May 21, 2025 • 20 mins
In this week's episode, we unpack the revolutionary approach of Integrated Risk Thinking (IRT) and how it transforms traditional risk management into a strategic advantage for modern businesses.
• Traditional risk management and GRC often works in silos, missing how interconnected different risks truly are
• IRT is a mindset shift, not just a process or software solution
• Risk insights should be used as strategic intelligence to shape business decisions
• The IRM Navigator™ Model provides structure with four domains: ERM, ORM, TRM, and GRC
• Five core principles of IRT create a foundation: strategic intelligence, cross-functional integration, proactive management, enterprise-wide ownership, and adaptability
• Organizations embracing IRT experience enhanced strategic execution and greater resilience
• The global IRM technology market is projected to grow from $61.6 billion (2025) to $134 billion (2032)
• The biggest risk may not be external threats but the limitations of a fragmented approach to managing them
For more information and resources on Integrated Risk Thinking and the IRM Navigator™ Model, visit wheelhouseadvisors.com.
Don't forget to subscribe on your favorite podcast platform—whether it's Apple Podcasts, Spotify, or Amazon Music.
Please contact us directly at info@wheelhouseadvisors.com or feel free to connect with us on LinkedIn and X.com.
Visit www.therisktechjournal.com and www.rtj-bridge.com to learn more about the topics discussed in today's episode.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Ori Wellington (00:00):
Wow, it really feels like the ground is just
constantly shifting underbusinesses these days.
Absolutely, you've got theselightning fast tech changes.
Sam Jones (00:07):
Yeah.
Ori Wellington (00:07):
Regulations popping up.
It feels like left and right.
Sam Jones (00:09):
Constantly.
Ori Wellington (00:10):
Cyber threats that are evolving by the minute.
Sam Jones (00:12):
Yeah.
Ori Wellington (00:13):
And then just the sheer complexity of
operating globally.
Sam Jones (00:16):
Yeah, it's a lot to juggle.
Ori Wellington (00:18):
It can leave you feeling like the old playbook
for managing risk.
Well, it just isn't quite up tothe task anymore.
Sam Jones (00:25):
Definitely.
Ori Wellington (00:25):
Like trying to use I don't know a map from 50
years ago to navigate Londontoday.
Sam Jones (00:30):
That feeling of inadequacy.
It's spot on the traditionalway where you know different
departments handle their bit ofrisk in isolation.
It often misses howinterconnected everything truly
is.
Ori Wellington (00:42):
Right.
Sam Jones (00:42):
It's like each instrument in an orchestra
playing its own tune.
Maybe some nice sounds, butdefinitely not a symphony.
No conductor.
Ori Wellington (00:49):
Exactly, and that's where this whole concept
of integrated risk thinking IRTfrom wheelhouse advisors seems
to come in.
It's presented not just asanother process, another set of
rules, but like a fundamentallydifferent way of looking at risk
.
Sam Jones (01:07):
A mindset shift really.
Ori Wellington (01:08):
Yeah, like putting on a new pair of glasses
that helps you see the wholelandscape, not just the bit
right in front of you.
Sam Jones (01:14):
That's a good way to put it.
Ori Wellington (01:15):
So, for this deep dive, our mission is pretty
straightforward.
We're going to break down whatIRT actually is and, maybe more
importantly, why it's somethingyou, listening, should probably
be paying attention to.
We're using insights from anarticle by Johnny Wheeler in the
Risk Tech Journal to guide us.
Sam Jones (01:32):
And it's also worth mentioning Wheelhouse Advisors
developed this thing called theIRM Navigator Model.
Ori Wellington (01:37):
Right, I saw that mentioned.
Sam Jones (01:38):
Yeah, and we'll definitely explore how that
framework, that practical tool,connects with this overarching
philosophy of integrated riskthinking.
As we go, think of IRT as theessential mindset, the
perspective you need to actuallymake those tools like the IRM
Navigator work effectively.
Ori Wellington (01:58):
Got it, so let's dig into this IRT idea, then.
The first thing that reallyjumped out at me was this
emphasis on it being a mindset,not just software or checklist.
What does that really look likefor a company day to day?
Sam Jones (02:12):
That's such a critical point.
Calling it a mindset signals areal philosophical change.
It's about moving riskmanagement away from being this
separate function.
You know the department youcall after a decision is made.
Ori Wellington (02:25):
Yeah, the risk review box to tick.
Sam Jones (02:27):
Exactly To making it woven into the very fabric of
how the organization thinks, howit acts every single day.
It's about proactively askingOK, what are the potential risks
here, before you launch thatnew product or enter that new
market or even just tweak aprocess?
Ori Wellington (02:43):
So instead of say the IT team just worrying
about firewalls over here andthe legal team just looking at
contracts over there, it'stotally separate.
Irt gets them talking, seeinghow their risks might connect or
even cascade.
Sam Jones (02:55):
Precisely.
Traditional risk managementoften lives in those silos right
, Dealing with issues reactivelyas they pop up within their
specific domain.
But today, a cybersecuritybreach isn't just an IT problem,
is it?
It can halt operations, trashyour reputation, trigger
regulatory fines.
Ori Wellington (03:12):
Right, it hits everywhere.
Sam Jones (03:13):
Everywhere.
Irt encourages seeing thoseconnections, those overlaps.
It enables a much morecoordinated and, frankly, more
effective response.
Think of it like moving fromindividual watch towers on a
castle wall to a central commandcenter that sees the whole
battlefield.
Ori Wellington (03:29):
And it's not just about defense.
Is it Playing defense all thetime?
