In this episode of Risk Is Our Business, Captain Michael Rasmussen welcomes Richard Chambers, Senior Advisor at AuditBoard and one of the most influential voices in internal audit and assurance, to discuss how risk, audit, and compliance have evolved in a decade defined by unprecedented velocity and volatility.

Richard reflects on the shifting mindset across GRC—from static frameworks and predictable cycles to a world where risk signals move fast, interdependencies compound, and organizations must adapt with greater speed and clarity than ever before.

The conversation draws a sharp distinction between good and bad audit in this environment. Bad audit is adversarial, a corporate police force focused on fault-finding and paperwork. Good audit is a value protector, a trusted partner helping management navigate uncertainty, make sound decisions, and keep the organization moving toward its objectives. If the business fears internal audit, something fundamental is broken.

They then examine modern risk management, emphasizing that effective programs are grounded in realistic assessments of likelihood and materiality, not abstract heat maps or theatrical risk registers. Risk is not something to be avoided; it is something to be understood so the organization can move with intention.

Compliance enters the discussion as well, particularly the cultural divide between the U.S.’s checkbox-heavy approach and Europe’s more risk-based, integrity-oriented model. Compliance, Richard argues, is ultimately about who the organization chooses to be.

The episode closes by looking ahead five years—where AI, automation, and intelligence-driven assurance will shape the role of audit, risk, and compliance. The mission remains the same, but the tools and tempo of the work are changing at warp speed.