Corporate Sustainability Reporting Directive (CSRD) and postponed sustainability regulations triggered investor unease. But beneath that reaction lies a profound shift in IRM market dynamics. No longer driven solely by product innovation, today’s IRM landscape is shaped equally by the volatility of regulatory timelines, geopolitical risk, and enterprise strategy.
S3E4: Risk's Dual Lens—From Monocle to Smart Glasses
Risk management is undergoing a revolutionary transformation, and businesses stuck in outdated approaches are increasingly vulnerable in today's complex landscape. This eye-opening deep dive examines the stark contrast between traditional and modern risk perspectives through the powerful analogy of "monocles versus smart glasses."
Drawing from insights shared by John Wheeler (Wheelhouse Advisors) and Andrea Elliott (ACI Worldwide) at the Mitratech Interact Conference 2025, we explore why the old compliance-focused, backward-looking approach is dangerously inadequate. Today's interconnected challenges demand a panoramic view that integrates both assurance (protection) and performance (strategy) perspectives.
S3E3: The Missing M—Why Risk Needs Managers, Not Just Playbooks
The moment a baseball season begins, hope fills the air as teams dream of championship glory. But as any sports fan knows, talented players alone can't win championships—they need strong managers making smart calls and adjusting strategy in real-time. This powerful analogy perfectly captures what's often missing in corporate risk management today.
Many companies believe their Governance, Risk and Compliance (GRC) programs provide comprehensive protection against uncertainty. Yet in practice, these programs frequently amount to little more than documenting potential problems and checking compliance boxes—the equivalent of having a playbook without a coach actively managing the game. This fundamental gap between identifying risks and actively managing them represents the critical difference between traditional GRC approaches and the emerging discipline of Integrated Risk Management (IRM).
S3E2: Flipping the Risk Conversation Forward
The relentless pace of change in today's business environment demands a radical rethinking of risk management. Gone are the days when risk could be viewed merely as a necessary evil or compliance hurdle—forward-thinking organizations are now recognizing it as a crucial lens for making better decisions and driving long-term value creation.
Drawing insights from the "Flip the Risk Conversation Forward" session at the 2025 Mitratech Interact Conference, we explore how businesses can navigate turbulence and emerge stronger by fundamentally transforming their approach to risk. John Wheeler's three-part framework—Flip, Adopt, Manage—offers a practical roadmap for organizations looking to evolve beyond siloed, reactive risk management toward a more integrated, proactive stance.
S3E1: Beyond the Box-Ticking—How Organizational Culture Drives Operational Risk
Welcome to Season 3 of The Risk Wheelhouse, where we’re turning up the heat on one of the most underappreciated yet mission-critical topics in risk management: Operational Risk. Why? Because in June, we’re releasing the highly anticipated 2025 IRM Navigator™ ORM Report, and it’s poised to reshape how the world thinks about organizational risk, resilience—and responsibility.
We kick off the season with a bang in Episode 1: Beyond the Box-Ticking—How Organizational Culture Drives Operational Risk. Hosts Ori Wellington and Sam Jones peel back the layers on one of today’s most dangerous blind spots: the cultural and behavioral failures quietly fueling massive operational breakdowns.
S2E11: The Risk Whisperer's Guide to Not Letting Your AI Go Rogue
The AI revolution isn't coming—it's already here, transforming how organizations operate. But with tremendous power comes significant responsibility. How do forward-thinking companies harness AI's potential while protecting themselves from serious risks?