Risk Management Could Be a Powerful Tool, But it Just isn’t (part 3)

In the third of a four-part series, Alex Sidorenko, founder and CEO of Risk-Academy, explains how risk management is disconnected from decision making.

If there is one thing I learned in my previous role as Head of Risk at a multibillion-dollar sovereign investment fund, risk management is not about managing risks. It’s about helping management make strategic, operational and investment decisions while keeping the risks in mind.

It sounds simple enough, but it’s anything but. Here are some of the lessons I had to learn the hard way:

A. Part 1

B. Part 2

C. Business decisions happen every day, not once a quarter

This I found most bizarre, we seem to have created a myth that risk management is about managing risks. Not so. Risk management is not an objective in itself. It’s just another management tool to help them make better decisions and hence achieve the objectives. There is a big difference between how mature organizations implement risk management and the rest.

Mature organizations do risk analysis when a decision is made, using whatever risk analysis methodology is appropriate for that particular type of decision. The rest do risk management when it’s time to do risk management, be it annually, quarterly or some other regular internal. Nothing could be further from the truth. Unless our methodologies, approaches and tools allow risks to be analyzed at any moment during the day, when an important decision is being made or at every milestone within the core business processes, we are unlikely to get management’s attention. This was a big challenge for me personally and to overcome the challenges I recommend the following:

  • Integrate risk analysis into significant strategic, operational or investment decisions.
  • Create a methodology that allows management to identify, analyze and document key risks associated with the decision. Make sure the outcomes of the risk analysis have a direct impact on the decision structure or content, otherwise it makes no sense for the management to do the risk analysis. For example, on some of the investment projects the outcomes of the risk analysis affected the valuation of the projects.
  • Provide risk management training and support. 
  • Create a separate methodology to validate the results of the risk analysis prepared by the management using the information provided by finance, legal, strategy, internal audit and security departments.

2 thoughts on “Risk Management Could Be a Powerful Tool, But it Just isn’t (part 3)

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.