Couple of months ago I promised Hans Læssøe to respond to his article about the link between risk management and decision making. I finally managed to summarise my thoughts in this short video: https://www.youtube.com/watch?v=AHUW1Tecfac, but basically I believe risk management was hijacked by auditors and consultants approximately 30 years ago and turned into a joke and… Continue reading Should it be objective-centric ERM or decision focused risk management or risk-based decision making or just decision making?
First, kudos to the FAIR team for nudging the IT community towards better risk analysis. I was first introduced to FAIR methodology approximately 2 years ago at the Copenhagen risk management conference. The timing was quite fortunate since we just finished a project quantifying intellectual property risks for a major telecom client in Russia. We… Continue reading 3 steps to make FAIR methodology so much better and avoid common pitfals
My friend, Norman Marks, has been talking about rebranding risk management for years. Norman calls for risk professionals to focus on enabling success rather than avoiding failure. I think this is brillian advice. A way to communicate risk management insights to executives and the Board is to talk about the likelihood of success. Well, the… Continue reading Forget about risk management. Measure the likelihood of success instead. #ChangingRisk
IIA recently published a Practice Guide on Assessing the Risk Management Process. It sounded interesting so I set aside some time to go through the document. Overall verdict The maturity model proposed by IIA has exactly the same fundamental flaws that all of the other 100+ consulting risk maturity models out there have. Plus, while… Continue reading Is IIA secretly trying to kill risk management? Sometimes I wonder.
Ok, the title is obviously a joke, because the alternatives (multiple) have been available to anyone willing to learn for over 50 years. But since you clicked, this article will probably change your life for the better. Thank you Damir Ramazanov, Group Project Risk Manager, ERG for helping with the article and providing quality review. … Continue reading Finally! An alternative to risk matrices
Most of you know me as an obnoxious risk manegement blogger who is rude to anyone who uses heatmaps and risk registers as well as to people who think that running risk workshops and prepaing quarterly risk reports is a good idea. But there is a lot more to the story. Here is how me… Continue reading The most inspirational story about risk management you will ever read 😉
It truly was a great webinar! Watch the replay from Francois Blouin, Senior Manager, Risk Management – Culture and Transformation at National Bank of Canada and Alex Sidorenko, RISK-ACADEMY, talking about risk culture and what it means to an organization. We shared 13 action points for you to implement. I, naturally, suggest you watch the… Continue reading Risk culture or risky culture – great webinar and what are some of the takeaways
I have just updated a risk management implementation roadmap/action plan. A risk management roadmap is a concise document which describes the key actions required to implement risk management within a non-financial organization. The actions are divided into 4 categories: risk management 1 (the necessary evil, because many stakeholders still don’t get risk management, try and spend… Continue reading FREE risk management implementation roadmap
Risk management should be inclusive. Appropriate and timely consultation and involvement of stakeholders enables their knowledge, views and perceptions to be taken into account which results in improved awareness and informed risk management and decision making. Recording and reporting provide a means of communication that facilitates the integration of risk management across organizational boundaries and… Continue reading RISK MATURITY: How to establish communication and consultation? (part 2)
Risk management should be inclusive. Appropriate and timely consultation and involvement of stakeholders enables their knowledge, views and perceptions to be taken into account which results in improved awareness and informed risk management and decision making. Recording and reporting provide a means of communication that facilitates the integration of risk management across organizational boundaries and… Continue reading RISK MATURITY: How to establish communication and consultation? (part 1)