The article suggests IRT canactually enable innovation,
agility and performance.
That feels like a prettydifferent spin on risk for a lot
of folks.
Sam Jones (03:41):
Oh, absolutely.
The conventional view oftenpaints risk as purely negative,
something to avoid, stamp out,you know.
Ori Wellington (03:48):
Yeah, minimize risk at all costs.
Sam Jones (03:49):
Right.
Irt acknowledges the dangers Ofcourse it has to, but it also
gets that smart risk taking iswell essential if you want to
grow.
By having a reallycomprehensive, integrated
understanding of potential risks, organizations can make much
more informed choices.
Where should we invest?
How can we innovate safely?
How do we operate moreefficiently without creating new
(04:10):
vulnerabilities?
It's about turning potentialroadblocks into strategic launch
pads.
Ori Wellington (04:17):
Like a climber assessing the route,
understanding the risks helpsthem climb better, faster, more
confidently.
That's a perfect analogy.
Sam Jones (04:24):
It's about understanding the risks helps
them climb better, faster, moreconfidently.
That's a perfect analogy.
It's about understanding therisks to ascend more effectively
, not just staying at the bottombecause it's safe.
Ori Wellington (04:30):
Okay, so we've got this mindset, this
integrated way of thinking aboutrisk.
Now, how does that connect backto and power that IRM navigator
model you mentioned earlier?
Sam Jones (04:40):
Okay, so think of the IRM navigator as the blueprint.
It's a structured frameworkright.
It has these four key domainsenterprise risk management ERM,
operational risk management, orm, technology risk management,
trm and governance.
Risk and compliance GRC.
Ori Wellington (04:54):
Right the four pillars.
Sam Jones (04:55):
Exactly, the model provides the architecture for
managing risk across these areas, but IRT, that's the energy,
energy source.
It's what makes thatarchitecture actually function
properly.
Without that integrated mindset, the model well?
Ori Wellington (05:10):
it risks becoming just a static diagram
on a slide okay, so the modelgives you the categories, the
buckets, the structure yes butthe IRT mindset is what actually
gets people to use it togethercollaboratively, effectively.
It's the why and the how behindthe what.
Sam Jones (05:25):
You got it.
Without that underlyingcommitment to integration, to
collaboration, to thinkingproactively, even the most
sophisticated risk model canjust fall flat.
It ends up as another binder onthe shelf, another set of
checklists.
Ori Wellington (05:38):
Instead of being embedded.
Sam Jones (05:39):
Instead of being a living, breathing, valuable part
of how the organizationactually operates.
The mindset fuels the culture,the behaviors needed to make the
model work.
Ori Wellington (05:48):
That makes total sense.
Okay, so what are some of thecore principles then, that
really drive this integratedrisk thinking?
The article mentioned five keyones.
Let's unpack those a bit.
First, one risk as strategicintelligence.
That sounds pretty foundational.
Sam Jones (06:06):
It really is.
This principle basically saysthat the insights you get from
managing risk they shouldn'tjust sit in a report somewhere.
Right, they need to be activelyused by leadership when they're
making the big calls.
Think about major strategicmoves expanding internationally,
launching a disruptive product,a huge digital transformation
project.
Ori Wellington (06:24):
I have to take stuff.
Sam Jones (06:24):
Exactly Understanding the risks baked into those
ventures isn't a side issue oran afterthought.
It's core, it's a vitalingredient in the strategic
recipe itself.
Ori Wellington (06:35):
So it's moving away from OK, great plan, let's
go.
Oh wait, what could go wrong?
Sam Jones (06:40):
Yes.
Ori Wellington (06:40):
To something more like let's figure out what
could go wrong, first understandit deeply, and then build our
strategy with that knowledgebaked in.
Sam Jones (06:47):
Precisely.
You leverage risk insights toshape the strategy from the
outset, not just react later.
It allows for smarter tradeoffs, better resource allocation and
, ultimately, a much higherchance of actually hitting your
strategic goals.
It's like a chess masterthinking several moves ahead,
anticipating the opponent.
Hmm, okay, principle number twoanticipating the opponent.
Ori Wellington (07:04):
Okay, Principle number two cross-functional
integration.
We sort of touched on this withthe silo idea.
How does IRT specificallyencourage breaking down those
walls?
Sam Jones (07:14):
Well, IRT actively promotes, even demands,
communication and collaborationbetween those functions that
usually operate separately ERM,ORM, TRM, GRC.
Right, it starts from afundamental truth Risks, don't
care about your org chart.
Functions that usually operateseparately.
Ori Wellington (07:24):
ERM.
Sam Jones (07:24):
ORM, trm, grc.
It starts from a fundamentaltruth Risks, don't care about
your org chart.
Ori Wellington (07:29):
No, they don't.
Sam Jones (07:30):
A data breach.
Like we said, it hitstechnology operations, customer
trust, legal compliance.
Its tentacles are everywhere.
By forcing or maybe encouraginga connected approach,
organizations get a much morecomplete, holistic picture of
these interconnected risks andthen they can develop unified,
more effective strategies tomanage them.
Ori Wellington (07:50):
It's like realizing that different
departments are holdingdifferent pieces of the same
really complicated puzzle.
Yeah, and IRT is the tablewhere they all come together to
actually see the whole picture.
Sam Jones (08:02):
That's a great way to think about it.
It's about fostering a sharedunderstanding, making sure
information flows freely, andactually valuing those diverse
perspectives when you'reassessing and managing risk.
Ori Wellington (08:13):
Okay.
Third principle proactive andpredictive management.
