3 fatal mistakes corporate risk managers make (part 2)

A while back I wrote an article about 3 fatal mistakes risk consultants make https://riskacademy.blog/2017/01/14/3-fatal-mistakes-most-risk-consultants-make. It made quite an impact and was republished in Australia, Canada, Singapore and Europe with dozens of thousands of views. I feel it’s only fair to write a follow up article about the 3 more mistakes that risk managers themselves make.

If you remember in the previous article I warned that it may upset some conservative risk managers. Well… this one you are going to straight up hate. Truth is never easy to swallow but it is so rewarding in the long term, so perceiver and read to the end. However, if you are lazy and can’t be bothered to read, just watch the video: https://www.youtube.com/watch?v=WKeCDWcmu-w

I have been in corporate risk management for over 14 years, this is by no means a record or even mildly impressive, it is merely long enough to notice some trends. Just like many others, I like soul searching, finding out new way to integrate risk into what is important for business, trying different tricks to improve culture and dropping risk analysis tools that simply don’t work.

The last 3-4 years really have been quite amazing in terms of the shift in thinking we are experiencing in corporate risk management. A new paradigm is beginning to appear and take shape with more and more people writing about risk-based decision making and culture. Somewhat ironically this shift has also uncovered some ugly truths. I have tried to summarize them in 3 buckets:

A. Solving the wrong problem


Read part A here:  https://riskacademy.blog/2017/08/29/3-fatal-mistakes-corporate-risk-managers-still-make-part-1/

B. Ignoring the scientific research in field just outside of risk management

A while back I did a video on 4 competencies that every corporate risk manager (or a risk management team) should possess: https://www.youtube.com/watch?v=nqmnycKZwgg (watch the video if you can’t be bothered to read the article)

In the short video, I talked about:

  • Risk management skills and knowledge of regulations and risk management standards
  • Corporate finance, statistics and risk simulation and modelling skills
  • Psychology and good knowledge of cognitive sciences
  • Industry and company specific knowledge

Now ask yourself, how many of these does you risk team currently has? If we are being totally honest, many risk teams and most risk consultants at best have 2 out of 4 or less. That is alarming.

It is no longer good enough to just know ISO31000 or PMBOK, this is insufficient.

Corporate risk managers simply cannot continue to ignore all the research in the fields of corporate finance, statistics and cognitive sciences.

I think it is the worst kind of negligence for risk managers to use flawed instruments like heat maps and probability x consequence risk levels, while ignoring risk management tools like decision trees, Monte Carlo, stress testing and scenario analysis, which by the way were created in the 40s and the 60s.

Ironically, many organizations do use tools like Monte Carlo simulations (developed in 1946 by the way) for forecasting and research, but it’s not the risk manager who does that. It’s usually the marketing or strategy or planning departments. Same can be said about decision quality (a concept developed in 1960s) or psychological research (studied extensively since 1970s).

Kahneman’s Noble prize in 2002 was “for having integrated insights from psychological research into economic science, especially concerning human judgment and decision-making under uncertainty”. It has decision-making under uncertainty in the name, only for most risk managers to ignore it.

This is embarrassing.

If risk management is a decision-making tool, and it is, then risk managers must learn about decision quality and about making decisions under uncertainty asap. There is plenty of literature, just read my article on 8 best risk management books: https://riskacademy.blog/2017/01/14/my-favourite-risk-management-books/

To summarize here is a set of topics risk management teams need to pay attention to:

  • My favorite – risk phycology and risk perception. Extensive studies by scientists on how cognitive biases prevent people from making good decisions under uncertainty and how risk management tools can help significantly improve decision quality. Just ask @James Bone
  • Corporate finance – critical skill to model effect of uncertainty on schedules, financial models and budgets. A must have for any risk management team, regardless of industry or size
  • Industry knowledge – you better have an engineer or a biologist on your risk team if that is what the organization does. This is an absolute must if you want to seriously challenge executives on their decision making and come with cost effective mitigations.

Did you notice how I went the whole article without mentioning things like communication skills or other soft skills? Because none of them will help if you have nothing valuable to contribute.


What other areas risk managers must to know? Write in the comments section below. If somebody writes emotional intellect or some similar bs, you will have 5 years of bad fortune :))


To be continued…


– – – – – – – – – – – – – – – – – – – – –

RISK-ACADEMY offers decision making and risk management training and consulting services. Our corporate risk management training programs are specifically designed to promote risk-based decision making and integrating risk management into business processes. Risk managers all over the world call us in to help sell idea of integrating risk analysis into decision making and using quantitative risk analysis techniques. Check out most popular course for decision makers https://riskacademy.blog/product/risk-based-decision-making-executives/ or our dedicated programs to help risk managers learn the foundations of quant risk analysis https://riskacademy.blog/product/risk-managers-training/. We can also help audit risk management effectiveness or develop a roadmap for risk management integration into decision making https://riskacademy.blog/product/g31000-risk-management-maturity-assessment/ 



RISK-ACADEMY offers online courses


Informed Risk Taking

Learn 15 practical steps on integrating risk management into decision making, business processes, organizational culture and other activities!


ISO31000 Integrating Risk Management

Alex Sidorenko, known for his risk management blog http://www.riskacademy.blog, has created a 25-step program to integrate risk management into decision making, core business processes and the overall culture of the organization.


Advanced Risk Governance

This course gives guidance, motivation, critical information, and practical case studies to move beyond traditional risk governance, helping ensure risk management is not a stand-alone process but a change driver for business.


3 thoughts on “3 fatal mistakes corporate risk managers make (part 2)

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.