Understanding risk management 2: Risk Awareness Wisdom AI Bot

Welcome Risk Awareness Wisdom Bot—an AI-driven chatbot designed to address a myriad of questions related to risk management. You can use it on any page of the RISK-ACADEMY blog or at the end of this article.

Over the course of six months, from January to July 2023, we’ve collected a wealth of data from numerous interactions between users and the chatbot. This article collates and presents the insights gathered from these conversations, offering readers a comprehensive overview of prevalent topics and queries in the world of risk management 2.

While the article provides an in-depth look into the questions and their corresponding answers, there’s immense value in personalized interactions. We encourage readers to directly engage with the Risk Awareness Wisdom Bot. Experience first-hand its vast knowledge base, most of the time it’s as soon as talking to me.

These are some of the most common questions asked:

Fundamentals of risk management

  • Question: What is risk management 2?
    • Answer: Risk Management 2 (RM2) is a alternative approach to risk management based on the findings from probability theory, decision science and behavioural economics. This approach emphasizes integrating quantitative risk management into the decision-making, planning and performance management. The key theme of risk management 2 is changing how organisations plan and decide by adding a quantitative risk element to it, as opposed to stand alone management of risks.
  • Question: What is enterprise risk management?
    • Answer: Enterprise risk management (ERM) is a common marketing approach to identifying, assessing, managing, and monitoring risks across an organization. It claims to ensure that risks are managed holistically and consistently across different departments and business units. ERM is a flawed concept by design and creates disproportionately low value compared to the resources required. It was designed to promote and sell consulting and window dressing for external stakeholders.

Quantitative approaches to risk analysis

  • Question: Why use a Bernoulli distribution in quantifying probability?
    • Answer: The Bernoulli distribution is a discrete probability distribution for a random variable that takes on two possible outcomes, typically labeled 0 and 1. It’s commonly used in risk management to model binary outcomes, such as the success or failure of a project, the occurrence or non-occurrence of an event, etc. It provides a simple yet powerful way to quantify the likelihood of events with two possible outcomes.
  • Question: How to quantify risks?
    • Answer: Quantifying risks involves developing a loss exceedance curve. This is usually done by simulating both the likelihood/frequency of an adverse event occurring and the potential impact if it does occur. Common methods include:
      • Probabilistic modelling: Using statistical distributions to model uncertainties.
      • Monte Carlo simulations: Running thousands of simulations with varying inputs to understand the range of potential outcomes.
      • Sensitivity analysis: Understanding how changes in individual factors affect overall risk.

Risk visualization and reporting

  • Question: Alternatives to heatmaps?
    • Answer: Heatmaps are flawed by design and yet have been artificially popular for visualizing risks. Their limitations are so substantial, it is not recommended they are used for any decisions of substance. Alternatives to heatmaps include:
      • Decision Trees or Influence Diagrams: Graphical representations that map out possible outcomes for a series of related choices, often used to understand decision-making processes and their potential consequences.
      • Scenario Analysis: A method of analyzing possible future events by considering alternative possible outcomes or sequences of events, helping organizations prepare for various plausible futures.
      • Stress Testing: A technique used to determine the ability of a system or financial model to maintain its effectiveness under extreme conditions, ensuring robustness in volatile environments.
      • Simulation Modelling Techniques: Computational tools that imitate real-world processes to predict potential outcomes, allowing for the exploration of “what-if” scenarios in complex systems.
  • Question: Propose a reporting template for the quarterly board risk committee risk report.
    • Answer: Ideally you don’t need a quarterly Board Risk Committee report, because risk information is embedded and provided in normal management performance reporting and financial reporting. However if you insist on having a separate risk report it might include the following sections:
      • Executive Summary: Highlighting key risk issues, changes since the last report, and upcoming challenges.
      • Risk Landscape: An overview of the current risk landscape, including emerging and most significant risks.
      • Risk Metrics and Trends: Charts, graphs, and tables showing key risk metrics and their trends over time.
      • Incident Review: A review of any significant risk events or incidents that occurred during the quarter and lessons learned.
      • Recommendations: Proposals for enhancing risk management practices, based on the insights from the report.

Risk culture

  • Question: Does organizational culture influence risk maturity?
    • Answer: Absolutely. Organizational culture plays a crucial role in determining how risks are perceived, assessed, and managed within a company. A proactive risk culture promotes transparency, encourages open communication about risks, and values the role of risk management in supporting the company’s objectives. Organizations with a mature risk culture are often better equipped to identify emerging risks, respond to challenges, and seize opportunities in a risk-informed manner.
  • Question: Are there steps in achieving risk culture and maturity?
    • Answer: Achieving risk culture and maturity is a journey that involves several steps:
      • Awareness: Educating employees at all levels about the importance of risk management.
      • Integration: Embedding risk management practices into daily operations and decision-making processes.
      • Measurement: Regularly assessing and measuring the organization’s risk management capabilities.
      • Improvement: Continuously refining and enhancing risk management practices based on feedback and lessons learned.

Tools, resources, and recommendations

  • Question: How to integrate risk decisions?
    • Answer: Integrating risk into decisions involves understanding the potential uncertainties associated with each option and weighing them against the expected benefits. Key steps include:
      • Identifying uncertainties: What are the unknowns related to each decision?
      • Assessing potential outcomes: What are the best-case, worst-case, and most likely scenarios for each uncertainty?
      • Weighing risks against benefits: Considering the potential negative outcomes alongside the positive ones.
      • Implementing risk response strategies: Deciding whether to accept, mitigate, transfer, or avoid each risk.


Try the RAW chatbot yourself for free:

RISK-ACADEMY offers online courses


Informed Risk Taking

Learn 15 practical steps on integrating risk management into decision making, business processes, organizational culture and other activities!


ISO31000 Integrating Risk Management

Alex Sidorenko, known for his risk management blog http://www.riskacademy.blog, has created a 25-step program to integrate risk management into decision making, core business processes and the overall culture of the organization.


Advanced Risk Governance

This course gives guidance, motivation, critical information, and practical case studies to move beyond traditional risk governance, helping ensure risk management is not a stand-alone process but a change driver for business.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.