This sounds like getting outahead of trouble.
Sam Jones (08:19):
That's exactly the aim, instead of just waiting for
a risk to materialize and thenscrambling to clean up the mess.
Ori Wellington (08:24):
Which is stressful and expensive.
Sam Jones (08:26):
Right IRT emphasizes anticipating potential risks
much earlier in the game,embedding risk considerations
right into, say, the designphase of new products or
services, into the planningstages of big projects, into
day-to-day operational routines.
Ori Wellington (08:43):
So it's not just about having a fire
extinguisher ready.
It's about building with lessflammable materials in the first
place.
Sam Jones (08:48):
Precisely.
It's a fundamental shift from areactive posture waiting to be
hit to a proactive one,integrating risk management into
how you operate full stop.
This allows for much earlierdetection intervention and
hopefully avoiding majordisruptions altogether.
Ori Wellington (09:04):
Makes sense.
Number four is enterprise-wideownership.
This one suggests it's not justthe risk team's job anymore.
Sam Jones (09:11):
Absolutely not.
Irt really works to cultivate aculture where everyone in the
organization understands theirrole and takes some
accountability for managingrisks within their own area.
Ori Wellington (09:20):
From the top down.
Sam Jones (09:21):
From the CEO right down to every single team member
.
There needs to be a sharedawareness that managing risk is
part of everyone's jobdescription.
In a way, this collectiveresponsibility is absolutely
vital for building a trulyrisk-aware culture.
Think about safety on aconstruction site.
It's not just a safetyofficer's job.
Every worker needs to bevigilant.
Ori Wellington (09:43):
So it's like empowering everyone to say hang
on.
I see a potential problem hereregarding risk, not just
immediate safety hazards.
Sam Jones (09:50):
That's a perfect analogy Empowering people to
identify risks, escalate themappropriately and fostering that
sense of shared accountabilityacross the entire business.
Ori Wellington (09:59):
Okay, and the fifth principle adaptability and
agility.
Given well, everything we saidat the start about how fast
things change, this seems superimportant.
Sam Jones (10:10):
Crucial In today's world.
The speed of change is justrelentless New threats, shifting
regulations, market upheavals,technology breakthroughs.
You're the guy Right.
The ability to adapt quickly isparamount.
Irt helps build thisadaptability into the
organization's DNA.
By having that holistic,connected view of risk, you're
(10:31):
much better positioned toanticipate change, respond
effectively when it happens andmaintain resilience.
It helps you build thatcompetitive edge.
It's like being bamboo in thewind flexible bending, rather
than a rigid old oak that mightjust snap.
Ori Wellington (10:44):
So it's about reducing the chance of being
completely blindsided when theinevitable curveball comes.
Sam Jones (10:49):
Exactly Building that organizational agility lets you
pivot, adjust your riskstrategies on the fly and keep
moving forward even when theenvironment is turbulent.
Ori Wellington (10:56):
Okay, so those are the five principles
underpinning IRT.
Let's circle back, then, to theIRM navigator model again.
How does this IRT mindsetactually light up the different
components, the goals, ermprocesses, orm assets, trm and
policies?
Sam Jones (11:14):
Right.
Think of it this way IRT is thephilosophy that makes each of
those components work together,makes them more than just the
sum of their parts.
So for goals, rm, irt ensuresrisk insights aren't just
identified over here, but areactively used to shape and
refine your strategic objectivesover there, making those goals
more robust, more achievable.
Ori Wellington (11:34):
Oh, okay.
Sam Jones (11:34):
For processes, or RM.
Irt means embedding riskthinking directly into your
operational workflows, not as anadd-on, not as an audit check,
but as a fundamental part ofdesigning processes for
resilience and efficiency rightfrom the start.
Mark.
Ori Wellington (11:47):
MIRCHANDANI, so risk management becomes just
part of how things get then forassets, TRM, IRT drives a
proactive holistic approach toprotecting your tech assets.
Sam Jones (11:59):
It recognizes these aren't just bits of hardware and
software.
They're critical enablers ofthe business strategy.
Ori Wellington (12:04):
So aligning tech risk with business goals.
Sam Jones (12:06):
Precisely and finally , for policies.
Grc.
Irt helps ensure governance andcompliance aren't seen as these
separate, burdensome tasks.
They get integrated intostrategic workflows, making
compliance more seamless, lesspainful and actually supporting
agility rather than hindering it.
Ori Wellington (12:24):
Wow, ok, it really sounds like IRT takes the
IRM navigator from being maybea potentially static framework
on paper.
Sam Jones (12:32):
Yes.
Ori Wellington (12:33):
And turns it into a living, breathing,
dynamic tool that actuallyshapes how a company runs.
Sam Jones (12:38):
That's a great way to put it.
Irt provides the essentialcontext, the leadership
commitment, the culturalfoundation, all the things
needed for the IRM navigator totruly deliver its potential
value.
Ori Wellington (12:47):
So let's talk payoff If an organization really
embraces this IRT mindset, getsit working with something like
the navigator model what are thetangible strategic benefits
that they can actually expect tosee?
Sam Jones (12:59):
Oh, the benefits can be really substantial.
First off, you're likely to seemuch enhanced strategic
execution Because your bigdecisions are grounded in a
better understanding of risk.
Those initiatives are just morelikely to succeed sustainably
efficiently.
Ori Wellington (13:11):
Makes sense.
Better planning, betteroutcomes.
Sam Jones (13:14):
Second, there's a definite boost in Makes sense
Better planning, better outcomes.
Second, there's a definiteboost in organizational
resilience.
