At the risk of sounding controversial, we believe risk managers sometimes need to take responsibility for providing an independent risk analysis not based on the information supplied by the management. Although rare, there may be situations where manager approving the project or making a decision has significant conflicts of interest or there may be suspicion of fraud.

Risk managers need to establish risk analysis methodologies that limit reliance on management information and internal data which may be tampered with. Risk analysis should be based on industry data, statistical information, verifiable data and external reliable providers etc.

Risk managers should also use communication channels that allow presentation of an alternative point of view to management. While the goal should be working with the business and providing the necessary support to make risk-based decisions, sometimes risk managers need to play the role of a policeman.

As a result, risk managers may be required to defend their position at the executive meetings, propose risk mitigation actions and even take responsibility for some of the risk mitigation. As someone who had to do it almost on a weekly basis, we can tell you it takes a lot of courage and bulletproof risk management methodologies. It’s difficult, but it’s the only way to become an equal participant in the decision making and not just an observer.

Alex has created a short bootcamp designed to help companies implement quantitative risk management. Imagine saving the company so much money that investing in risk management competencies and resources becomes a no brainer for the executives. That's exactly what Alex Sidorenko did at a global $10B chemical company and he has been kind enough to share his top tips and lessons learned with you each week. Sign up now!



Discuss with senior management the need for an alternative / opposing point of view on certain business decisions
Consider having veto power for risk managers on certain types of business decisions
Develop risk analysis methodologies that do not heavily rely on management information
Establish an independent escalation channel to raise issues if management is ignoring risks





RISK-ACADEMY offers online courses

+ Buy now

Informed Risk Taking

Learn 15 practical steps on integrating risk management into decision making, business processes, organizational culture and other activities!

+ Buy now

ISO31000 Integrating Risk Management

Alex Sidorenko, known for his risk management blog, has created a 25-step program to integrate risk management into decision making, core business processes and the overall culture of the organization.

+ Buy now

Advanced Risk Governance

This course gives guidance, motivation, critical information, and practical case studies to move beyond traditional risk governance, helping ensure risk management is not a stand-alone process but a change driver for business.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.