There seem to be a lot of angry talk about various risk management certifications on the web lately. Most such comments are coming from people who are very ill-informed about how certification, any certification, works in general. As a creater of 2 national risk management certification programs that have been hugely successful in Russia, here are my 5 cents.

First, here are some sobering facts:

almost every country in the world has it’s own national non-financial risk management certification, there are also few pan-eurpean and global ones
all are optional, none are compulsary by law (despite many unethical attempts to limit competition)
most certifications are done by national risk management associations, although some countries have healthy competition offering more than one certification program to local market
regulators, employers are mainly ignorant to non-financial risk management certifications hence one certification program does not have noticable advantage over the other
all certifications are build upon some globally regognised foundation, ISO31000 seems to be a favourite one, my favourite one as well
certification is just an exam with options including self-study, online prep training or face to face prep training (how long the training is irrelevant, since certifications test prior and existing knowledge, training is more like a refresher)
most existing certification programs are useless, because they still focus on conducting risk assessments and treating risk management as a stand-alone independent process, however there are some good ones
there is limited or no quality control or oversight in place.

I give my advice on how to choose the best non-financial risk management certification in this video:

Below is an example of the certification program developed by RISK-ACADEMY — a Russian leader in risk management training, Global Institute for Risk Management Standards and the best risk managers from Russia and the CIS. The program is aligned with the international risk management standards ISO31000:2009 principles and shows numerous examples of how COSO:ERM 2004 is flawed in almost all regards.

It consists of 4 modules:

MODULE I. RISK MANAGEMENT FOUNDATIONS

Definition of risk
History of risk management
International and national standards in risk management
Introduction to finances, project management and process management
Introduction to statistics
Insurance basics

MODULE II. RISK MANAGEMENT IN DECISION MAKING

Tools and techniques to identify risks associated with decision making or the achievement of goals/KPIs
Tools and techniques to analyse and quantify effect of uncertainty on decisions or on achievement of KPIs (decision trees, sensitivity analysis, scoring models, Monte-Carlo simulations, scenario analysis, bow-ties)
Risk mitigation within the confines of decision making and achievement of KPIs
Monitoring, reporting and communicating decisions made or the achievement of KPIs with risks in mind

MODULE III. PSYCHOLOGY AND CULTURE OF RISK MANAGEMENT

Cognitive biases inherent to decision making and risk management
Integrating risk management principles into the overall corporate culture
Principles of professional ethics

MODULE IV. INTEGRATING RISK MANAGEMENT IN A BUSINESS

Aligning risk management efforts with the overall risk appetite
A roadmap for integration of risk management:
- Developing new and updating existing policies and procedures
- Integration into decision making, planning, budgeting, purchasing, auditing
- Risk management roles and responsibilities, risk management KPIs
- Integrating risk information into management reporting
Resources required for the implementation of risk management
Monitoring and evaluation of the effectiveness of risk management (maturity models, including our own advanced risk management maturity model)
Risk management continuous improvement
Risk management software