RISK-ACADEMY’S GUIDE ON

RISK
CULTURE
Structure of the guide
Guide to risk culture 3

Introduction 3

Change the risk team mentality first 3

Find the right sponsors 3
Help employees integrate risk management into their decisions and processes 3

Update existing policies and procedures to include elements of risk manag… 3

Include risk management roles and responsibilities into existing job descrip… 3
Include risk management metrics into individual and corporate performanc… 3
Join forces with other managers responsible for other areas of performanc… 3

Improve risk awareness through training 3

Incorporate risk-based decision-making principles in new employee inducti… 3
Provide training for senior management and the Board 3
Establish risk oversight 3
Integrate risk information into Board’s agenda 3

Consider establishing a Risk Management Committee at the management l… 3

Change how risks are reported 3
Include risk information in the company's external communication 3

Include risk information into existing internal communication channels 3

Position risk management as a service 3

Reinforce the "no blame" culture 3

Examples and case studies 4

Action plan 5

Additional resources 6
Useful videos on the topic 7

Recommended reading 8

Contact the author 9

Legal disclaimer and copyright notice 10
Guide to risk culture

Introduction
Welcome to the RISK-ACADEMY's Guide on Risk Culture – an essential resource for
professionals seeking to understand and improve the risk culture within their organization. In
today's rapidly evolving business landscape, the ability to make risk based decisions is
paramount to an organization's success. At the heart of this capability lies the organization's
risk culture – a complex and often elusive concept that can significantly impact an
organization's overall performance.

In this guide, we will delve deep into the multifaceted world of risk culture, providing you with
valuable insights and practical steps to foster a robust risk culture within your organization.
We will share case studies from a diverse range of industries, allowing you to learn from the
successes and challenges faced by other organizations in their quest to develop a strong risk
culture. Simple, practical steps, trialed and tested by the RISK-ACADEMY team.
Whether you are a seasoned risk professional, an executive seeking to foster a culture of risk
awareness, or a newcomer to the field of risk management, this guide will serve as a
comprehensive resource and a valuable companion in your journey towards cultivating a
resilient and proactive risk culture within your organization.

Change the risk team mentality first

Before an organization can successfully improve risk culture and transition from Risk
Management 1 (RM1) to Risk Management 2 (RM2), it is crucial to start by changing the
mentality of the risk team. RM2 demands a more significant involvement in decision-making
and requires advanced technical competencies.

Risk teams need to acknowledge the need for change and be willing to embrace the transition
from RM1 to RM2. This entails recognizing that the traditional risk management approach
might not be sufficient to address the complex challenges organizations face today. The risk
team should be open to learning new techniques, tools, and approaches that enable a more
integrated, proactive, and effective risk management process.
RM2 emphasizes the importance of risk management in the decision-making process. The
risk team should adopt a proactive mindset, seeking to understand business decisions and
their implications on the organization's risk landscape. This involvement requires risk
managers to be more assertive, confident, and articulate in presenting their findings and
recommendations to senior management and the board.
The transition to RM2 demands a higher level of technical competence from the risk team.
This may involve learning new analytical tools, such as Monte Carlo simulations, decision
trees, and scenario analysis. Risk managers should invest in continuous learning and
professional development to ensure they are well-equipped to handle the new responsibilities
and improve rather than deteriorate risk culture.
Effective risk management in RM2 requires strong collaboration and communication among
the risk team, business units, and other stakeholders. Risk managers should work to build
relationships with key decision-makers, establish channels for regular communication, and
create a culture of openness and transparency.

Find the right sponsors

Establishing a robust risk culture and making informed risk-taking everyone's responsibility
requires gaining support from key individuals across various organizational levels. To achieve
this, it's crucial to identify and engage with individuals who are enthusiastic about fostering a
risk-aware culture. Here's a practical guide to finding the right champions for risk culture:

