The Risk Wheelhouse Podcast
The Risk Wheelhouse is the podcast dedicated to exploring how RiskTech is reshaping the future of risk management. Hosted by our experts, Ori Wellington and Sam Jones, each episode delves deep into Integrated Risk Management (IRM), offering insights into the latest trends, technologies, and strategies. Join us to stay ahead in the ever-evolving risk landscape and empower your organization with actionable knowledge.
S5E3: 2025 ORM Vendor Compass - The Enterprise Resilience Engine
Resilience isn’t a binder anymore. It’s a live system that has to perform under pressure. We pull apart the 2025 IRM Navigator™ Vendor Compass for Operational Risk Management (ORM) to show how ORM moved from back-office compliance to the execution engine of enterprise resilience. The stakes are massive. They include billions in spend, tighter regulations across the US, UK, and EU, and a rising demand for continuous, auditable proof that controls actually work when services fail.
S5E2: Redrawing Data Lines - DOJ’s DSP and the New National Security Mandate
Your “encrypted” data may still be regulated and today the rules start to bite. We unpack how the Department of Justice’s Data Security Program moves from guidance to strict enforcement and why it reframes data governance as a national security mandate. From redefining “covered data” to treating anonymized and encrypted datasets as in-scope when they enable linkage or inference, we walk through what changes right now for risk leaders, counsel, and compliance teams.
S5E1: When AI manages risk, who manages the AI?
Autonomous IRM is moving from the lab into the core of enterprise risk, compliance, and security and the stakes couldn’t be higher. When a self-learning agent flags threats, scores claims, or polices policy violations, who is accountable, how do we intervene, and what proof can we show regulators and customers? We unpack the three frameworks shaping credible answers: ISO/IEC 42001 as a certifiable management system that embeds AI governance into everyday processes, the EU AI Act as hard law with high‑risk tiers and eye‑watering fines, and the NIST AI Risk Management Framework as a practical playbook for building trustworthy systems.
S4E11: Behind Boardroom Doors - The New Era of UK Corporate Transparency
Corporate governance is undergoing a revolution in the UK, and Provision 29 of the 2024 Corporate Governance Code stands at the epicenter of this transformation. Far beyond traditional financial oversight, this groundbreaking rule mandates unprecedented transparency from company boards about their internal controls across all domains – financial, operational, compliance, and critically, technology.
S4E10: From Boardroom to Code Base - How the EU AI Act Reshapes Business Strategy
Artificial intelligence stands at a crossroads of breathtaking innovation and urgent need for responsible guardrails. Every breakthrough brings questions about safety, fairness, and accountability that can no longer be afterthoughts. The European Union has responded with the AI Act – the world's first comprehensive legal framework for artificial intelligence – and its General Purpose AI Code of Practice has already secured commitments from tech giants like OpenAI, Google, Microsoft, and Anthropic.
S4E9: The SaaS Domino Effect - How Compromised OAuth Tokens Created a Cybersecurity Nightmare
Behind every digital business lies an invisible web of trust: the OAuth tokens silently connecting your applications. What happens when these trusted connections become your greatest vulnerability? A sophisticated attack campaign recently exploited these connections, bypassing traditional security measures to breach major cybersecurity companies including Cloudflare, Palo Alto Networks, and Proofpoint. Rather than directly attacking primary platforms, threat actors targeted Drift's OAuth integration tokens, effectively stealing the keys that allowed them to impersonate this trusted web chat tool when connecting to enterprise Salesforce instances.
S4E8: Beyond Binders - GRC's Radical Shift to Integrated Risk Management and Enterprise Trust
Governance, Risk, and Compliance (GRC) has undergone a remarkable transformation. What was once the "department of no" – characterized by manual checklists, endless audits, and rooms full of binders – has evolved into a strategic verification backbone powering trust across organizations.
This radical shift positions GRC at the center of Integrated Risk Management (IRM), where policies, controls, and compliance data flow dynamically through organizations to provide real-time assurance. The market reflects this evolution, with GRC projected to grow from $12.1 billion in 2025 to $25.1 billion by 2032 – not as an unavoidable cost, but as a strategic investment that builds market-enhancing trust and enables bolder innovation.
