Huge thank you to the 160K+ readers who visited the RISK-ACADEMY blog this year. 2021 brought a lot of risk management transformation. Not that there is much fundamentally new in the science of risk or decision making, but rather because more and more risk professionals come to a long overdue realization that RM1 doesn’t create value for the shareholders, heatmaps distort risk communication, quantitative risk analysis is no longer optional and risk registers rarely help make decisions. The good news is that a lot of quality material is available to risk managers to quickly upskill and apply RM2. Here are some of the most popular and influential articles and resources from 2021.
I first created this article back in 2017 and as I came across more and more powerful risk management books, it is time to expand the list and group the books by subject. For consistency sake I grouped all the books into three groups:
- foundation in risk management and decision making
- advanced risk analysis
- other important books every risk manager must read.
Ok, the title is obviously a joke, because the alternatives (multiple) have been available to anyone willing to learn for over 50 years. To me, using risk matrices is a question of ethics and professional skills and is totally up to the individual risk manager. The flaws are fundamental to risk matrices design and there nothing a risk manager / business analyst can do to make them reliable. So what are the alternatives?
One of the biggest issues in the risk management profession is that many, way too many, people who have the title of risk manager are not really qualified to do the job. Many don’t even have the minimum required education. Imagine a doctor who vaguely remembers doing biology in year 9 high school. Well that’s your average risk manager trying to remember how probability theory works. This article is not really for risk managers, it’s for the people who hire risk managers.
While working on the project in the Middle East recently the RISK-ACADEMY team came up with what looks like the best risk identification template I’ve seen in a long time. This is what a good risk register should look like, if there was ever a need for one.
If there is one thing I learned as a CRO, it is crucial to understand the nature of each and every risk we have to work with. I will no doubt write a separate article about the mistake of aggregating various risks into a risk register or attempting to use the same methodology to quantify different risks, but that will come later. This article is about understanding the nature of the risk. Not the risk definition in ISO31000 because that has hardly any practical use, but understanding the true nature of each risk, from first principles. To make this article easier to digest, there at least three forms a risk can take.
Risk management is ultimately about creating a culture that would facilitate risk discussion when performing business activities or making any strategic, investment or project decision. In this free book, Alex Sidorenko and Elena Demidenko talk about practical steps risk managers can take to integrate risk management into decision making and core business processes. Based on our research and the interviews, we have summarised fifteen practical ideas on how to improve the integration of risk management into the daily life of the organisation. These were grouped into three high-level objectives: drive risk culture, help integrate risk management into business and become a trusted advisor.
Integrating risk management into strategic planning is NOT doing a strategic risk assessment or even having a risk conversation at the strategy setting meeting, it is so much more. Read this step by step.