• Executive level: Understand what drives various executives and use that to gain their
support for promoting a risk-aware culture. For example, a CFO might be interested in
risk culture to achieve more accurate risk-adjusted forecasts, while a COO might want
to reduce operational risks. An HR director could be focusing on integrating risk
competencies into the overall education and skill development program.
• Board level: Seek support from independent directors or board members who
appreciate the value of a risk-aware culture in enhancing decision-making transparency
and providing additional information channels. These individuals can promote the need
for better risk awareness, risk reward trade offs and better risk based decision making.
• Auditor level: Collaborate with auditors to align risk culture practices used internally
with those expected by external auditors. Identify auditors who are interested in the
topic and may later help promoting risk awareness and informed risk taking.
• Regulator level: Engage with regulators to understand their expectations regarding risk
culture. Strive to synchronize your internal risk culture practices with what regulators
anticipate, fostering a smooth relationship and a shared understanding of risk
management. Help regulators understand your organisation's attitude to risk taking in
return and educate them on quantitative risk management.
Securing the right champions for risk culture may be more art than science. While it's unlikely
that a risk manager will convince all board members or executives, it's not necessary. The key
is to have support from individuals at each level mentioned above, ensuring a robust and
resilient risk culture across the organization. By cultivating this culture, informed risk-taking
becomes a shared responsibility, ultimately driving organizational success.

Help employees integrate risk management into their

decisions and processes
Over the years, risk managers have experimented with various methods to involve business
units in the risk management process. However, most attempts have led to disappointment,
with decision makers either ignoring or actively devaluing these efforts. In this guide, we
propose an alternative approach that not only integrates risk management into the daily
operations of a business, but also promotes a robust risk culture and helps make informed
risk-taking everyone's responsibility.
It's time for risk managers to rethink traditional risk assessment approach and stop viewing
risk management as a monthly, quarterly or even an annual exercise in updating a risk
register. Instead, risk managers should focus on adding value to the business by integrating
risk management and specifically quantitative risk analysis into everyday decision-making
processes.
By making risk analysis an important step in significant decisions, risk managers can greatly
influence the development of risk culture. Nothing creates risk culture as inevitability of risk
analysis. Risk managers should make quantitative risk analysis as prerequisite for most
important and material business decisions. To achieve this, we suggest modifying existing
business processes (such as planning, budgeting, investment management, performance
management, insurance buying and procurement) to be risk-based. This approach implies
there wouldn't be just one risk management process, but rather multiple risk management
processes tailored to different types of decisions: separate risk methodology for planning and
performance management, separate for investment decisions, separate for insurance,
procurement in my last company had 3 separate risk methodologies and so on.
By embedding risk management into daily operations and decision-making, businesses can
create a risk-aware culture where informed risk-taking becomes everyone's responsibility. This
step alone will do more for a robust risk culture than dozens of risk management courses
combined. Transparent risk discussion and informed risk taking should become inevitable.

Update existing policies and procedures to include elements of

risk management
Traditional risk managers used to create risk management frameworks or procedure
documents to outline roles, responsibilities, and processes. While these documents became
commonplace, they were typically only read by risk managers and internal auditors, failing to
provide decision makers with needed risk awareness. To address this issue, we propose a
more integrated approach to documenting risk management practices that fosters a robust
risk culture and reinforces informed risk-taking.
Instead of developing standalone risk management framework documents, companies should
incorporate risk management elements into their existing policies and procedures. For
example, an investment company we interviewed embedded its risk management
methodology into the investment manual, transforming the investment process and making
risk management a critical step in decision-making. This approach not only gave investment
managers a sense of ownership but also significantly improved the risk culture within the
organization.
The same principle can be applied to other business processes. Rather than creating a single,
centralized risk management framework, risk managers should review and update existing
policies and procedures to include relevant risk management steps where appropriate. Some
procedures might need only a minor update, while others may require more extensive
revisions or additional appendices.
By integrating risk management elements into various business processes, companies can
establish a robust risk culture in which informed risk-taking becomes a shared responsibility.
This approach also emphasizes the importance of developing tailored risk management tools
and methodologies for different business functions, ensuring that risk management remains
relevant and practical across the organization.