S4E7: The Academic Reckoning of Risk Management
Risk management evolution isn't just about new acronyms. It's about organizational survival in an increasingly complex world. When we examine the journey from checkbox compliance to genuine integration, we uncover profound lessons about how businesses navigate danger and why some approaches fundamentally fail when pressure hits.
This deep dive traces the fascinating progression from Governance, Risk and Compliance (GRC) through Enterprise Risk Management (ERM) to today's Integrated Risk Management (IRM) framework. Drawing from John Wheeler's powerful "Risk Ignored" series, we explore how GRC emerged after Sarbanes-Oxley as an elegant solution on paper that quickly collapsed under its own weight. As Norman Marks memorably quipped, GRC often stood for "Governance, Risk Management, and Confusion."
S4E6: When AI Agents Outnumber Humans
The rapid proliferation of AI agents throughout enterprise environments isn't just another tech trend—it's a fundamental transformation of how organizations operate. When Nikesh Arora, CEO of Palo Alto Networks, warns that "there's going to be more agents than humans running around trying to help manage your enterprise," he's highlighting a seismic shift that demands immediate attention.
S4E5: Wheelhouse's 2025 IRM Navigator™ Vendor Compass for Risk Management Consulting
The fog of risk management is lifting. What was once a checkbox exercise has transformed into a strategic imperative that drives enterprise resilience and competitive advantage. Dive deep with us as we explore the groundbreaking 2025 IRM Navigator™ Vendor Compass for Risk Management Consulting Report from Wheelhouse Advisors. This essential analysis maps the dramatic evolution underway in how organizations operationalize Integrated Risk Management (IRM) and the crucial role expert consulting now plays in this landscape.
S4E4: How Workiva's 32% Stock Surge Reveals a Deeper Industry Transformation
Workiva's spectacular 32% stock surge after their Q2 2025 earnings reveals something much deeper than just a strong quarter. Their $215 million revenue (up 21% year-over-year) and impressive 114% net retention rate signal the market's growing confidence in their strategic transformation—a shift that parallels the entire risk management industry's evolution.
What makes this story fascinating is the context. Before this surge, Workiva had struggled, with their stock down 24% over two years due to overreliance on specific regulatory drivers like the EU's Corporate Sustainability Reporting Directive. When regulations faced delays, revenue recognition suffered, spooking investors. This vulnerability exposed a fundamental weakness in their business model.
S4E3: An Extinction Level Event - Risk in the Digital Age
Modern risk management stands at a precipice of transformation where AI-driven platforms are causing what ServiceNow's CEO Bill McDermott calls an "extinction-level event" for traditional software vendors. This profound shift is reshaping how organizations approach enterprise resilience, with implications for businesses across all sectors.
S4E2: Autonomous IRM - Orchestrating Risk at Machine Speed
The digital age has accelerated risk to unprecedented speeds, creating a fundamental challenge for organizations: how can you manage threats that move faster than humans can react? This paradigm shift has given rise to Autonomous Integrated Risk Management (IRM), a revolutionary approach that transitions from human-speed reactions to machine-speed foresight and response.
S4E1: The 2025 IRM50—Integrated Risk Management All-Stars
The baseball All-Stars aren't the only MVPs making headlines in Atlanta this summer. Just as the MLB's finest gather at Truist Park, Wheelhouse Advisors has released their game-changing 2025 IRM Navigator™ Viewpoint Report, spotlighting the 50 most influential players in integrated risk management.
This explosive market—projected to reach a staggering $147 billion by 2032—is undergoing a profound transformation. What was once a back-office compliance function has evolved into a strategic imperative for boards, CISOs, and transformation leaders worldwide. The Viewpoint Report cuts through the noise, evaluating over 220 global providers to identify the IRM50— 50 all-stars across five critical domains: Enterprise Risk Management, Governance Risk & Compliance, Operational Risk Management, Technology Risk Management, and—new this year—Risk Management Consulting.
