Authors: Alex Sidorenko and Elena Demidenko
This book about risk management is different from the other books that I already read about the subject. It is an e-book that not only works with text. The texts, usually a page per subject as an appetizer, are alternated with to do checklists, and many lists with click-through options to videos on youtube and URLs with web pages with further explanation. It is a handy book full of tips of do’s and don’ts of tasks that belong to risk management. These checklists are a useful task list for a CRO in a company.
The structure is realized in 3 major objectives: 1) Drive risk culture; 2) Help integrate risk management into business; 3) Become a trusted advisor. What did I remember?
Drive risk culture: make sure you have a suitable framework for working on risk management. Knowledge of the regulations that the company must comply with is important. In addition, ISO 31000 can be a handy standard. Moreover, the management of suitable risk analysis techniques is an advantage. Already from the beginning of the book the authors talk about Monte Carlo and scenario analysis. As always, involving top management is a must. All classics of risk management are discussed. But there are also useful tips such as the fact that you best discuss risks per topic in the board meeting instead of making risk management a separate subject of these meetings. Furthermore, a no-blame culture is essential. That is logical, because you still have to work with others to improve the performance of the organization. Another important psychological tip is to determine risk management responsibilities in the job descriptions. Furthermore, it was an eye-opener that risk management is primarily a matter of change management for the culture of the organization.
Help integrate risk management into business: it is important that risk management is not something that comes with it, but something that is included in the work itself. It is very important, for example, that it is integrated in taking the different types of decisions. After all, an informed decision always makes a trade-off between the advantages and disadvantages (the impact) and the chances that these will occur. That is why it is also important that the business and the CRO speak the same language. And if things go wrong, the business must be able to escalate in a simple way.
Become a trusted advisor: know the business, but also know your risk management techniques. Maintain your skills of scenario analysis, stress testing, Monte Carlo techniques, game theory, behavioral psychology … a lot of different scientific techniques can be applied. They take care of it, together with a look at the environment, that you can inform the management of emerging risks. Finally, you do not do it all alone. You can rely on the help of people in the organization (risk champions) but you can also rely on the knowledge of colleagues in other organizations. So networking is the message.
The number of topics is very large, and with all referrals in it, it is a very strong book. It is advisable to take your time and also see the videos, as a different form of learning. Because of this structure, the book does not have to be read from front to back, but can be started at a certain point, depending on the needs of the moment.
The book is freely available on the website of RISK-ACADEMY: