The RTJ Bridge is the new premium version of The RiskTech Journal, delivering fast-moving, strategically relevant insights for risk leaders navigating today’s digital business landscape.

Designed as the link between editorial commentary and in-depth research, The RTJ Bridge offers exclusive access to:

High-frequency insight notes on market shifts, regulatory signals, and emerging technologies
Executive briefings and editorial series including “The Risk Ignored”
Strategic previews of IRM Navigator™ research, including upcoming Risk Landscape Reports

Whether you're monitoring vendor moves, tracking governance shifts, or preparing for regulatory disruption, The RTJ Bridge equips you with actionable foresight.

The RTJ Bridge - The Premium Version of The RiskTech Journal

Subscribe to get access now

The RTJ Bridge Subscription

$6.99

Every month

The RTJ Bridge Subscription is a premier resource for executives and professionals focused on the intersection of risk management and technology. It provides subscribers with access to a curated collection of articles and expert insights designed to enhance risk management strategies through technological innovation. With its online format, The RTJ Bridge offers flexible access to critical information, helping leaders make informed decisions and stay competitive.

✓ Timely Insights: Access to weekly cutting-edge articles

✓ Expert Opinions: Direct advice from industry leaders

✓ Comprehensive Coverage: In-depth exploration of risk topics

✓ Flexible Access: Read anytime, anywhere, with online access

A ship's bridge with a person standing inside, seen through large glass windows, on a white vessel with round portholes and safety railing.

Ori Wellington 6/10/25 Ori Wellington 6/10/25

Can AI Be Governed?

The Governance Paradox

The question of whether artificial intelligence can be governed may seem philosophical. But in 2025, it has become operational—and urgent. Just reference our recent article on Builder.ai to learn about the escalating risks driven by AI. As generative AI, autonomous agents, and foundation models accelerate their integration into critical systems, the pace of innovation is rapidly outstripping the scaffolding of rules, oversight, and control.

“Governance” in this context is often mistaken for static oversight: policy frameworks, codes of conduct, or aspirational principles. But as defined in the discipline of integrated risk management (IRM), governance is the rule-setting subset of management—the top of the pyramid. True risk control comes from marrying that governance with relentless operational execution: identification, assessment, mitigation, and continuous monitoring.

So: Can AI be governed? The answer is yes—but only if organizations recognize that compliance checklists and PR-friendly charters are no substitute for enterprise-wide, integrated, and adaptive risk management.

Ori Wellington 6/5/25 Ori Wellington 6/5/25

When the AI Black Box Blows Up

Builder.ai’s Collapse and the Unspoken Risk of Third-Party AI Dependencies

In May 2025, Builder.ai—a self-styled “AI software factory” based in London—collapsed into insolvency. Its promise had captivated global investors: a revolutionary platform that used artificial intelligence to build bespoke software with the ease of ordering a pizza. The startup raised over $500 million from Microsoft, the Qatar Investment Authority, SoftBank, and Insight Partners. In 2023, it was valued at over $1.3 billion.

But beneath its glossy demos and bold claims, Builder.ai was held together by human coders, creative accounting, and possibly fabricated revenue. As reported by the Financial Times, Microsoft and other top-tier investors are now grappling with the realization that they may have backed a business that not only overstated its AI capabilities—but systematically inflated its financials.

Builder.ai is not merely a failed startup. It is a warning shot to any organization that depends on third-party AI providers without meaningful oversight or technical verification. The question that now must be asked across boardrooms and IT departments alike:

If Microsoft—with all its engineering prowess—could be misled, what chance does a mid-sized business have?

John A. Wheeler 6/3/25 John A. Wheeler 6/3/25

The Risk Ignored – Part I, Chapter 4. The Irony of Risk Intelligence: When GRC’s Founders Became IRM’s Followers

When Risk Culture Meets Rocket Fuel

In early 2007, SunTrust’s board appointed a new CEO. The new CEO had been waiting in the wings since SunTrust acquired his bank that was heavily weighted toward mortgage banking. Unlike his predecessor, he saw risk not as a discipline but as a throttle—something to push forward, not manage. His first strategic move was aggressive: set a Big Hairy Audacious Goal (BHAG) – a term ironically made famous by Jim Collins’ book “Built to Last”. The SunTrust BHAG, as defined by the new CEO, was to more than double the mortgage portfolio within twelve months to compete head-on with Wall Street’s securitization giants.

To hit that target, underwriting controls were systematically dismantled. Incentives for mortgage originators surged dramatically, creating an environment ripe for aggressive lending and shortcuts. When I saw these changes, I foresaw the inevitable crash. As the senior executive overseeing Internal Audit, Compliance, and Risk Management, I confronted both the CEO and his protégé—the head of mortgage banking—in a tense meeting. The mortgage head literally writhed in his seat with anger; I had never seen anything like it.

John A. Wheeler 5/15/25 John A. Wheeler 5/15/25

The Risk Ignored – Part I, Chapter 3. The Acronym That Built a Market – And the One That Rescued It

As many industry shifts do, it began in a quiet room with a big idea. One conversation was with a Big Four consulting firm eager to formalize its newest offering. Another was with a risk software vendor in search of identity and traction. Sitting across the table from both in 2002 was Michael Rasmussen, then an analyst at Giga Information Group.

What he encountered in those two briefings wasn't just a common theme but a shared phrase. The software vendor and PwC had already begun using "Governance, Risk, and Compliance" to describe their offerings. Rasmussen helped bring it to life—not as a framework, not as an architecture, but as a market category. And almost overnight, that name became an industry.

Ori Wellington 4/30/25 Ori Wellington 4/30/25

AuditBoard’s Connected Risk Strategy: Strategic Evolution or History Repeating Itself?

On Day Two of RSA Conference 2025, AuditBoard presented a series of announcements intended to reposition the company well beyond its audit origins. Among them, a brand refresh with a new design language, the debut of an AI governance module, and the launch of a regulatory compliance platform called RegComply. These moves suggest an ambition to reframe AuditBoard as a broader platform for managing risk—beyond audit and into what it describes as “connected risk.”

But as competitors at RSA unveil agent-powered and AI-native capabilities, AuditBoard’s expansion strategy raises an important question:

Is this a strategic evolution—or is history repeating itself?

John A. Wheeler 4/25/25 John A. Wheeler 4/25/25

The Risk Ignored – Part I, Chapter 1. The Software That Lost Its Market

It’s a metaphor older than the software industry and time itself: the emperor with no clothes. But before the emperor stood exposed, his clothes began to fray—tattered garments passed off as innovation, stitched together by marketing promises and untested assumptions. That’s the story we’re telling here, not just of the naked moment but of the unraveling that came before it.

In the early 2000s, that unraveling began with knowledge management. Later, it would continue under a new name: GRC.