My name is Alex Sidorenko, head of operational, investment risk and insurance at a group of companies with combined revenue $15B. In 2021 our company got an honorable mention at RIMS and I was named risk manager of the year by FERMA. I am a big fan of transparency and knowledge sharing, so I created this monthly newsletter to share some of the wins and tricks of the trade and hopefully make someone’s risk management journey more rewarding.
Despite ‘risk management’ being a much-heard expression these days, there is no agreement to the problem it is (ostensibly) solving. Even among those who advocate its adoption and practice (often to earn their living) it has no settled meaning, nor even clarity of purpose. Its clumsy and ever-changing constructs and confected jargon complicates rather than improves decision making and, therefore, organisational performance.
Despite the fact that risk management is a decision making tool, you should probably get Risk Management 1 sorted first, to keep the auditors, rating agencies and regulators at bay. It’s RM1, so keep it as simple and as quick as possible, this is less than 10% of the overall effort. Auditors love asking for policies and procedures, so give them what they want and make it pretty.
A1. Develop a short risk management policy structured around ISO31000 principles – this one is very easy, just follow the steps below:
- take existing corporate policy template
- take the principles from ISO31000:2018
- build a policy around the principles, keep it short. I think I have an example on my download page.
A2. Develop a very basic risk management framework document, aligned with ISO31000 – same as above, use the ISO31000:2018 to develop a framework document. Stick to the text of the standard as close as possible, don’t reinvent the wheel. Borrow some good sentences from COSO: ERM 2017 as well, just for fun. Claim that the document is aligned with both. Auditors love that.
A3. Identify and fulfil any other regulatory or shareholder requirement regarding risk management – this is also an important step, as many industries have additional risk management requirements, make sure you crossed them all when drafting policy and framework documents.
Finally! An alternative to risk matrices. Ok, this is obviously a joke, because the alternatives (multiple) have been available to anyone willing to learn for over 50 years. To me, using risk matrices is a question of ethics and professional skills and is totally up to the individual risk manager. The flaws are fundamental to risk matrices design and there nothing a risk manager / business analyst can do to make them reliable. Want to know the alternatives, read the full article https://riskacademy.blog/finally-an-alternative-to-risk-matrices/
Fooled by Randomness: The Hidden Role of Chance in Life and in the Markets was the book that changed my life when it was first published and set me on the quest for better risk based decision making and RM2. Before getting into the science of risk management, it is important to understand the philosophy of risk taking and uncertainty.
RAW2022 is scheduled for October. Now is your chance to nominate speakers or topics. Simply comment below. Also, if you are aware of any RM2 events coming up do let me know and I will include in the next newsletter.