That proactive, integratedapproach means you can spot
disruptions earlier, respondmore effectively and bounce back
faster when things inevitablygo wrong.
You're better prepared toweather the storms.
Ori Wellington (13:29):
Okay, so better execution, more resilience, what
else?
Sam Jones (13:32):
You also build stronger assurance and,
crucially, greater stakeholderconfidence.
Think about your board,regulators, investors, even
customers, when they see youhave a robust, coherent,
integrated way of managing risk.
It builds trust, it increasestransparency.
Ori Wellington (13:47):
It's huge.
These days, trust is everything.
Sam Jones (13:49):
It really is.
And finally, continuouscompliance tends to become less
of a headache when you embedcompliance thinking into your
daily operations.
It feels less like thisexternal burden you have to keep
checking for and more like anatural part of doing business
well.
Ori Wellington (14:03):
So it sounds like it's not just about dodging
bullets, avoiding the bad stuff.
It's also about building afundamentally stronger, more
reliable and more trustworthyorganization overall.
Sam Jones (14:12):
Exactly right.
It's about shifting riskmanagement from being perceived
purely as a cost centerunnecessary is evil into a
genuine source of strategicvalue and competitive advantage.
Ori Wellington (14:22):
Now you mentioned the article
referencing some prettysignificant growth projections
for the integrated riskmanagement technology market,
based on a wheelhouse advisorsreport.
What does that tell us abouthow important IRT is becoming?
Sam Jones (14:36):
Yeah, those projections are frankly
staggering.
The global IRM tech marketforecasted to jump from about
$61.6 billion in 2025 topotentially $134 billion by 2032
.
Ori Wellington (14:48):
Wow More than double.
Sam Jones (14:49):
More than double, and within that the TRM Slice
technology risk management isexpected to grow from around
$25.5 billion to nearly $60billion.
Ori Wellington (14:58):
Huge growth there too.
Sam Jones (14:59):
Huge.
This kind of explosive growthis a massive signal from the
market.
It clearly shows rapidlyincreasing demand for solutions
that offer integrated,intelligence-driven risk
management.
It really underscores the pointthat those traditional
fragmented, siloed approachesthey're just not cutting it
anymore for the complexitiesbusinesses face now.
Ori Wellington (15:19):
So the money is following the need for
integration.
Sam Jones (15:22):
Precisely.
It's a strong market validationthat integration isn't just a
nice to have anymore.
It's becoming a necessity.
Ori Wellington (15:30):
Those numbers really do paint a compelling
picture.
It's not just a theoreticalconcept we're discussing.
It sounds like businesses areactively voting with their
wallets, recognizing thisintegrated approach is becoming
essential to compete, maybe evento survive.
Sam Jones (15:43):
That's exactly right.
The market is clearly signalinga major shift towards tools and
platforms that provide thatholistic, interconnected view of
risk, the kind that enablesproactive management.
It strongly reinforces thiswhole idea that adopting an
integrated risk thinking mindsetisn't just a good strategic
move.
It's rapidly becoming animperative for long-term success
in this incredibly dynamicworld.
Ori Wellington (16:05):
Marc Thiessen.
So for the business leaderslistening right now, what's the
sort of the critical takeawaymessage about cultivating this
IRT mindset in their ownorganizations?
Sam Jones (16:14):
I think the key message is this Leaders who
champion integrated riskthinking, who really drive it
through their organizations.
They aren't just positioningtheir companies to survive
uncertainty or crisis, they'repositioning them to actually
thrive in it.
They're building companies thatare fundamentally more
resilient, yes, but also moreinnovative, more strategically
(16:35):
agile.
The IRM navigator model itoffers that valuable structure,
the framework, but it's the IRTmindset that truly unlocks its
power, that makes ittransformative.
Ori Wellington (16:46):
It really does seem to boil down to a
fundamental shift in perception,doesn't it Seeing risk not just
as these separate little firesto put out, but as an
interconnected system, anintegral part of the whole
business landscape.
Sam Jones (16:57):
Yeah, exactly the true competitive edge going
forward.
It won't just be about havingthe newest tech or the leanest
processes.
A huge part of it will be downto the fundamental way an
organization thinks about,understands and embraces risk.
That integrated perspective,that's what will increasingly
separate the winners.
Ori Wellington (17:15):
Okay, so to try and pull this all together then
yeah.
The core idea of integratedrisk thinking is this proactive,
interconnected, strategicmindset towards risk.
It's about evolving riskmanagement from something you
have to do, often reactively,into a genuine strategic asset,
something that drives betterdecisions, better performance
and makes a whole organizationstronger.
Sam Jones (17:36):
Precisely Seeing the bigger picture, understanding
those complex links betweendifferent risks and then using
those insights smartly to builda more robust, adaptive and,
ultimately, more successfulorganization.
Ori Wellington (17:47):
So, for all of you listening, maybe take a
moment to think about how yourown organization approaches risk
right now.
Are things managed in thoseseparate silos we talked about?
Is risk seen mainly as anegative, a threat to be
minimized, or is it also seen asa potential source of really
valuable strategic intelligence?
Sam Jones (18:06):
Yeah, it's.
A good question to ask.
Ori Wellington (18:07):
Potential source of really valuable strategic
intelligence?
Yeah, it's a good question toask.
Could making a conscious shifttowards this kind of integrated
risk thinking, this IRTframework?
Sam Jones (18:18):
unlock new potential for resilience, maybe even new
avenues for growth within yourbusiness.
And if you are interested indigging deeper into IRT or
exploring that IRM navigatormodel we discussed, Wheelhouse
Advisors has a lot moreinformation and resources
available on their website,which is wheelhouseadvisorscom.