Include risk management roles and responsibilities into existing

job descriptions, policies and procedures, committee charters
One of the more practical steps in reinforcing risk culture is documenting and communicating
risk management roles and responsibilities. While it's common to describe these roles in risk
management policies or framework documents, this approach may not be very effective, as
business units often don't feel ownership or find these documents irrelevant to their daily
operations. A more effective method is to integrate risk management roles and responsibilities
into existing job descriptions, operational policies, procedures, committee charters, and
working group charters.
Instead of initiating major changes solely for the sake of integrating risk management roles,
wait for HR to initiate changes on other topics and include risk management points as part of
the broader update, this will remote unnecessary tension with legal teams. Here are some
examples of risk management responsibilities for different roles:
1. Board of Directors:
• Oversee overall risk-adjusted company performance and risk management
effectiveness
• Make Board-level decisions considering risk-reward trade-offs
• Establish risk-adjusted appetites/limits for business activities, types of risks, or
decisions
• Set risk-adjusted performance targets and KPIs for the CEO and management
2. CEO:
• Establish risk management infrastructure, allocate resources, and set objectives
for integration into decision-making
• Make decisions considering risk-reward trade-offs
• Approve strategies, business plans, and budgets based on risk management
 information
• Set risk-adjusted performance targets and KPIs for senior management
• Disclose risk-adjusted performance, significant risks, and treatments to the
Board of Directors, investors, or owners
• Allocate resources for effective risk-taking and risk-aware business activities
3. Risk Manager:
• Design and implement methodologies to integrate quantitative risk analysis into
core decisions and processes
• Coordinate risk management activities and provide methodological support for
risk-based decision-making
• Participate in decision-making and preparation of management reports
• Coordinate the Risk Management Committee (if applicable)
• Provide risk management training and foster a risk-aware culture
4. Other Decision Makers:
• Identify, assess, and treat risks within their area of responsibility
• Allocate resources to manage risks
• Optimize business processes or decision-making based on risk information
Collaborate with your HR team to include risk awareness and risk management competencies
in job descriptions for new hires as well. This is bound to have a positive impact on
establishing a robust risk culture and helps make informed risk-taking everyone's
responsibility.

Include risk management metrics into individual and corporate

performance reviews
Once risk management roles and responsibilities are documented in job descriptions and
committee charters, it's essential to establish relevant and measurable Key Performance
Indicators (KPIs) that align with the overall theme of creating a robust risk culture where
informed risk-taking is encouraged and rewarded.

Risk management KPIs should be integrated into the existing performance management
system, or better yet, existing KPIs should be made risk-based instead of creating separate
risk management KPIs. Encouraging employees to consider and disclose risks as part of their
decision-making process is crucial, but it doesn't come naturally to everyone. Implementing
and monitoring risk management KPIs for key employees can significantly improve risk
management maturity.
KPIs should be tailored to each role within the risk governance model. For example:
1. CEO KPIs could include:
 • Improvement in the risk management culture rating
• Regularity and quality of risk disclosure to shareholders
• Achievement of risk-adjusted profitability and performance measures
2. CFO or COO KPIs might involve:
• Enhancement in risk management culture maturity
• Risk-adjusted return on capital (RAROC)
• Risk-adjusted cash flow and liquidity metrics
• The number of critical operational events, etc.
3. For employees, risk management KPIs may focus on:
• Timely and accurate risk analysis during core business processes or significant
decisions.
By establishing role-specific KPIs that emphasize risk management, companies can create a
risk-aware culture in which informed risk-taking is shared responsibility, leading to a more
resilient and successful organization.

Join forces with other managers responsible for other areas of

performance improvement
Risk managers should collaborate with other 2nd and 3rd line managers responsible for
performance improvement initiatives such as lean management, quality, safety, environment,
security, and internal audit. By participating in major performance improvement workshops or
reviewing the results of analytical sessions, risk managers can better understand risk sources
and get a good grasp of attitude towards risk taking within the company. It sounds almost
trivial that departments within the 2nd line should work together, but it just doesn't happen in
many companies. Each department is pushing their own risk agenda, often contradicting.

