Built on Trust: Risk, Assurance, and the Norwegian Perspective

Built on Trust: Risk, Assurance, and the Norwegian Perspective

In this episode of Risk Is Our Business, Captain Michael Rasmussen sits down with leaders from Norway’s Institute of Internal Auditors for a conversation about how culture shapes governance, risk, compliance, and assurance. The discussion begins with Norwegian business culture and one of its defining characteristics: trust. They explore how trust influences decision-making, accountability, and assurance practices, and how that foundation differs from more rules-driven environments. The conversation also examines the maturity of risk management and assurance in Norway, where strong practices coexist with significant opportunities for growth as organizations confront increasingly complex and fast-moving risks. The group discusses the challenges facing assurance professionals today, including the accelerating pace of change, emerging risks, and the need for organizations to adapt without losing sight of business value. They compare Nordic and U.S. approaches to risk management, highlighting the more pragmatic, business-oriented perspective often found across Scandinavia. A particularly interesting part of the conversation focuses on the evolution of Norway’s IIA chapter itself. Unlike many national chapters, the Norwegian organization has expanded beyond a traditional audit focus to serve a broader community of GRC professionals. They share how that transformation occurred, what it has meant for members, and how they see the organization evolving toward 2030. The episode closes with practical advice for organizations seeking to strengthen assurance and risk management capabilities in an environment where trust remains essential, but trust alone is no longer enough.

The Sound of Risk: Why Listening Matters More Than Knowing with Bruno Parnet

Recorded live at Risk-!n Conference 2026, this episode of Risk Is Our Business features Bruno Parnet, Manager of Risk Management at Audemars Piguet, for a conversation on the human side of risk management and what it takes to build a program that genuinely supports the business. Captain Michael Rasmussen begins by asking a familiar question to any listener—what keeps risk leaders awake at night? For Bruno, the answer lies not only in specific threats facing a company that manufactures some of the world's most prestigious timepieces, but also in the challenge of understanding risks well enough to act before they become problems. The discussion explores what bad risk management looks like, including approaches that are disconnected from the business or focused more on process than outcomes. In contrast, Bruno argues that good risk management starts with listening. Risk professionals must acknowledge that they do not have all the answers, engage stakeholders across the organization, and act as facilitators who help the business understand and navigate uncertainty. They also discuss whether Switzerland has its own approach to risk management and how culture influences the way organizations think about governance, decision-making, and accountability. From there, the conversation turns to the future, exploring how Bruno sees his risk management program evolving by 2030 and the role technology may play in supporting that journey. The episode closes with practical advice for organizations seeking to strengthen their risk capabilities, emphasizing that effective risk management is often less about imposing frameworks and more about building trust, creating dialogue, and helping people make better decisions.

Conducting Resilience: Beyond Compliance and Into Action with Aurore Chatard

Recorded live at Risk-!n Conference 2026, this episode of Risk Is Our Business features Aurore Chatard in a conversation about what it truly takes to build resilience in an increasingly complex and interconnected world. Captain Michael Rasmussen and Aurore begin by discussing what keeps resilience leaders awake at night and why many organizations still struggle to move beyond a compliance-driven view of continuity and resilience. They unpack what bad resilience looks like, including programs that exist primarily to satisfy regulatory requirements, before exploring the characteristics of organizations that are genuinely prepared to adapt, respond, and recover. A central theme of the discussion is orchestration. Michael and Aurore compare resilience to a symphony orchestra, where success depends not on individual performers but on how well people, processes, technologies, and leadership work together. Without coordination, even the most capable functions can fail when disruption strikes. The conversation also explores the growing influence of regulations such as NIST and DORA, examining whether they help organizations become more resilient or risk turning resilience into another compliance exercise. Along the way, Aurore shares lessons learned from years spent leading security, continuity, and crisis management programs, offering practical insights for professionals looking to strengthen resilience capabilities within their own organizations. They close by reflecting on Risk-!n Conference 2026 itself, discussing the growth of the event, the conversations shaping the future of the profession, and the increasing recognition that resilience is becoming a core business capability rather than a specialist discipline.

Shaking the Prime Directive: Rethinking Risk from the Ground Up with Adrian Clements

Recorded live at Risk-!n Conference 2026, this episode of Risk Is Our Business begins with a warning from Adrian Clements. Before agreeing to come aboard, he made it clear that he intended to "shake the tree." Captain Michael Rasmussen's response was simple: engage. What follows is a conversation that challenges some of the profession's most deeply held assumptions. Adrian argues that many organizations are still navigating with outdated star charts, relying on inherited frameworks and conventional wisdom that no longer match the realities of today's environment. Rather than tweaking existing approaches, he makes the case for stepping back, questioning first principles, and rebuilding from the ground up. They explore what that looks like in practice. How do organizations break free from legacy thinking? How do leaders create the conditions for better decision-making? And what practical steps can be taken to transform risk from a compliance exercise into a driver of performance and value creation? The discussion also examines the role of technology. Not as the destination, but as an enabler that helps organizations operationalize better thinking, improve visibility, and support more intelligent decisions. Along the way, Adrian and Michael reflect on their key takeaways from Risk-!n Conference 2026, discussing the ideas and trends that suggest the profession may be entering a new phase of evolution.

The Speed of Risk: Controls and Decision-Making with Hermann Suter

Recorded live at the Risk-!n Conference 2026, this episode of Risk Is Our Business features Hermann Suter, Head of Group Enterprise Risk Management at Barry Callebaut Group, in a conversation on how risk management must evolve in an environment where the speed of change is accelerating faster than many organizations can absorb. Hermann and Captain Michael Rasmussen begin with a deceptively simple question. If organizations claim to have an enterprise-wide view of risk, shouldn’t they also have an enterprise-wide view of controls? From there, the discussion turns to what actually keeps risk leaders awake at night. Not just specific threats, but the sheer pace and velocity of risk itself. They unpack what bad risk and control management looks like. In contrast, they argue that effective risk management starts with understanding that every meaningful decision already contains a form of risk analysis, whether organizations recognize it or not. The conversation also explores how to align risk with business culture rather than impose it from the outside, how Swiss and broader European perspectives influence approaches to governance and controls, and where technology is genuinely helping modern ERM programs. They close by discussing what excited them most at the conference itself, including the growing focus on interconnected risk, operational resilience, and the future direction of enterprise risk management.