Ori Wellington (18:30):
Great.
And just to leave you with onefinal thought, maybe a
provocative question to mullover what if the biggest risks
your organization actually facesaren't those obvious external
threats the cyber attacks, themarket shifts, the new
regulations?
What if the biggest risk isinternal, the limitations
imposed by a fragmented, siloedapproach to understanding and
managing those very threats?
(18:51):
Perhaps the real key tonavigating today's complexity
lies first in recognizing justhow interconnected everything is
and truly embracing thatholistic perspective on risk.
Wow, it really feels like the ground is just
constantly shifting underbusinesses these days.
Absolutely, you've got theselightning fast tech changes.
Sam Jones (00:07):
Yeah.
Ori Wellington (00:07):
Regulations popping up.
It feels like left and right.
Sam Jones (00:09):
Constantly.
Ori Wellington (00:10):
Cyber threats that are evolving by the minute.
Sam Jones (00:12):
Yeah.
Ori Wellington (00:13):
And then just the sheer complexity of
operating globally.
Sam Jones (00:16):
Yeah, it's a lot to juggle.
Ori Wellington (00:18):
It can leave you feeling like the old playbook
for managing risk.
Well, it just isn't quite up tothe task anymore.
Sam Jones (00:25):
Definitely.
Ori Wellington (00:25):
Like trying to use I don't know a map from 50
years ago to navigate Londontoday.
Sam Jones (00:30):
That feeling of inadequacy.
It's spot on the traditionalway where you know different
departments handle their bit ofrisk in isolation.
It often misses howinterconnected everything truly
is.
Ori Wellington (00:42):
Right.
Sam Jones (00:42):
It's like each instrument in an orchestra
playing its own tune.
Maybe some nice sounds, butdefinitely not a symphony.
No conductor.
Ori Wellington (00:49):
Exactly, and that's where this whole concept
of integrated risk thinking IRTfrom wheelhouse advisors seems
to come in.
It's presented not just asanother process, another set of
rules, but like a fundamentallydifferent way of looking at risk
.
Sam Jones (01:07):
A mindset shift really.
Ori Wellington (01:08):
Yeah, like putting on a new pair of glasses
that helps you see the wholelandscape, not just the bit
right in front of you.
Sam Jones (01:14):
That's a good way to put it.
Ori Wellington (01:15):
So, for this deep dive, our mission is pretty
straightforward.
We're going to break down whatIRT actually is and, maybe more
importantly, why it's somethingyou, listening, should probably
be paying attention to.
We're using insights from anarticle by Johnny Wheeler in the
Risk Tech Journal to guide us.
Sam Jones (01:32):
And it's also worth mentioning Wheelhouse Advisors
developed this thing called theIRM Navigator Model.
Ori Wellington (01:37):
Right, I saw that mentioned.
Sam Jones (01:38):
Yeah, and we'll definitely explore how that
framework, that practical tool,connects with this overarching
philosophy of integrated riskthinking.
As we go, think of IRT as theessential mindset, the
perspective you need to actuallymake those tools like the IRM
Navigator work effectively.
Ori Wellington (01:58):
Got it, so let's dig into this IRT idea, then.
The first thing that reallyjumped out at me was this
emphasis on it being a mindset,not just software or checklist.
What does that really look likefor a company day to day?
Sam Jones (02:12):
That's such a critical point.
Calling it a mindset signals areal philosophical change.
It's about moving riskmanagement away from being this
separate function.
You know the department youcall after a decision is made.
Ori Wellington (02:25):
Yeah, the risk review box to tick.
Sam Jones (02:27):
Exactly To making it woven into the very fabric of
how the organization thinks, howit acts every single day.
It's about proactively askingOK, what are the potential risks
here, before you launch thatnew product or enter that new
market or even just tweak aprocess?
Ori Wellington (02:43):
So instead of say the IT team just worrying
about firewalls over here andthe legal team just looking at
contracts over there, it'stotally separate.
Irt gets them talking, seeinghow their risks might connect or
even cascade.
Sam Jones (02:55):
Precisely.
Traditional risk managementoften lives in those silos right
, Dealing with issues reactivelyas they pop up within their
specific domain.
But today, a cybersecuritybreach isn't just an IT problem,
is it?
It can halt operations, trashyour reputation, trigger
regulatory fines.
Ori Wellington (03:12):
Right, it hits everywhere.
Sam Jones (03:13):
Everywhere.
Irt encourages seeing thoseconnections, those overlaps.
It enables a much morecoordinated and, frankly, more
effective response.
Think of it like moving fromindividual watch towers on a
castle wall to a central commandcenter that sees the whole
battlefield.
Ori Wellington (03:29):
And it's not just about defense.
Is it Playing defense all thetime?
The article suggests IRT canactually enable innovation,
agility and performance.
That feels like a prettydifferent spin on risk for a lot
of folks.
Sam Jones (03:41):
Oh, absolutely.
The conventional view oftenpaints risk as purely negative,
something to avoid, stamp out,you know.
Ori Wellington (03:48):
Yeah, minimize risk at all costs.
Sam Jones (03:49):
Right.
Irt acknowledges the dangers Ofcourse it has to, but it also
gets that smart risk taking iswell essential if you want to
grow.
By having a reallycomprehensive, integrated
understanding of potential risks, organizations can make much
more informed choices.
Where should we invest?
How can we innovate safely?
How do we operate moreefficiently without creating new
(04:10):
vulnerabilities?
It's about turning potentialroadblocks into strategic launch
pads.