It's essential for risk managers to ensure that consistent risk management principles and
language are used throughout the organization. This alignment has been achieved at the ISO
Technical Committees level, with language in ISO9001:2015 and ISO14000:2015 consistent
with ISO31000:2018, so risk managers should follow suit.
A clever example from our research demonstrates how risk managers can promote risk
management adoption across an organization. In this case, a risk manager aimed to
implement risk management across 90+ portfolio companies in a large investment fund. Since
the company was a minority shareholder in most portfolio companies, implementation had to
be voluntary. Here are the steps taken:
1. The risk manager created an implementation pack and offered it for free to all portfolio
company CEOs. Only 1 out of 90+ responded, and the risk manager helped them set
the foundation.
2. A month later, the risk manager worked with internal audit to include risk management
 questions in the annual compliance review questionnaire for the portfolio companies.
3. Six months later, most portfolio companies received non-compliance reports for lacking
or limited risk management.
4. Another month later, the risk manager once again offered the risk management
implementation pack for free. This time, over 65% of portfolio companies opted in.
Within just a year, the risk manager significantly increased the adoption of risk management
practices across the portfolio companies, establishing a more robust risk culture and making
informed risk-taking everyone's responsibility.

Improve risk awareness through training

Risk-based decision-making is essential for fostering a robust risk culture and making
informed risk-taking everyone's responsibility. However, not all employees have the necessary
skills and competencies to apply it effectively. Employee training and development are key
components in driving this change.

Incorporate risk-based decision-making principles in new

employee induction training
New hires come from diverse educational and experiential backgrounds, and each employee
has their own perception of acceptable risk. Risk managers should work with Human
Resources or other departments responsible for training to provide risk management basics to
all new employees. Risk management induction should be brief, covering business and
investment decisions under uncertainty, key risk management roles and responsibilities, and
ISO31000:2018 risk management principles as per the company's Risk Management Policy.

Provide training for senior management and the Board

The tone at the top is crucial for developing a risk culture. Executives and Board members
play a vital role in promoting risk management. Although many have a basic understanding of
risk management, it is essential for risk managers to lead in shaping their views on the subject
by providing risk awareness sessions and relevant information. Key messages for the
management and Board should include:
• Decision quality and decision-making under uncertainty;
• Risk management as a tool to assist in making informed decisions;
• Integrating risk management into existing business processes and management
reporting, not as a standalone activity;
• Risk management's purpose is not to avoid or minimize risks but to make informed
decisions and provide appropriate trade offs between risks and rewards.
Consider bringing in an independent advisor to conduct risk awareness training for the Board
and senior management to reinforce the messages shared by internal risk managers.
Establish risk oversight
Integrate risk information into Board’s agenda
According to ISO31000:2018, oversight bodies must ensure that risks are considered,
understood, managed effectively, and communicated properly. Integrating risk discussions into
the Board's agenda is an essential step in promoting a risk-aware culture.
Instead of having risk management as a separate agenda item, it is more effective to discuss
risks associated with each decision during board meetings. For example, discuss quarterly
budget risks while reviewing the budget or project risks during project financing approval,
rather than discussing top corporate risks as a standalone item.
To facilitate this, risk managers should work with the Board secretary to modify presentation
templates to include a risk section for every significant decision. In collaboration with internal
audit, risk managers should also ensure that risk information provided to the Board is
complete, accurate, and consistent. This may involve staff training or personally quality-
checking information before it reaches the Board.
Some Boards may establish a separate Risk Committee or expand the Audit Committee's
scope to review risk-related matters. While this may be more fashionable than practical, a
Board-level risk committee can play an essential oversight role and positively impact the
organization's risk culture.
The oversight should stay at the Audit Committee but all the other risk matters, including risks
associated with strategies, business plans, budgets, investment decisions, internal change
projects, pandemics and the like should move back to the full Board or at least the Strategy or
Finance Committee. Risks should be quantified and their effects discussed at the time of
making decisions, not later when the Audit Committee meets. In some cases, it may be more
practical to have a management-level risk committee instead.

Consider establishing a Risk Management Committee at the

management level or extend the mandate of the existing
management committee
Establishing a management-level Risk Management Committee significantly improves the
overall risk culture within an organization. The committee should be composed of diverse
members from both supporting functions (finance, risk, legal, security, internal audit) and
business units (operations, sales, marketing) to ensure diverse perspectives on risk are
considered.
The committee can focus on risk management methodologies and integrating risk
management into various business processes. Additionally, it can participate in decision-
making processes for investments, projects, and other high-risk activities.
The Risk Management Committee should meet regularly (monthly or quarterly) and can be
convened by the Chairman when urgent risk analysis is needed. This approach helps promote
a robust risk culture and encourages informed risk-taking as a shared responsibility
throughout the organization. This platform can quickly be repurposed for COVID responses or
other crisis management responses.

