Why Risk Management Certifications Matter

Most certification programs are useless, because they focus on treating risk management as a stand-alone independent process.

There seem to be a lot of angry talk about various risk management certifications on the web lately. Most comments are coming from people who are very ill-informed about how certification, any certification, works. As a creator of two national risk management certification programs that have been hugely successful in Russia, here are my two cents. First, here are some sobering facts:
  • Almost every country in the world has its own national non-financial risk management certification; there are also a few pan-European and global ones
  • All are optional, none are compulsory by law (despite many unethical attempts to limit competition)
  • Most certifications are done by national risk management associations, although some countries have healthy competition that offers more than one certification program to local markets
  • Regulators and employers are mainly ignorant regarding non-financial risk management certifications, hence one certification program does not have noticeable advantage over the other
  • All certifications are built on some globally recognized foundation; ISO31000 seems to be a favorite one and is my favorite, as well
  • Certification is just an exam with options including self-study, online prep training or face-to-face prep training (how long the training is is irrelevant, because certifications test prior and existing knowledge; training is more like a refresher)
  • Most existing certification programs are useless because they still focus on conducting risk assessments and treating risk management as a stand-alone independent process — there are, however, some good ones
  • There is limited to no quality control or oversight in place
See also: The Current State of Risk Management   In this video, I give my advice on how to choose the best non-financial risk management certification: Below is an example of the certification program developed by RISK-ACADEMY — a Russian leader in risk management training, Global Institute for Risk Management Standards (G31000) and the best risk managers from Russia and the CIS. The program is aligned with the international risk management standard ISO31000:2009 principles and shows numerous examples of how COSO:ERM 2004 is flawed in almost all regards. It consists of four modules: Module I: Risk Management Foundations
  • Definition of risk
  • History of risk management
  • International and national standards in risk management
  • Introduction to finances, project management and process management
  • Introduction to statistics
  • Insurance basics
Module II: Risk Management in Decision Making
  • Tools and techniques to identify risks associated with decision making or the achievement of goals/KPIs
  • Tools and techniques to analyze and quantify effects of uncertainty on decisions or on achievement of KPIs (decision trees, sensitivity analysis, scoring models, Monte Carlo simulations, scenario analysis, bow-ties)
  • Risk mitigation within the confines of decision making and achievement of KPIs
  • Monitoring, reporting and communicating decisions made or the achievement of KPIs with risks in mind
Module III: Psychology and Culture of Risk Management
  • Cognitive biases inherent to decision making and risk management
  • Integrating risk management principles into the overall corporate culture
  • Principles of professional ethics
Module IV: Integrating Risk Management in a Business
  • Aligning risk management efforts with the overall risk appetite
  • A road map for integration of risk management:
    • Developing new and updating existing policies and procedures
    • Integration into decision making, planning, budgeting, purchasing, auditing
    • Risk management roles and responsibilities, risk management KPIs
    • Integrating risk information into management reporting
  • Resources required for the implementation of risk management
  • Monitoring and evaluation of the effectiveness of risk management (maturity models, including our own advanced risk management maturity model)
  • Risk management continuous improvement
  • Risk management software
See also: What Gets Missed in Risk Management More information about RISK-ACADEMY, our training courses and services at https://www.risk-academy.ru/en/ Download the free risk management book here. Watch more free risk management videos on http://www.risk-academy.ru/en/risk-management-video/ or subscribe to RISK-ACADEMY youtube channel.

Alexei Sidorenko

Profile picture for user AlexeiSidorenko

Alexei Sidorenko

Alex Sidorenko has more than 13 years of strategic, innovation, risk and performance management experience across Australia, Russia, Poland and Kazakhstan. In 2014, he was named the risk manager of the year by the Russian Risk Management Association.


Read More