Ori Wellington (04:17):
Like a climber assessing the route,
understanding the risks helpsthem climb better, faster, more
confidently.
That's a perfect analogy.
Sam Jones (04:24):
It's about understanding the risks helps
them climb better, faster, moreconfidently.
That's a perfect analogy.
It's about understanding therisks to ascend more effectively
, not just staying at the bottombecause it's safe.
Ori Wellington (04:30):
Okay, so we've got this mindset, this
integrated way of thinking aboutrisk.
Now, how does that connect backto and power that IRM navigator
model you mentioned earlier?
Sam Jones (04:40):
Okay, so think of the IRM navigator as the blueprint.
It's a structured frameworkright.
It has these four key domainsenterprise risk management ERM,
operational risk management, orm, technology risk management,
trm and governance.
Risk and compliance GRC.
Ori Wellington (04:54):
Right the four pillars.
Sam Jones (04:55):
Exactly, the model provides the architecture for
managing risk across these areas, but IRT, that's the energy,
energy source.
It's what makes thatarchitecture actually function
properly.
Without that integrated mindset, the model well?
Ori Wellington (05:10):
it risks becoming just a static diagram
on a slide okay, so the modelgives you the categories, the
buckets, the structure yes butthe IRT mindset is what actually
gets people to use it togethercollaboratively, effectively.
It's the why and the how behindthe what.
Sam Jones (05:25):
You got it.
Without that underlyingcommitment to integration, to
collaboration, to thinkingproactively, even the most
sophisticated risk model canjust fall flat.
It ends up as another binder onthe shelf, another set of
checklists.
Ori Wellington (05:38):
Instead of being embedded.
Sam Jones (05:39):
Instead of being a living, breathing, valuable part
of how the organizationactually operates.
The mindset fuels the culture,the behaviors needed to make the
model work.
Ori Wellington (05:48):
That makes total sense.
Okay, so what are some of thecore principles then, that
really drive this integratedrisk thinking?
The article mentioned five keyones.
Let's unpack those a bit.
First, one risk as strategicintelligence.
That sounds pretty foundational.
Sam Jones (06:06):
It really is.
This principle basically saysthat the insights you get from
managing risk they shouldn'tjust sit in a report somewhere.
Right, they need to be activelyused by leadership when they're
making the big calls.
Think about major strategicmoves expanding internationally,
launching a disruptive product,a huge digital transformation
project.
Ori Wellington (06:24):
I have to take stuff.
Sam Jones (06:24):
Exactly Understanding the risks baked into those
ventures isn't a side issue oran afterthought.
It's core, it's a vitalingredient in the strategic
recipe itself.
Ori Wellington (06:35):
So it's moving away from OK, great plan, let's
go.
Oh wait, what could go wrong?
Sam Jones (06:40):
Yes.
Ori Wellington (06:40):
To something more like let's figure out what
could go wrong, first understandit deeply, and then build our
strategy with that knowledgebaked in.
Sam Jones (06:47):
Precisely.
You leverage risk insights toshape the strategy from the
outset, not just react later.
It allows for smarter tradeoffs, better resource allocation and
, ultimately, a much higherchance of actually hitting your
strategic goals.
It's like a chess masterthinking several moves ahead,
anticipating the opponent.
Hmm, okay, principle number twoanticipating the opponent.
Ori Wellington (07:04):
Okay, Principle number two cross-functional
integration.
We sort of touched on this withthe silo idea.
How does IRT specificallyencourage breaking down those
walls?
Sam Jones (07:14):
Well, IRT actively promotes, even demands,
communication and collaborationbetween those functions that
usually operate separately ERM,ORM, TRM, GRC.
Right, it starts from afundamental truth Risks, don't
care about your org chart.
Functions that usually operateseparately.
Ori Wellington (07:24):
ERM.
Sam Jones (07:24):
ORM, trm, grc.
It starts from a fundamentaltruth Risks, don't care about
your org chart.
Ori Wellington (07:29):
No, they don't.
Sam Jones (07:30):
A data breach.
Like we said, it hitstechnology operations, customer
trust, legal compliance.
Its tentacles are everywhere.
By forcing or maybe encouraginga connected approach,
organizations get a much morecomplete, holistic picture of
these interconnected risks andthen they can develop unified,
more effective strategies tomanage them.
Ori Wellington (07:50):
It's like realizing that different
departments are holdingdifferent pieces of the same
really complicated puzzle.
Yeah, and IRT is the tablewhere they all come together to
actually see the whole picture.
Sam Jones (08:02):
That's a great way to think about it.
It's about fostering a sharedunderstanding, making sure
information flows freely, andactually valuing those diverse
perspectives when you'reassessing and managing risk.
Ori Wellington (08:13):
Okay.
Third principle proactive andpredictive management.
This sounds like getting outahead of trouble.
Sam Jones (08:19):
That's exactly the aim, instead of just waiting for
a risk to materialize and thenscrambling to clean up the mess.
Ori Wellington (08:24):
Which is stressful and expensive.
Sam Jones (08:26):
Right IRT emphasizes anticipating potential risks
much earlier in the game,embedding risk considerations
right into, say, the designphase of new products or
services, into the planningstages of big projects, into
day-to-day operational routines.
Ori Wellington (08:43):
So it's not just about having a fire
extinguisher ready.
It's about building with lessflammable materials in the first
place.
Sam Jones (08:48):
Precisely.
It's a fundamental shift from areactive posture waiting to be
hit to a proactive one,integrating risk management into
how you operate full stop.
