Home > Risk > Transforming risk management in 2019 and beyond

Transforming risk management in 2019 and beyond

I was thinking about a post for the New Year that would highlight the changes I would like to see in both practices and thought leadership around the management of risk, when I listened to a new video from my good friend, Alex Sidorenko.

Alex had been attending a risk management conference in Dubai led by another friend, Alex Dali. In this video, he shares a key takeaway.

The risk management leaders at this global conference said that there were two indicators of effective risk management.

The first is that business decisions are informed and intelligent (my words). The consideration of risk is integrated into the setting and then the execution of strategies through daily decisions.

My caution is that when we are talking about ‘risk’, we should be thinking about all the things that might happen, not only harms.

In fact, as I wrote in my last book, we should be avoiding the word ‘risk’ as management has a negative perception of it.

  1. Most think it only relates to harms
  2. Managers tend to think of risk management as a compliance activity

In fact, if we think instead about anticipating what might happen and making informed and intelligent decisions with that in mind, there will be a common purpose and understanding between practitioners and the leaders of the organization.

That’s the second set of indicators: a common understanding and language around risk.

My preference, which I will restate, is that we discard the technobabble of the risk practitioners in favor of using the language of the business. (Where everybody in a mature organization is comfortable with technobabble, then continue to use it – as long as it is not focused solely on harms.)

I come back to a Deloitte study from a few years ago.

Executives were asked whether risk management helped them set and then execute on strategies. Only about 13% said it made a significant positive contribution.

So, Alex, my vote for an indicator of success is when the leaders of the organization in the executive suite and on the board wholeheartedly answer the Deloitte question with a hearty thumbs up!


In 2019, let’s press the regulators, consultants, and other thought leaders to focus less on managing harms (especially in silos like vendor risk management) and more on helping those leading the business anticipate what might happen and make intelligent and informed decisions.


I welcome your thoughts.

  1. January 3, 2019 at 10:39 AM

    Totally agree, Norman!

  2. Anonymous
    January 3, 2019 at 2:53 PM

    Norman, what is meant by, what might happen, (that is not related to harm?)

    • Norman Marks
      January 3, 2019 at 5:15 PM

      Lots of good things can happen. Customers can demand more than you expected, for example.

  3. January 3, 2019 at 4:59 PM

    Hi Norman, I perfectly understand what you are saying. If we look at the definition of risk, it is a situation having several possible outcome which can be quantified. Several possible outcome means that there can be both positive and negative outcome so not just outcome related to harm. I don’t think management only focuses on the outcome that can bring harm to the company, rather they pay closer attention to them because those are the ones that needs to be closely monitored to ensure that they do not prevent the organisation from achieving its objectives.

    As it relates to making informed and intelligent decisions, I believe the entire outcome scenario must be taken into consideration; however, the word risk is fitting in my opinion to be used because the objective of all financial institutions is to maximise wealth, therefore risk is managing the degree of losses that the organisation is exposed to.

    Managing risk is managing the potential impact of a negative outcome. If there is a favourable outcome management I am sure will be able to utilise its resources to optimise wealth creation ; bearing in mind that risk exist at all levels of the organisation and in all processes.

    • January 3, 2019 at 5:04 PM

      By the way, this is Tamika, you longtime subscriber… I know it has been a while Norman. Good post as usual.

  4. Gary Lim
    January 4, 2019 at 6:37 AM

    Hi Norman, Happy New Year 2019. Maybe in a developed countries like your country it is nice to forget about the harm aspects, reality over in underdeveloped and developing countries the focus in my opinion should be on the negative aspects. Monitoring can then be carried out on the controls. If there are positives aspects arising from the risks, then its a bonus. I may even go to the extend to have controls making it idiot proof, here I am talking about risks with severe consequences. Will be glad to know your views on this.

    • Norman Marks
      January 4, 2019 at 8:36 AM

      Gary, do you live our life by only thinking about what might go wrong? Or do you weigh the positive and negative consequences of buying a home, eating at a new restaurant, etc? If you only assess the negative you will never achieve your goals.

      • Gary Lim
        January 8, 2019 at 11:57 PM

        Insurance is an industry where the insured would think of something might go wrong, the industry I spent 10 years as a Risk Engineer. During the time I looked for what might go wrong. From the insurance industry I learned about Risk hence risk management.

  5. Antonio Salas
    January 7, 2019 at 3:11 PM

    Hi Norman, Sorry but as English is not my mother’s tong and I struggle sometimes with Anglo-Saxon definitions, I need to ask the following: Why not refer to “Uncertainty” Management instead to Risk Management. Has the concept of uncertainty intrinsically positive and negative outcomes? If so, uncertainty management should be consider to make decisions towards increase the probablity of positive outcomes and to diminish the probablity of negative ones, doesn’t it?

  6. Norman Marks
    January 7, 2019 at 3:30 PM

    Antonio, that’s a good question. I don’t think there is a consensus on what ‘uncertainty’ means. Personally, I don’t think you can manage uncertainty or bring about absolute certainty. It’s a great goal that would make each of us rich.

    Here’s a definition.
    1 : the quality or state of being uncertain : DOUBT
    2 : something that is uncertain

    Grant Purdy is working on a book on managing uncertainty. I don’t think the term will resonate with executives as meaningful. Better by far to talk about managing success, decision-making, or even, more simply, effective management.

    • Antonio Salas
      January 7, 2019 at 4:07 PM

      Thanks Norman for your prompt response. I can see your point and it seems that we are talking about: managing properly. But of course there could be also discussions about what properly means. Thus effective management sounds better indeed.
      Best regards,

  7. C
    January 9, 2019 at 11:04 AM

    Having worked in this area at the highest level, I like the idea of risk being about opportunity and threat. A threat can be changed into an opportunity to gain strategic advantages that are beneficial for business. We do it in our every day lives so the best practitioners are those who use that too in the business world. Opportunities arise unexpectedly, a product that takes off when you least expect it, or a takeover when a competitor is struggling. It is part of the skill of the board and the CEX to be identifying those opportunities and benchmarking their performance against their competitiors surely. To concentrate simply on achieveing objectives can be fatal for business as when met you achieve your bonus but might have damaged the business to the core from which it may not recover, but by then you will be long gone.

    • Gary Lim
      January 9, 2019 at 6:47 PM

      Dear C, would it be correct in my interpretation that once the THREATS are addressed, it creates OPPORTUNITIES, so address the threats FIRST, opportunities arise unexpectedly. This is the way I had been trained as a Fire Risk Engineer.

      • Norman Marks
        January 9, 2019 at 8:53 PM

        My view is that we should focus on achieving success rather than only avoiding failure

  1. January 6, 2019 at 11:23 PM

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: