Most organizations will tell you they manage risk. They have registers, policies, dashboards, maybe even software that produces colorful heat maps. On paper, risk feels well covered. And yet, when things go wrong, the same question keeps surfacing in quiet meeting rooms and post-incident reviews: Di...