Designing the best risk management training

To train or not to train?

Risk management may seem simple enough in theory, yet many employees still don’t have the necessary skills and competencies to successfully apply it in practice. One of the key components in building risk management skills is no doubt employee training and development.

But how effective training really is? Interestingly, I found the following research:

  • A 24X7 Learning survey revealed that only 12% of learners say they apply the skills from the training they receive to their job (report by 24×7 Learning: “Workplace Learning – 2015”. September 2015).
  • According to a 2015 ATD research study, only 38% of managers believe that their learning programs meet their learner’s needs.
  • One out of every three employees say that uninspiring content is a barrier to their learning (Embracing change/towards maturity 2015-2016 industry benchmark report).
  • Only 25% of training programs measurably improve business performance (McKinsey Quarterly 2010).
  • Humans forget 40% of what they’ve learned after 20 minutes and 64% after just 9 hours (H.Ebbinghaus, A contribution to Experimental Psychology, 1885).

The findings from various studies, while inconclusive, suggest that training while very important, it alone is unlikely to be the turning point in building a strong risk management culture. I discuss other tools / techniques to build risk culture in this article:

While risk management training is not panacea, it is important to plan, design and deliver it properly

I have recently recorded a short video on risk management training, you can view it here: In the video  I talk about few things that risk managers may implement in their companies to significantly improve risk management training effectiveness:

A. Risk management competences should become an important attribute when hiring new personnel

Include risk management requirements in all relevant job descriptions when hiring new personnel for the organisation. Work with HR to streamline the process.

B. Include risk-based decision-making in induction training for new employees

New hires come from a variety of education and experience backgrounds and most importantly, each new employee has their own perception of what is an acceptable risk. It is important for risk managers to cooperate with the Human Resources department or any other business unit responsible for training, to jointly carry out training on the basics of risk management for all new employees.

C. Conduct awareness sessions for senior management and the Board

Tone at the top is very important for risk culture development. Executives and Board members play a vital role in driving the risk management agenda. Nowadays many executives and Board members have a basic understanding of risk management. Auditors, risk management professional associations and regulators have been quite influential in shaping the Board’s perception of risk management. Unfortunately, not all the messages communicated by the auditors and regulators are sound and some are downright wrong. For example, one of the government agencies in Russia published a guidance document that encourages companies to have a standalone risk management process which in many ways contradict the core principles of ISO31000:2009. It is important for the risk manager to take the lead on forming the Boards and senior managements view on risk management by providing risk awareness sessions and relevant information.

Make risk management training less about risk assessments and more about risk-based decision making, planning, budgeting and investment management. Don’t teach management how to manage risks, teach them how to do their job with risks in mind.

D. Conduct regular refresher training

Record all risk management training sessions on video and make videos available on corporate intranet. Send employees annual or quarterly reminders to watch videos as a risk management refresher.

E. Conduct in-depth training for “risk-champions”

Provide additional risk management training to the in-house risk management team and business units responsible for internal control, audit, finance, strategy and others. Risk managers may conduct it personally or outsource to third party providers. In-depth risk management training should include: risk psychology and risk perception basic, risk culture, ISO 31000, risk management and decision making foundations, integration of risk management into core business processes and decisions.

F. Make risk training competency based

Make all risk management training competency based and set KPIs to check for noticeable improvement in the quality of risk based decision making. Each training session should start and end with competency tests. Surveys should also be conducted one month and six months after the training to test for knowledge retention.

G. Develop certification programmes for employees in high risk activities

Another useful suggestion is to develop an internal risk management certification for employees working in high-risk activities. This will ensure staff working in high risk activities, like manufacturing, trading, insurance, security and others possess adequate risk management skills and remain cognisant of the risks associated with their work.

H. Use passive learning techniques

Make sure that risk management information is available to employees, contractors and visitors. Place Risk Management Policy on the intranet and the corporate website, record and publish risk management training or awareness sessions videos on the dedicated risk management intranet page. Invite guest speakers (risk managers from other companies) to speak at the Audit Committee or Risk Management Committee and give all employees the opportunity to participate. I have used this in the past and it worked very well. Periodically post useful risk management related articles and research papers on the corporate intranet. Make the risk management information easily accessible to staff.

RISK-ACADEMY specialises in developing and delivering online and face to face risk management training programs. For more information about our training programmes or to order training for your company visit If you are interested in sitting the G31000 certification exam after the training and receiving a risk management certification please refer to management-certification/

RISK-ACADEMY offers online courses


Informed Risk Taking

Learn 15 practical steps on integrating risk management into decision making, business processes, organizational culture and other activities!


ISO31000 Integrating Risk Management

Alex Sidorenko, known for his risk management blog, has created a 25-step program to integrate risk management into decision making, core business processes and the overall culture of the organization.


Advanced Risk Governance

This course gives guidance, motivation, critical information, and practical case studies to move beyond traditional risk governance, helping ensure risk management is not a stand-alone process but a change driver for business.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.