Change how risks are reported

Include risk information in the company's external
communication
Risk disclosure is essential for stakeholders who increasingly expect companies to assess
and communicate the effectiveness of their risk management strategies and demonstrate
mature risk culture. When sharing risk information with external stakeholders, consider
including the following:
• A concise statement in the annual report and on the company's website expressing the
organization's commitment to risk-based planning, budgeting, project management,
investment, and decision-making.
• A more detailed statement in the annual report that includes:
◦ An overview of current risk-based processes
◦ Progress made in integrating risks and building risk culture since last year
◦ Management structure supporting risk-based management and other significant
achievements.
Instead of a separate "Risk Management" section, integrate risk information throughout the
annual report, discussing relevant risks in sections like Company Strategy, Financial Report,
and Social Responsibility. This is quite common practice already.
Optional disclosures include key risks related to business plans or strategic objectives and
information about past incidents or losses. However, avoid sharing sensitive information or
trade secrets and be aware of legally required risk disclosures.
Other external reports that may require risk management disclosure include fundraising
activities, security issuer quarterly reports, and documents required by stock exchanges,
regulators, or investors.
Lastly, risk managers should participate in conferences and events to discuss risk
management and raise awareness about ISO31000:2018, promoting a robust risk culture.

Include risk information into existing internal communication

channels
Establishing a robust risk culture involves fostering effective two-way communication about
risks within an organization. Instead of solely relying on risk managers to report risks to
executives or boards, consider the following approach:
 • Encourage business units to report on their own risks as part of regular performance
reporting and when making significant decisions.
• Risk managers should report risks when they hold alternative or contradictory opinions
to business units or have additional information that should be considered during
decision-making.
Risk information should flow continuously within the organization, not just during periodic risk
assessments. To improve internal risk management communication, consider these
strategies:
• Incorporate risk information sharing and escalation mechanisms into the policies and
procedures.
• Modify performance or management reporting templates to include risk analysis
results.
• Collaborate with the decision makers in report and document preparation to ensure
risks are adequately addressed.
• Develop your own communication channels, such as newsletters, intranet sites, or
email alerts.
• Take ownership of some internal risk reporting, for example risks related to insurance
buying.
By promoting constant and open communication about risks, you can help make informed
risk-taking everyone's responsibility and strengthen the organization's risk culture.

Position risk management as a service

To establish a robust risk culture and make informed risk-taking everyone's responsibility, risk
managers should promote their unique skills and tools as an internal service offering.
Advanced tools available to risk managers, such as scenario analysis, stress testing, decision
trees, bow-ties, influence diagrams and Monte-Carlo simulations, can greatly enhance
business decision-making.
To effectively market their services, risk managers should ensure that management is aware
of their quantitative risk analysis and risk modeling capabilities. They should develop a clear
value proposition for their services, which includes:
• A well-documented methodology.
• Estimated time and company resource requirements.
• Expected benefits of the services.
• Sample reporting templates and examples.
Several risk managers have noted that the most significant value is created when executives
directly approach risk managers for specific risk calculations or scenario modeling. To achieve
this, risk managers must actively communicate their offerings and capabilities to the rest of the
organization.