This allows for much earlierdetection intervention and
hopefully avoiding majordisruptions altogether.
Ori Wellington (09:04):
Makes sense.
Number four is enterprise-wideownership.
This one suggests it's not justthe risk team's job anymore.
Sam Jones (09:11):
Absolutely not.
Irt really works to cultivate aculture where everyone in the
organization understands theirrole and takes some
accountability for managingrisks within their own area.
Ori Wellington (09:20):
From the top down.
Sam Jones (09:21):
From the CEO right down to every single team member
.
There needs to be a sharedawareness that managing risk is
part of everyone's jobdescription.
In a way, this collectiveresponsibility is absolutely
vital for building a trulyrisk-aware culture.
Think about safety on aconstruction site.
It's not just a safetyofficer's job.
Every worker needs to bevigilant.
Ori Wellington (09:43):
So it's like empowering everyone to say hang
on.
I see a potential problem hereregarding risk, not just
immediate safety hazards.
Sam Jones (09:50):
That's a perfect analogy Empowering people to
identify risks, escalate themappropriately and fostering that
sense of shared accountabilityacross the entire business.
Ori Wellington (09:59):
Okay, and the fifth principle adaptability and
agility.
Given well, everything we saidat the start about how fast
things change, this seems superimportant.
Sam Jones (10:10):
Crucial In today's world.
The speed of change is justrelentless New threats, shifting
regulations, market upheavals,technology breakthroughs.
You're the guy Right.
The ability to adapt quickly isparamount.
Irt helps build thisadaptability into the
organization's DNA.
By having that holistic,connected view of risk, you're
(10:31):
much better positioned toanticipate change, respond
effectively when it happens andmaintain resilience.
It helps you build thatcompetitive edge.
It's like being bamboo in thewind flexible bending, rather
than a rigid old oak that mightjust snap.
Ori Wellington (10:44):
So it's about reducing the chance of being
completely blindsided when theinevitable curveball comes.
Sam Jones (10:49):
Exactly Building that organizational agility lets you
pivot, adjust your riskstrategies on the fly and keep
moving forward even when theenvironment is turbulent.
Ori Wellington (10:56):
Okay, so those are the five principles
underpinning IRT.
Let's circle back, then, to theIRM navigator model again.
How does this IRT mindsetactually light up the different
components, the goals, ermprocesses, orm assets, trm and
policies?
Sam Jones (11:14):
Right.
Think of it this way IRT is thephilosophy that makes each of
those components work together,makes them more than just the
sum of their parts.
So for goals, rm, irt ensuresrisk insights aren't just
identified over here, but areactively used to shape and
refine your strategic objectivesover there, making those goals
more robust, more achievable.
Ori Wellington (11:34):
Oh, okay.
Sam Jones (11:34):
For processes, or RM.
Irt means embedding riskthinking directly into your
operational workflows, not as anadd-on, not as an audit check,
but as a fundamental part ofdesigning processes for
resilience and efficiency rightfrom the start.
Mark.
Ori Wellington (11:47):
MIRCHANDANI, so risk management becomes just
part of how things get then forassets, TRM, IRT drives a
proactive holistic approach toprotecting your tech assets.
Sam Jones (11:59):
It recognizes these aren't just bits of hardware and
software.
They're critical enablers ofthe business strategy.
Ori Wellington (12:04):
So aligning tech risk with business goals.
Sam Jones (12:06):
Precisely and finally , for policies.
Grc.
Irt helps ensure governance andcompliance aren't seen as these
separate, burdensome tasks.
They get integrated intostrategic workflows, making
compliance more seamless, lesspainful and actually supporting
agility rather than hindering it.
Ori Wellington (12:24):
Wow, ok, it really sounds like IRT takes the
IRM navigator from being maybea potentially static framework
on paper.
Sam Jones (12:32):
Yes.
Ori Wellington (12:33):
And turns it into a living, breathing,
dynamic tool that actuallyshapes how a company runs.
Sam Jones (12:38):
That's a great way to put it.
Irt provides the essentialcontext, the leadership
commitment, the culturalfoundation, all the things
needed for the IRM navigator totruly deliver its potential
value.
Ori Wellington (12:47):
So let's talk payoff If an organization really
embraces this IRT mindset, getsit working with something like
the navigator model what are thetangible strategic benefits
that they can actually expect tosee?
Sam Jones (12:59):
Oh, the benefits can be really substantial.
First off, you're likely to seemuch enhanced strategic
execution Because your bigdecisions are grounded in a
better understanding of risk.
Those initiatives are just morelikely to succeed sustainably
efficiently.
Ori Wellington (13:11):
Makes sense.
Better planning, betteroutcomes.
Sam Jones (13:14):
Second, there's a definite boost in Makes sense
Better planning, better outcomes.
Second, there's a definiteboost in organizational
resilience.
That proactive, integratedapproach means you can spot
disruptions earlier, respondmore effectively and bounce back
faster when things inevitablygo wrong.
You're better prepared toweather the storms.
Ori Wellington (13:29):
Okay, so better execution, more resilience, what
else?
Sam Jones (13:32):
You also build stronger assurance and,
crucially, greater stakeholderconfidence.
Think about your board,regulators, investors, even
customers, when they see youhave a robust, coherent,
integrated way of managing risk.
It builds trust, it increasestransparency.
Ori Wellington (13:47):
It's huge.
These days, trust is everything.
Sam Jones (13:49):
It really is.
And finally, continuouscompliance tends to become less
of a headache when you embedcompliance thinking into your
daily operations.
It feels less like thisexternal burden you have to keep
checking for and more like anatural part of doing business
well.
