Most of you know me as an obnoxious risk management blogger who is rude to anyone who uses heat-maps and risk registers as well as to people who think that running risk workshops and preparing quarterly risk reports is a good idea. But there is a lot more to the story. Here is how me and my friends really spend our spare time…
A truly inspirational story about risk management.
3 years ago 4 full time risk managers (Alex Sidorenko, head of risk of the largest sovereign fund, Konstantin Dozhdykov, head of transformation, one of the largest construction companies, Lubov Frolova, head of risk, defense company and Dmitry Shevchenko, head of risk, largest mobile operator) created a non-for-profit entity in Russia called Institute for Strategic Risk Analysis (ISAR). The company had the vision to completely transform the risk management profession in Russia and CIS.
3 years later the achievements have far exceeded even the wildest dreams…
Back in 2016 consultants dominated the national risk agenda, pushing for government guidance that contradicted the very principles of ISO31000 and who promoted risk management as a standalone system and not as an integral part of decision making, planning and performance management. Government agencies, national risk management association and other institutes were publishing confusing and contradicting messages about risk management, all centered around risk identification, assessment and mitigation. The national risk management association was failing in its duty to develop the profession, with less than 70 members and less than 10 active members (Russia’s population is 140m to put things in perspective) and busy with internal politics and smear campaigns. The profession itself was going through rough times, average risk management salary was low, executives did not perceive risk as a value add and risk management staff turnover was huge.
A small group of risk managers who felt passionate about risk management decided to step in. First, we tried to use the national risk management association as a platform, but that didn’t last long. I was kicked out literally a week after being nominated as a Board member. Some say because the president of the association was threatened by our rapid success and direct style. I think it was because I refused to play ball in some dodgy doings around sponsorship money. Lubov was kicked out a couple of months later. Ironically, only a few months after receiving a lifetime achievement award from that same president. Can’t even remember what bullsh@t excuse he came up with for kicking Lubov out. It was fun, I never had a full blown smear campaign against me before. Highly recommended, everyone should experience this at least one in their lifetime. Good character test 🙂
Anyway, we went solo. This was a far greater challenge, but nothing 4 crazy risk managers couldn’t do. With a limited budget and little time for face to face interactions (all four still working full time and soon after I moved to Spain and Dmitry to another town for work and Lubov went on maternity leave) we had to make everything digital, so we created:
- business plans using mind-maps at coggle.it
- daily planning meetings and decision making in WhatsApp
- kept risk management contacts in an online CRM
Here are just some of the notable achievement up to now:
- Developed a risk management maturity model for the Federal Auditor General focusing on risk based decision making, planning and performance management. This is now used to audit risk management effectiveness at government agencies.
- Rewrote the national standard for risk management professional that reinforces the need to integrate risk management into decision making and improve how organizations plan, forecast, budget and access performance using risk analysis and national risk management certification program. This is a huge difference to the current version that contradicts ISO31000 principles and for some bizarre reason encourages separate risk management system. Sadly written by academics clueless about risk management. The new version is now in draft going through public consultations.
- 150+ certified risk managers from largest corporations across Russia https://risk-academy.
ru/%d1%80%d0%b8%d1%81%d0%ba-% d0%b0%d0%ba%d0%b0%d0%b4%d0%b5% d0%bc%d0%b8%d1%8f-%d0%be%d1% 82%d0%b7%d1%8b%d0%b2%d1%8b/. - Currently working on a draft risk management standard to promote risk-based decision making across government agencies, based on ISO31000, for the Ministry of Economics. We, together with out colleagues at Deloitte, managed to stop the approval of another academic miracle that was encouraging each government to establish standalone risk management systems instead of integrating risk management into decision making, planning and performance management that was bound to cost taxpayers a lot of money.
- Draft risk management guidance to promote risk-based decision making across government based corporations, based on ISO31000.
- Twice ran the biggest national risk maturity survey together with Deloitte Russia. More than 100 largest companies participated. Surveys available at https://risk-academy.ru/
category/resources/surveys/ - Ran biggest non-financial risk management conferences 3 years in a row, promoting ISO31000, risk-based decision making and integrated risk management.
- The most popular and highly visited (more than 80% of the national traffic searching for risk management information) non-financial risk management portal in the country: www.risk-academy.ru
- 2400 subscribers on YouTube, 403 videos
- 2360 people attended free risk management webinars
- Number 1 free risk management book in the world, 60000+ downloads in 2 languages https://www.
researchgate.net/publication/ 323254437_FREE_RISK_ MANAGEMENT_BOOK_GUIDE_TO_ EFFECTIVE_RISK_MANAGEMENT_30 and https://risk-academy.ru/ download/risk-management-book/ . - 316 risk management articles in english and 300 in Russian (reprinted in local and international risk management magazines).
- Risk management content and training provider for IIA Russia, Institute of Independent Directors, Internal Control Association of Russia, ACFE Russia, Gazprom, RZHD, ALROSA, ROSNEFT and other large corporations. More than 1000 executives and top managers trained.
- Created 3 interactive offline and 1 online risk management games that are used by universities.
- 300+ downloads per day from our free risk management template library http://risk-academy.
ru/risk-management-templates/. - Started building risk management community in facebook after LinkedIn was blocked in Russia (still blocked) and created biggest Russian speaking risk management in non-financial services community https://www.
facebook.com/groups/isar. russia/ - Established and ran the largest ever, transparent risk management awards ceremony in 2018, to be done again in 2019 together with the representative of the Central Bank and Ministry of Finance.
- Actively promoting risk management across Russia and the first to open a Siberian office.
- Published risk management textbook. New textbook published to be published in February 2019.
- First ever full risk management course online in Russian https://edunano.ru/
courses/risk-orientirovannoe- upravlenie-podgotovka-k- sertifikatsii/.
All of this was achieved WHILE working full-time as senior risk managers in the largest corporations. Lubov Frolova continued working even on her maternity leave. This is truly a remarkable effort. ISAR team has made risk management history in Russia by rewriting legislation, changing risk management guidelines and standards, rewriting exams, all in an effort to move away from risk management 1 (corporate governance) to risk management 2 (integrated into decision making). Let that sink in. 4 individuals in their spare time created a national platform that achieved 100x the positive impact the national risk management association couldn’t achieve in 15 years.
I believe this is the first time ever, anywhere in the world, that a small non-for-profit team made such a positive impact on the national risk management community. Not with, but despite the national risk management associations.
Because we, as a team, had a passion about risk management and courage to challenge the status quo and not accept the risk management 1 just because everyone was doing it or because that’s what the auditors told us. Implementing risk management 2 is going to be a challenge for you too and I wish you the courage to stay the course!
Here are just some of the feedback ISAR team receives from the risk community in Russia https://risk-academy.
Check out other decision making books
RISK-ACADEMY offers online courses

Informed Risk Taking
Learn 15 practical steps on integrating risk management into decision making, business processes, organizational culture and other activities!

ISO31000 Integrating Risk Management
Alex Sidorenko, known for his risk management blog http://www.riskacademy.blog, has created a 25-step program to integrate risk management into decision making, core business processes and the overall culture of the organization.

Advanced Risk Governance
This course gives guidance, motivation, critical information, and practical case studies to move beyond traditional risk governance, helping ensure risk management is not a stand-alone process but a change driver for business.