Reinforce the "no blame" culture

To establish a robust risk culture and make informed risk-taking everyone's responsibility, risk
managers should encourage open communication about risk-related issues among
employees. They can do this by staying actively engaged with colleagues, being
approachable, and keeping informed about emerging risks and internal control failures.
Risk managers can share their contact information or set up a confidential hotline for reporting
risks, either on the company's internal website or via phone. They should motivate employees
to proactively identify and mitigate risks. Creating informal settings for discussions, such as
social events or regular meetings, can foster better communication with other managers and
business units.
For example, setting up a risk management page on the company intranet with a message
form for anonymous risk reporting can encourage employees to share concerns. Even if the
form is not used, it shows that the risk manager is open to feedback, making them more
approachable for in-person conversations.
Risk managers might also consider implementing a rewards program for active participation in
risk management activities. Encouraging a "no blame" culture and communicating this
throughout the company is crucial in promoting an environment where employees feel
comfortable discussing risk-related issues.
Examples and case studies
The Head of Risk at one of the sovereign funds noticed a table tennis table sitting unused in
the corner of the Head of Strategy's office. Recognizing the potential for the sport to serve as
a means to connect with colleagues and foster camaraderie, the Head of Risk decided to
create an informal table tennis tournament.
The tournament began as a collaboration between the risk and internal audit teams. They
borrowed the table tennis table from the strategy team and invited different business units to
participate in friendly matches every Friday evening. The Head of Risk and the Head of
Internal Audit provided pizza and refreshments for the participants, with a rule in place that the
losing team would cover the cost of the beverages.
Over time, the tournament gained popularity among the various departments, including some
that had previously been hesitant to engage with the risk and internal audit teams. As more
people became involved, additional business units invested in their own table tennis
equipment and started their own leagues.
Years later, table tennis has become one of the organization's official corporate sports. The
company has purchased more tables and equipment, provided training for employees, and
even participates in state-level corporate table tennis leagues with considerable success.
This initiative began as a simple idea to facilitate informal conversations between the risk and
internal audit teams and other departments. Through the shared enjoyment of table tennis,
the teams were able to break down barriers, build rapport, and create a more collaborative
environment within the organization.
Action plan

Foster a robust risk culture: Ensure all employees understand the

importance of informed risk-taking and their responsibility in promoting a
risk-aware organization.

Integrate risk management into decision-making: Encourage the discussion

of risks associated with each decision, rather than having a separate risk
management agenda item.

Establish a cross-functional Risk Management Committee: Assemble a

diverse group of representatives from various departments, such as
finance, risk, legal, security, internal audit, operations, sales, and marketing,
to ensure multiple perspectives on risk are considered.

Enhance risk disclosure: Provide transparent and comprehensive

information on risk management processes, achievements, and objectives
to both internal and external stakeholders.

Improve internal risk communication: Encourage two-way communication

between business units and risk managers, making risk information a part
of performance reporting and significant decision-making processes.

Market risk management services: Develop and promote a clear value

proposition for quantitative risk analysis and risk modeling services offered.

Develop technical competencies: Enhance the risk team's skill set by

fostering greater involvement in decision-making and by learning and
utilizing advanced risk analysis tools such as scenario analysis, sensitivity
analysis, decision trees, and Monte Carlo simulations.

Promote a "no blame" culture: Reward employees for actively participating

in risk management activities and foster an atmosphere where mistakes are
seen as learning opportunities.

Strengthen interdepartmental relationships: Organize informal events or

activities that bring together employees from different departments, allowing
for casual conversations and rapport-building, which can ultimately improve
risk management collaboration across the organization.

Read other useful guides produced by RISK-ACADEMY

If at any stage you have a question, book a free cal with Alex Sidorenko ​
Additional resources

Deep dive into advanced risk

management using this online
course
This course gives guidance, motivation, critical
information, and practical case studies to move beyond
traditional risk governance, helping ensure risk
management is not a stand-alone process but a change
driver for business.

https://courses.dcroi.org/courses/alex-sidorenko

Automate your quantitative risk

analysis using Archer Insight and
support business decision making
Archer Insight is a suite of enterprise-wide risk
quantification capabilities for business leaders designed to
deliver a complete view of enterprise risks, improve
resilience, and ensure achievement of strategic goals.

This innovative solution provides business leaders with

more precision in an aggregated view of risks that allows
them to ensure compliance and better protect your
business from disruption.

Using Archer Insight, organizations can conduct risk

quantification analysis, monitor, and report on their risk
management programs and then provide business leaders
and decision-makers with quantitative, transparent, and
actionable information needed to make strategic business
decisions.

https://www.archerirm.com/insight-risk-academy​
Useful videos on the topic

In this session, Dr. Tara Kenyon shows how a country’s culture

-be it risk-taking or risk-averse - strongly influences
organizational strategies not only for risk management but,
more broadly, also for overall decision-making.
https://www.youtube.com/watch?v=nOF_1KxdQQo​

Alex Sidorenko from RISK-ACADEMY shares some of his

practical suggestions to build risk management culture.

https://www.youtube.com/watch?v=gafKiRlLGb0​

In this workshop, Dr. Tara Kenyon will show that the

management of risks produces value and better financial
performance while the "management" of uncertainty may, in a
risk-taking culture, actually reduce the value of a company.
https://www.youtube.com/watch?v=hV9SF8BwaRU​
Recommended reading
Risk appetite refers to an individual or
organization’s willingness to take on risks in
pursuit of potential returns. It is an important
consideration for businesses, as it can determine
the types of investments and strategic decisions
they make. A high risk appetite may lead to a
focus on high-growth, speculative investments,
while a low risk appetite may result in a
preference for more conservative, steady returns.
It is important for businesses to carefully assess
and manage their risk appetite in order to make
informed decisions and achieve their financial
goals.

