Visionary Voices
Intelligent Risk-Taking



Intelligent Risk-Taking Creates Big Opportunities
Upside—or Voluntary—Risk Is About Pursuing Opportunities in a Smart, Controlled Way
Ian sees untapped potential across organizations in working across all lines of defense, not just the third line (internal audit).
Whether it’s an acquisition, the implementation of new technology, a product expansion, or entering new markets, these actions create significant opportunities—but also introduce change and uncertainty. As Ian explains:
“Any strategic move creates opportunity, but it must be approached with foresight. You have to ask, What could go wrong on this journey, and are we proactively managing the risks that come with it?”
The Importance of Policy in Driving a Risk Culture
From the boardroom to the C-suite, organizations must clearly define how they intend to operate—and establish firm boundaries around their risk appetite.
“Wherever you can apply quantitative metrics, you should set specific risk tolerances. That way, you can actively monitor whether you’re operating within your defined boundaries.”
This top-down clarity is essential. Leadership must not only set the tone but drive a culture that aligns with the organization’s risk posture.
That’s where policy comes in. Every organization needs clearly articulated risk policies—especially when making intentional, opportunity-driven moves.
“If you’re planning to be acquisitive, launch new products, or expand into new markets—those are voluntary choices. But they still carry risk. The key is to define how you’ll manage it. Whatever the initiative, you need to have clear parameters and policies in place.”
Cloud ERP Migrations, for Instance, Offer a Massive, Missed Opportunity
When migrating to the cloud, it’s essential to consider how your processes and data will change—and to clearly define what will be managed in-house versus by external providers. Every stage of this transition introduces risk, and those risks must be managed holistically and intentionally.
One common oversight? Many system integrators fail to optimize automated controls during ERP implementations. To avoid this, organizations need dedicated controls expertise, thorough pre-implementation reviews, and a clear strategy for activating key features that support automated governance.
Taking a proactive approach ensures not only a smoother ERP transition, but also maximizes the long-term value of the investment—by embedding strong controls and governance from the outset.
Controlling Speed with AI Governance
The concept of managing the risk of technology, even when it’s moving fast, is not that much different from what we’ve always been doing and always advising clients.
When it comes to managing AI implementations, Ian offers a compelling framework: “Which cars have the best brakes in the world? Race cars. Because they go the fastest, you have to control their speed by having the best brakes.”
In other words, the underlying principles of technology risk management haven’t changed; AI just requires better, faster controls.
What Sets Our Risk Advisory Approach Apart?
It’s the combination of deep internal audit expertise with technology implementation experience. Unlike traditional audit firms focused on compliance testing, or system integrators focused on technical delivery, RGP brings both perspectives together. We work in small, agile teams that understand both the risk management frameworks and the practical realities.
As we look ahead, three trends will define the evolution risk management:
1
AI Governance Integration: Organizations need frameworks for managing AI implementations that balance innovation speed with appropriate controls—applying time-tested risk management principles to cutting-edge technology.
2
Advisory vs. Assurance Balance: Moving beyond traditional control testing to provide consulting-style advisory services on major technology investments, organizational change, and process optimization.
3
Cross-Functional Collaboration: Breaking down silos between internal audit, risk management, technology implementation, and change management to create holistic solutions for complex business challenges.
The Bottom Line
Risk management isn’t just about preventing problems—it’s about enabling intelligent risk-taking that drives business value. The organizations that recognize this evolution will unlock significant competitive advantages through optimized technology investments, better change management, and strategic risk governance.
If you’re ready to use risk management as a strategic value driver—let’s talk.
Visionary Voices