Ori Wellington (14:03):
So it sounds like it's not just about dodging
bullets, avoiding the bad stuff.
It's also about building afundamentally stronger, more
reliable and more trustworthyorganization overall.
Sam Jones (14:12):
Exactly right.
It's about shifting riskmanagement from being perceived
purely as a cost centerunnecessary is evil into a
genuine source of strategicvalue and competitive advantage.
Ori Wellington (14:22):
Now you mentioned the article
referencing some prettysignificant growth projections
for the integrated riskmanagement technology market,
based on a wheelhouse advisorsreport.
What does that tell us abouthow important IRT is becoming?
Sam Jones (14:36):
Yeah, those projections are frankly
staggering.
The global IRM tech marketforecasted to jump from about
$61.6 billion in 2025 topotentially $134 billion by 2032
.
Ori Wellington (14:48):
Wow More than double.
Sam Jones (14:49):
More than double, and within that the TRM Slice
technology risk management isexpected to grow from around
$25.5 billion to nearly $60billion.
Ori Wellington (14:58):
Huge growth there too.
Sam Jones (14:59):
Huge.
This kind of explosive growthis a massive signal from the
market.
It clearly shows rapidlyincreasing demand for solutions
that offer integrated,intelligence-driven risk
management.
It really underscores the pointthat those traditional
fragmented, siloed approachesthey're just not cutting it
anymore for the complexitiesbusinesses face now.
Ori Wellington (15:19):
So the money is following the need for
integration.
Sam Jones (15:22):
Precisely.
It's a strong market validationthat integration isn't just a
nice to have anymore.
It's becoming a necessity.
Ori Wellington (15:30):
Those numbers really do paint a compelling
picture.
It's not just a theoreticalconcept we're discussing.
It sounds like businesses areactively voting with their
wallets, recognizing thisintegrated approach is becoming
essential to compete, maybe evento survive.
Sam Jones (15:43):
That's exactly right.
The market is clearly signalinga major shift towards tools and
platforms that provide thatholistic, interconnected view of
risk, the kind that enablesproactive management.
It strongly reinforces thiswhole idea that adopting an
integrated risk thinking mindsetisn't just a good strategic
move.
It's rapidly becoming animperative for long-term success
in this incredibly dynamicworld.
Ori Wellington (16:05):
Marc Thiessen.
So for the business leaderslistening right now, what's the
sort of the critical takeawaymessage about cultivating this
IRT mindset in their ownorganizations?
Sam Jones (16:14):
I think the key message is this Leaders who
champion integrated riskthinking, who really drive it
through their organizations.
They aren't just positioningtheir companies to survive
uncertainty or crisis, they'repositioning them to actually
thrive in it.
They're building companies thatare fundamentally more
resilient, yes, but also moreinnovative, more strategically
(16:35):
agile.
The IRM navigator model itoffers that valuable structure,
the framework, but it's the IRTmindset that truly unlocks its
power, that makes ittransformative.
Ori Wellington (16:46):
It really does seem to boil down to a
fundamental shift in perception,doesn't it Seeing risk not just
as these separate little firesto put out, but as an
interconnected system, anintegral part of the whole
business landscape.
Sam Jones (16:57):
Yeah, exactly the true competitive edge going
forward.
It won't just be about havingthe newest tech or the leanest
processes.
A huge part of it will be downto the fundamental way an
organization thinks about,understands and embraces risk.
That integrated perspective,that's what will increasingly
separate the winners.
Ori Wellington (17:15):
Okay, so to try and pull this all together then
yeah.
The core idea of integratedrisk thinking is this proactive,
interconnected, strategicmindset towards risk.
It's about evolving riskmanagement from something you
have to do, often reactively,into a genuine strategic asset,
something that drives betterdecisions, better performance
and makes a whole organizationstronger.
Sam Jones (17:36):
Precisely Seeing the bigger picture, understanding
those complex links betweendifferent risks and then using
those insights smartly to builda more robust, adaptive and,
ultimately, more successfulorganization.
Ori Wellington (17:47):
So, for all of you listening, maybe take a
moment to think about how yourown organization approaches risk
right now.
Are things managed in thoseseparate silos we talked about?
Is risk seen mainly as anegative, a threat to be
minimized, or is it also seen asa potential source of really
valuable strategic intelligence?
Sam Jones (18:06):
Yeah, it's.
A good question to ask.
Ori Wellington (18:07):
Potential source of really valuable strategic
intelligence?
Yeah, it's a good question toask.
Could making a conscious shifttowards this kind of integrated
risk thinking, this IRTframework?
Sam Jones (18:18):
unlock new potential for resilience, maybe even new
avenues for growth within yourbusiness.
And if you are interested indigging deeper into IRT or
exploring that IRM navigatormodel we discussed, Wheelhouse
Advisors has a lot moreinformation and resources
available on their website,which is wheelhouseadvisorscom.
Ori Wellington (18:30):
Great.
And just to leave you with onefinal thought, maybe a
provocative question to mullover what if the biggest risks
your organization actually facesaren't those obvious external
threats the cyber attacks, themarket shifts, the new
regulations?
What if the biggest risk isinternal, the limitations
imposed by a fragmented, siloedapproach to understanding and
managing those very threats?
(18:51):
Perhaps the real key tonavigating today's complexity
lies first in recognizing justhow interconnected everything is
and truly embracing thatholistic perspective on risk.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies!
The Breakfast Club
The World's Most Dangerous Morning Show, The Breakfast Club, With DJ Envy, Jess Hilarious, And Charlamagne Tha God!