Download the full guide to read about

documenting risk appetite, reviewing risk appetite,
case studies and examples and addition video
resources:  Guide to risk appetite 2023​

Attention all risk management professionals! We

are proud to announce the publication of our
comprehensive guide to compliance risk
management. This guide covers the latest
industry best practices and provides practical
advice for managing compliance risks in your
organization. Whether you are new to the field or
an experienced professional, this guide is
designed to help you effectively identify, assess,
and mitigate compliance risks.

Get your copy today and stay ahead of the game

in the ever-evolving world of compliance risk
management. https://riskacademy.blog/risk-
academys-guide-on-compliance-risk-in-non-
financial-companies-free-download/​

This guide is designed to assist non-financial

organisations in developing and using risk
registers to support important business decisions.
The premise of the guide is that risk registers
should be used less frequently than is considered
normal in the industry and the format of the risk
register should be very different to what is
believed to be best practice.
https://riskacademy.blog/risk-academys-guide-to-
risk-registers/
Contact the author

ALEX SIDORENKO, CRMP.RR, CT31000,

CTA31000
‌
Alex Sidorenko is an expert with over 16 years of risk management
experience in private equity, sovereign funds, investment
authorities and venture capital firms across Australia, CIS, GCC.
​
Successfully implemented changes to quantitative risk analysis, risk-
based decision making and neuroscience as a CRO at EuroChem
(global fertilizer $10B) and RUSNANO (private equity fund $3B).

Book a free no
Saved more than $13 million per year in premiums on cargo,
obligations call

liability and PD/BI insurance through industry leading quantitative risk

with Alex
analysis without changing deductibles and while doubling the limits.

Successfully defending corporate risk profile at the Ministry of

finance and securing more than $1B in extra funding.

Author of the most popular free risk management book in the

world, more than 200K downloads in 3 languages.

Risk manager of the year, FERMA, 2021, Honourable mention

2021, RIMS, Risk manager of the year, RUSRISK, 2014, Best
ERM Implementation, RUSRISK, 2014, Best risk management
training, RUSRISK, 2013, 2014, 2015, finalist in risk management
awards in 2018 and 2019.
‌
Since 2012 Alex runs RISK-ACADEMY, a highly successful
company, focused on providing risk management integration
services, risk modeling, training and auditing to private equity firms
(direct investment and funds) as well as sovereign wealth funds.
Alex’s specialization is risk management integration, risk-based
investment decision making, value creation and asset
management.

​
Legal disclaimer and copyright notice
The information contained in this guide is for general informational purposes only and is not intended as
legal or professional advice. The guide is provided by RISK-ACADEMY and while we endeavor to keep
the information up-to-date and correct, we make no representations or warranties of any kind, express or
implied, about the completeness, accuracy, reliability, suitability or availability with respect to the guide or
the information, products, services, or related graphics contained in the guide for any purpose. Any
reliance you place on such information is therefore strictly at your own risk.

In no event will we be liable for any loss or damage including without limitation, indirect or consequential
loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in
connection with, the use of this guide.

Through this guide, you may be able to access other websites and resources provided by third parties.
RISK-ACADEMY has no control over the content of these sites or resources and assumes no
responsibility for them or for any loss or damage that may arise from your use of them.

RISK-ACADEMY reserves the right to make changes to this guide at any time without prior notice.

The information, content and format contained in this guide is protected by copyright. Reproduction of
any part of this guide, in any form or by any means, without the express written permission of RISK-
ACADEMY is strictly prohibited. The guide is for personal use only and may not be used for commercial
purposes or be distributed for profit.

By accessing and using this guide, you acknowledge and agree to the above Legal Disclaimer and
Copyright Notice.