S3E10: Concentration Breeds Collapse - What the UNFI Outage Taught Us About Hidden Risk and How IRM Fixes It
In Episode 10 of Season 3 of The Risk Wheelhouse, hosts Ori Wellington and Sam Jones go deep into a case that should make every executive sit up straight: the June 2025 cyberattack on United Natural Foods Inc. (UNFI). As the primary distributor for Whole Foods, UNFI represents a critical node in the North American food supply chain—and when that node collapsed, the results were immediate and jarring: empty shelves, viral photos, panicked customers, and a $300 million hit to UNFI’s market value.
But this episode isn’t just about groceries. It’s a cautionary tale for every industry.
S3E9: Starved from the Edges – Why Connected Intelligence Matters in Autonomous IRM
When Automation Moves Fast—and Misses the Point
In this episode of The Risk Wheelhouse, Ori Wellington and Sam Jones expose the blind spot threatening today’s most advanced risk tech: isolation.
Autonomous IRM is no longer theory. AI platforms like Tuskira are already simulating threats and triggering real-time responses. But as this episode reveals, most operate in a vacuum—starved of strategic input from the top and assurance feedback from the bottom.
The result? High-speed automation chasing low-value noise.
S3E8: The Risk Ignored - Losing the Secret Formula
When Risk Intelligence Is Just a Lie You Tell Yourself
In this episode of The Risk Wheelhouse, Ori Wellington and Sam Jones take listeners deep inside the boardroom drama, technology illusions, and costly consequences that define one of the most revealing chapters in risk history. Drawing from The Risk Ignored Part I, Chapter 4 by John A. Wheeler, they uncover how SunTrust’s billion-dollar implosion wasn’t just a financial disaster—it was a failure of architecture, mindset, and nerve.
And the kicker? The very tools sold to prevent this kind of catastrophe—first-generation GRC platforms—were part of the problem.
S3E7: Integrated Risk Thinking and the IRM Navigator™ Model
Why Integrated Risk Thinking (IRT) is the Strategic Superpower Your Business Has Been Missing
For organizations in today’s digital era, the biggest risk might not be what’s coming—but how you’re thinking.
Traditional risk management has always been reactive. It slices risk into categories—financial, operational, cybersecurity—and manages them in isolation. The result? Fragmented insights, missed signals, and a business strategy vulnerable to blind spots. Even Governance, Risk, and Compliance (GRC) platforms, once hailed as the future, have largely become digital filing cabinets—useful, but far from transformative.
That’s where Integrated Risk Thinking (IRT) changes the game.
S3E6: The Strategic Risk Revolution—Why Traditional GRC Is Falling Short
In Episode S3E6 of The Risk Wheelhouse Podcast, hosts Ori Wellington and Sam Jones unpack a revealing analysis by McKinsey & Company, highlighting critical weaknesses in traditional Governance, Risk, and Compliance (GRC) frameworks. Despite significant investment, many organizations report disappointing results from legacy GRC approaches. Wellington and Jones discuss five systemic shortcomings identified by McKinsey that underscore why traditional GRC struggles in today’s complex, rapidly evolving business environment.
S3E5: The Workiva Sell-Off Reveals What's Really Driving Today's IRM Market
A minor tremor—or a market wake-up call?
In the latest episode of The Risk Wheelhouse, hosts Ori Wellington and Sam Jones break down a seemingly routine market fluctuation that revealed far more than expected. Season 3, Episode 5—The Workiva Sell-Off Reveals What’s Really Driving Today’s IRM Market—examines how the sudden drop in Workiva’s stock price, despite favorable earnings, exposed a deeper truth about the state of Integrated Risk Management (IRM) in 2025.
At first glance, the culprit seemed small: whispers of delays to the EU’s Corporate Sustainability Reporting Directive (CSRD) and postponed sustainability regulations triggered investor unease. But beneath that reaction lies a profound shift in IRM market dynamics. No longer driven solely by product innovation, today’s IRM landscape is shaped equally by the volatility of regulatory timelines, geopolitical risk, and enterprise strategy.