Home > Risk > Risk management and thinking

Risk management and thinking

Last week, I was privileged to present what was billed as a “3 hour master class” on World-Class Risk Management to about 200 risk and internal audit leaders in Moscow.

Organized by Alex Sidorenko and the Risk Academy (check out their excellent web page, which includes blogs and a free book on effective risk management), I spoke about a couple of themes from my World-Class Risk Management book:

  • Effective risk management is about far more than a periodic review of a list of risks. It’s about taking the right level of the right risks, especially as we make decisions running the business.
  • The journey to world-class risk management involves understanding and addressing the risks to the quality of the risk information relied upon by decision-makers, executives, and the board.

The Risk Academy web site includes a link where you can see the entire presentation.

Alex treated me to a tour of the city, which I thoroughly enjoyed – especially the opportunity to chat and share ideas about the management of risk.

During our conversation, I realized something.

What do people say when you do something they think is wrong?

“What were you thinking?”

After you struggle to reply, they continue with:

“You weren’t thinking, were you?”


What do they mean? They mean that you weren’t thinking about the consequences of your actions, what might happen, and the other choices you could have made.

Isn’t that risk management?

  • Identifying what might happen
  • Assessing and evaluating the effects of what might happen
  • Determining whether that is desirable or acceptable
  • Taking action as appropriate, including making a different decision if necessary
  • Checking afterwards that what happened met your expectations and acting as necessary, going back to the top of this list (remember how ISO 31000:2009 says that risk management is dynamic, iterative, and responsive to change)

How can we help decision-makers think about what might happen?

Isn’t that the role of the world-class risk practitioner?

I welcome your thoughts.

  1. Jim DeLoach
    May 20, 2017 at 10:44 AM

    That was a great trip, Norman. Nice point on “what were they thinking?” Yep, they weren’t thinking at all, were they?

    • Norman Marks
      May 20, 2017 at 10:48 AM

      Yes, Jim. What were they thinking when they invited me?? 🙂

  2. May 20, 2017 at 11:12 PM

    Reblogged this on RISK-ACADEMY Blog and commented:
    Norman Marks did a great presentation in Moscow, we are very greatful he shared his ideas with the local risk management community.

  3. May 21, 2017 at 4:45 AM

    Norman, I’m a first-time reader of yours. Thank you for these thoughts!

    I’ve found in my work with schools, one has to “sell” the notion of risk management, and it hopefully it becomes a way of life, not merely a one-time exercise.!!

    Often presenting it as a strategic process to help the school deliver on mission .v. “avoiding bad things” helps administration be more enthused and take ownership!!

    Thanks again,



  4. May 22, 2017 at 1:34 AM

    Thanks for this Norman.

  5. Edward Clark
    May 22, 2017 at 4:56 AM

    Norman, Great points as always. Anyone who merely performs a periodic review of a list of risks is not thinking. True risk managers must understand the risk profile of their assets and forecast changes in the same. Granted the assistance of operational leadership proves vital in this task, but if we do not conduct risk reviews based upon foreseeable changes in an assets risk profile, we are doomed to live in crisis. Its the equivalent of knowing you are going to Africa and saying I need to get a yellow fever shot vs conducting a monthly review and sending an email to someone that just returned from Africa and telling them they should have gotten a yellow fever shot.

    Sometimes executives avoid the risk management input as we are often seen as naysayers (Like lawyers). As we look at your 5 bullets, above, I fear too many risk management systems or processes stop after the first two.

  6. Carlos Pires
    June 28, 2017 at 8:18 PM

    Great Points!! Risks should be seen far more than a list of things that should be prevented as well as avoided. Sometimes risk can be a good thing but the risk is providing great prevention is much better. I will say that living in learning through life lessons is great but learning through someones lessons helps you avoid many issues that will otherwise be learned through trial and error. Preventive measures are always the best way to be prepared. Now acting in the most stressful environments, helps you be an amazing manager.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: