Tag Archives: risk-academy

Why Risk Management Certifications Matter

There seem to be a lot of angry talk about various risk management certifications on the web lately. Most comments are coming from people who are very ill-informed about how certification, any certification, works. As a creator of two national risk management certification programs that have been hugely successful in Russia, here are my two cents.

First, here are some sobering facts:

  • Almost every country in the world has its own national non-financial risk management certification; there are also a few pan-European and global ones
  • All are optional, none are compulsory by law (despite many unethical attempts to limit competition)
  • Most certifications are done by national risk management associations, although some countries have healthy competition that offers more than one certification program to local markets
  • Regulators and employers are mainly ignorant regarding non-financial risk management certifications, hence one certification program does not have noticeable advantage over the other
  • All certifications are built on some globally recognized foundation; ISO31000 seems to be a favorite one and is my favorite, as well
  • Certification is just an exam with options including self-study, online prep training or face-to-face prep training (how long the training is is irrelevant, because certifications test prior and existing knowledge; training is more like a refresher)
  • Most existing certification programs are useless because they still focus on conducting risk assessments and treating risk management as a stand-alone independent process — there are, however, some good ones
  • There is limited to no quality control or oversight in place

See also: The Current State of Risk Management  

In this video, I give my advice on how to choose the best non-financial risk management certification:

Below is an example of the certification program developed by RISK-ACADEMY — a Russian leader in risk management training, Global Institute for Risk Management Standards (G31000) and the best risk managers from Russia and the CIS. The program is aligned with the international risk management standard ISO31000:2009 principles and shows numerous examples of how COSO:ERM 2004 is flawed in almost all regards.

It consists of four modules:

Module I: Risk Management Foundations

  • Definition of risk
  • History of risk management
  • International and national standards in risk management
  • Introduction to finances, project management and process management
  • Introduction to statistics
  • Insurance basics

Module II: Risk Management in Decision Making

  • Tools and techniques to identify risks associated with decision making or the achievement of goals/KPIs
  • Tools and techniques to analyze and quantify effects of uncertainty on decisions or on achievement of KPIs (decision trees, sensitivity analysis, scoring models, Monte Carlo simulations, scenario analysis, bow-ties)
  • Risk mitigation within the confines of decision making and achievement of KPIs
  • Monitoring, reporting and communicating decisions made or the achievement of KPIs with risks in mind

Module III: Psychology and Culture of Risk Management

  • Cognitive biases inherent to decision making and risk management
  • Integrating risk management principles into the overall corporate culture
  • Principles of professional ethics

Module IV: Integrating Risk Management in a Business

  • Aligning risk management efforts with the overall risk appetite
  • A road map for integration of risk management:
    • Developing new and updating existing policies and procedures
    • Integration into decision making, planning, budgeting, purchasing, auditing
    • Risk management roles and responsibilities, risk management KPIs
    • Integrating risk information into management reporting
  • Resources required for the implementation of risk management
  • Monitoring and evaluation of the effectiveness of risk management (maturity models, including our own advanced risk management maturity model)
  • Risk management continuous improvement
  • Risk management software

See also: What Gets Missed in Risk Management

More information about RISK-ACADEMY, our training courses and services at https://www.risk-academy.ru/en/

Download the free risk management book here.

Watch more free risk management videos on http://www.risk-academy.ru/en/risk-management-video/ or subscribe to RISK-ACADEMY youtube channel.

How to ‘Gamify’ Risk Management

In 2014, I collaborated with EY to develop Russia’s first risk management business game. It was great fun, and as a result we created a pretty sophisticated business simulation.

Participants were split into teams of 10, each person receiving a game card that describes a role (CEO, CFO, risk manager, internal auditor, etc.). At the start of the game, teams must choose one of four industry sectors (telecom, oil and gas, energy or retail) and name their company. The game consists of four rounds, in each of which teams must make risk based decisions. Each decision has a cost associated with it and a number of possible outcomes. Teams must analyze and document the risks inherent in each decision they make. The riskier the decision, the higher the probability of adverse outcome. At the end of each round, a computer simulation model chooses a scenario, and the outcome is announced to each team.


The aim of the game is to increase the company valuation by properly weighing risks and making balanced business decisions. The winning team is the one that increased its company’s value the most after four rounds.

This game was successfully played by participants at two risk management conferences as well as postgraduate students at the Moscow Institute of Physics and Technology.

See also: Can Risk Management Even Be Effective?  

More information about first game is available here. Let me know if your company is interested in sponsoring the translation and running the game in English.

Risk management business game 2015

In 2015, I started working with Palisade to develop something a little different.

Just like in the previous version of the game, the participants were split up into teams of 10. However, the game mechanics have changed substantially. Each player still receives a card describing a role, but this time the card provides a complete history of the character’s role within the company and assigns each player a unique secret mission.


The aim of the game is to successfully complete a merger between a large holding company and an innovative startup. The game, as before, consists of four rounds. The first round involves performing a risk assessment of the target company. Each team must identify 10 significant risks using only the information provided on the cards.

The second, third and fourth rounds are dedicated to the management of these risks. Each identified risk has between 5 and 10 possible mitigation strategies that can be selected by the team. Each team has a limited budget dedicated to risk mitigation, and each mitigation action has a cost.

The effects of each mitigation action selected by the teams was modeled using Palisade@Risk to determine whether it increases or decreases the value of the target company. The winning team is the one that increases the value of the target company more than the others and is then able to complete the merger.

More information is available here. Let me know if your company is interested in sponsoring the translation and running the game in English.

Risk management business game 2015 (online version)

With the help of eNano, we went even further and produced an interactive risk management business game (only available in Russian). This game combined an e-learning course and an interactive business simulator.


Each participant takes on the role of general manager of one of three innovative companies. They then receive tasks that need to be completed throughout the e-learning course:

  • First, each participant needs to conduct interviews with all colleagues to identify and document risks;
  • Then he needs to evaluate risks using the information presented. Note that, just like in real world, most of the information presented is biased;
  • Then he needs make difficult decisions relating to risk mitigation given a limited budget;
  • During the last step, participants need to develop an action plan designed to improve risk culture.

All of these steps increase or decrease the company valuation. You can find out more about this course here.

Risk management game 2016

This game is the result of collaboration among Risk-academy, Palisade, Institute for Strategic Risk Analysis (ISAR) and Deloitte. Together we have created an amazing business game to teach non-financial management and staff how to perform risk modeling on day-to-day management decisions.


Participants will have to play a role of an aircraft engine manufacturing company. Each team has prepared a business case for a multimillion-dollar plant modernization. Unfortunately, the project plan have just been rejected by the board, so teams only have a couple of hours to conduct in-depth risk analysis and present an updated business case to the board.

See also: Risk Management, in Plain English  

The game is focused on risk modeling, requiring participants to identify and validate management assumptions, identify relevant risks, establish ranges and select possible distributions for each assumption, perform Monte Carlo simulation using Palisade@Risk and present the final results. All this has to be performed in limited time and with incomplete information… just like in real life. And just to add a little bit of drama, like in real life participants have to deal with unexpected “black swans” during the game.

The aim of the game is to prepare risk analysis for a multimillion-plant modernization investment project. The team with the highest risk-adjusted rate of return wins.

This game has also become one of the modules in the risk management training ran by ISAR; more information is available here.

Due to lots of positive comments, the latest risk modeling game is now available in English here.

What’s next?

The latest game was both hard and entertaining, so we began talks with our partners to turn it into an online risk quantification championship. The games will require online registration, have downloadable content and require proper risk modeling. Championships will run once a quarter, and winners will receive wonderful prizes.