Is your risk manager a USER or a GENERATOR? What about you?

I bet every person working in a large corporation or reading me on LinkedIn knows at least one risk manager. Maybe you like them, maybe you ignore them, but can you tell whether your risk manager friend is a “USER” or a “GENERATOR”? Sam Savage has been popularising the idea of different risk management roles for years and after doing few webcasts with him, I have to agree. Read on and let me know what you think.

The problem of low quantitative risk maturity

Outside of financial services, the debate whether we need to quantify all risks is still ongoing. The overall maturity of quant risk analysis adoption is still embarrassingly low. I don’t understand why or how this is even possible in 2022, but nevertheless. Over the years I heard so many excuses it became exhausting. So I was very happy when Sam Savage and Doug Hubbard did a great job at summarising all the common excuses here Sam and I are now doing a weekly broadcast to dispel these common myths, so don’t miss it, subscribe to RISK-ACADEMY YouTube channel to watch

In my mind, there is no debate. Any risk on the planet is a distribution. A distribution that has expected losses, plausible worse case scenario (VaR) and the rare but catastrophic tail. Making any significant business or risk mitigation decision is impossible without understanding the underlying risk exposures. And yet, I still hear how quantitative risk analysis is somehow not applicable to not-for-profit or medium size business or something or other. There is a common theme however. People who are making excuses are not qualified to work in risk management in the first place. I am yet to meet a quant who decided to change his career for colourful heatmaps.  Qualitative risk managers are the antivaxxers of modern times :))

The other problem is that even risk managers that do apply quantitative risk analysis all do it differently. There is no consistency or a standard in the industry. I was amazed recently when I surveyed a dozen quants on how they model FX risks, there were a dozen different methodologies. No wonder decision makers are reluctant to uptake quant risk analysis, it is like wild west at the moment.

Over the years I put a lot of effort trying to bring quantitative risk analysis to the masses: my free book became the most popular on the planet, I created RISK AWARENESS WEEK which has now been watched by more than 10000 people from 121 countries, started this blog, which now has more views than most risk management magazines on the planet, popular YouTube channel, Udemy courses and so on. I looked up stats on LinkedIn, my posts have been viewed 4.5 million times last year. So, has the quantitative risk revolution happened already? No, it has not. And so, after 10 years of popularising quant risk analysis in non-financial companies, it is time to try something else.

The solution of two risk managers

What if turning every risk manager into a quant is just wishful thinking? What if, unless you have background in statistics and probability theory, quant risk analysis is not for you? What is 3 day certification courses can’t turn an auditor into a risk quant? What if accounting education does nothing to help risk managers become risk managers? What if reading couple of books from my list doesn’t turn you into a quant? What if some risk managers are meant to be generators and others are better fit to be users? And where does RM1 sit in all of this? Let’s find out…

You are a GENERATOR if…

Risk managers who have the education in math, statistics, probability theory, etc are GENERATORS. They know and understand distributions. It is not necessary to teach them the difference between PERT and Lognormal or explain how correlation works. To them quant risk analysis is some of the easiest quant work they did that week. Just like electricity generation plants they produce correlated distributions save and transport them as SIPs or SIDs. These people should be responsible for the risk analysis under the bonnet, as long as there is an industry standard for doing risk analysis and decision makers trust the outputs. They can model anything under the sun. They back test their models and refine them, they know what model error is.  Sign up for RAW2022 to upgrade your skills

Think of risk analysts sitting in Pentagon basement, crunching numbers, cleaning data, producing distributions.

You are a USER if…

Risk managers who understand the decision science, behavioral economics, corporate finance, etc. are USERS. They know and understand distributions, but more importantly they understand decision making and how to integrate the outputs of quant risk analysis into insurance buying, planning, forecasting, vendor accreditation, deal valuation and so on. Their role is to sell risk analysis to decision makers, build relationships, integrate, present, improve, build risk culture. Sign up for RAW2022 to upgrade your skills

In my later part of the career I became a user, since I had people much smarter than me to do the actual math.

You are not a risk manager if…

If you are implementing ERM, have a risk methodology that ranks risks from 1 to 5, think risks are colours, conduct regular risk workshops to update corporate risk register… I have bad news for you…

RISK-ACADEMY offers online courses


Informed Risk Taking

Learn 15 practical steps on integrating risk management into decision making, business processes, organizational culture and other activities!


ISO31000 Integrating Risk Management

Alex Sidorenko, known for his risk management blog, has created a 25-step program to integrate risk management into decision making, core business processes and the overall culture of the organization.


Advanced Risk Governance

This course gives guidance, motivation, critical information, and practical case studies to move beyond traditional risk governance, helping ensure risk management is not a stand-alone process but a change driver for business.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.