Change has always been a common part of business; and yet today, companies are feeling overwhelmed by the pace of development and technological change. As a consequence, only a few risk departments think they are adequately prepared for technological change, and that they also enjoy the support of their organization. In such circumstances, how will we manage the risks tomorrow?

What are the biggest challenges ahead?

Let’s go back to the beginning. If we aim to manage risks well, we must first know which risks need managing. What are the biggest challenges for our company? When looking at various survey results, I came across some interesting information.

The Risk Survey in Organizations for 2025 found that the greatest uncertainty lies in the technological change. The fact is, we now live in an era of new technologies, reaching from self-driving cars to medical consultations online. Internet of things (IoT), blockchain, artificial intelligence (AI), robotics and big data are already changing the way we work, and how we work and therefore represent both, opportunity as well as risk. However, five to ten years is a very long period to predict. Who in 2009 could have imagined the scope of success for companies like Uber and Airbnb?

The survey also found that only 24 respondents said they evaluate the risks. Only 20 percent use risk modeling, and 12 percent said they didn’t have a formalized process for identifying risks. Below there is a list of issues that businesses consider the most pressing, and as you can see, after a few years of pause, the economic crisis is again in the first place.

These are the risks that companies are facing. However, the obstacle that most of them will have to cross is the change in the traditional mindset of risk managers and all those who manage the business so they begin to perceive risk as an opportunity to achieve business goals more effectively. In doing so, risk management will no longer be a mere “reporting”, but a shift on to understanding where and why each problem arises, and what are the necessary challenges to overcome similar problems.

To do this, we will need to integrate risk management into the core of a particular business and its decision-making. This paradigm shift will place risk management at the value chain higher, as risks will become part of the discussion at the highest levels. Then, the risk managers will be able to provide a deeper analysis of breaches and give the managers the means to understand how and where the strategy implementation leads to failure, rather than simply reporting the risk values. Likewise, such a risk management system will already to some extent include culture, involvement in strategy formulation and value creation as part of the risk management agenda. Only that way, organizations will be able to move from preventive behavior to integrating the risk appetite debate into the decision-making phase, which will enable them to consciously consider the risks and their impact.

This is why, despite the negative outlook and the significant rise in the number of risks, my answer to the question of how will we manage risks tomorrow is – better. Why? Because we will be equipped with the right information at all times, and able to make better decisions.

To know where we are going, we first need to learn where we are (and were)

The first risk managers were merely buying insurance for their businesses. They were dealing with a so-called net risk, which describes potential losses that occur in the event of fires, floods or lawsuits for defective products. All those liabilities were then protected by the company through a proper form of insurance. That is why it is often said that the traditional concept of risk management is only related to the identification of the risks in the business environment, and risk management through the mitigation controls.

Nevertheless, the approached changed over time. If the system in 2013 was still focused on internal risk controls, the modern system is already focused on enterprise-level risks and is therefore much broader. It no longer deals with net risks, but also with speculative risks.

These include business risks, such as currency fluctuations, market embargoes, and damage to reputation, or in other words, the types of risks where companies are not only hedging against losses but are also looking for profit opportunities. This type of risk management can also be called entrepreneurial risk management and has gained considerable momentum in recent years.

What does the “new” approach to risk management bring?

Today, in small and mid-sized companies, the responsibility for managing insurance, security, and risks is usually transferred to the employee in the company’s finance department. Similarly, in larger companies, the HR directors are hired to take care of business risks. An improved process will lead to a positive outlook for risk management only when companies understand and decipher how risks positively affect their business.

Increased involvement of risk managers in achieving the business goals will also mean that the risk managers will once know risks better than the staff. At the same time, this means increased involvement of risk managers in achieving the business goals of the organization.

What will be the role of the digitalization?

In my opinion, the digitalization of risk management is also the key to answering the question of how we will manage risks in the future, since the process, and therefore the entire experience will significantly change. We may be risk managers or even CEOs today, however tomorrow we will all do our jobs differently:

–    Risk managers will be able to focus on more strategic and high-value decisions as the routine work will be automated, with fewer exceptions that require manual management. Using advanced analytics, they will be able to visualize information that is difficult today (such as demanding correlations and trend analyses) to help an organization or department optimize their decisions and offerings.

–    We will introduce a centralized “brain” center representing a central information point that will be able to learn intelligently and provide us with improved connectivity and extraordinary risk sensing (credit, market and operational). The assessment of these risks will be immediate, followed by the establishment of risk mitigation strategies and dynamic adaptation to constraints. Such a center will, therefore, improve the identification of future risks and the management of different types of risks. The risk managers will use their own highly customizable displays to access these centers which can delve into the most important numbers and perform real-time analyses of their definitions.

–    Management of the organization or individual areas will be able to receive automatically generated strategic advice on risk-related business decisions, such as identifying risk-taking opportunities, reducing unwanted exposures, managing investment portfolios and allocating capital. Here too, leaders will rely on their visual tools to provide advice at any time and with an appropriate level of accuracy (such as specific markets, portfolios, or products). These tips will be based on active analytical processes, meaning that CEOs will rely on a tool that directly displays results related to their specific work, such as the impact of credit and market risk-taking on a country’s risk under different macroeconomic scenarios.

–   Customers and partners will be able to receive individualized experiences that meet high expectations. We will be able to be present at key moments in their work, helping them to make more informed decisions, skilfully anticipate their needs and provide customized solutions. Customers will not have to communicate over large channels or browse through piles of paper.

–    Regulators will be able to move beyond receiving reports to (near) real-time data reporting. Regulators will be able to immediately perform ad hoc analyses (such as improved stress tests) and enable improved management of systemic risks. Similarly, they will be able to control affiliated organizations in the same, digitally supported way.

 

What is the most likely future?

The future holds many possible scenarios, however, in the next five to ten years there is still a wide range of possible end-states. Organizations will probably continue to do as they do today, whereas the winners will differ in their ability to take advantage of new digital opportunities and the interface of competition with new digital players in the areas where they have established their presence.

The changes described above will also mean that the skills needed for the risk management of tomorrow will be rather different from those of today by refocusing skills beyond traditional “manufacturing” activities and through flexible analytical and consulting skills. Therefore, risk management teams should be seen as a company’s strategic partner, fully involved in the strategic planning process and agile in managing change.

Risk managers should evaluate where each of their current and future activities can be pursued. Can the task that remains in-house be relocated? Can you automize the tasks, or even rely much more on third-party applications?

How can we help you manage risks?

All these changes, as well as our many years of experience, have led us to the decision to create a new platform that will support the enterprise risk management process in all possible versions of the future. Our goal is to provide risk managers with an ultimate tool for tomorrow. What does that mean?

Such a risk management platform has to be highly adaptable to enable you to work in a cloud or using an internal network; it must meet the needs of one or thousands of users; it must be modular so each organization can mold it to its needs; it should also be open to integration with all types of other existing and future systems;  adaptable for maximum automation of data entry and processing, safe and accessible to all at any time or place; full of pre-set good practices, yet able to expand further, complex in performance but easy to use. And, the latter may be the biggest challenge.

Why all this? Because we want to add value to the organization using the SBR platform. We wish to give you the tool that can help you solve serious problems arising from the lack of the right information in everyday decision-making, thereby reducing the time it usually takes to acquire the latter, and last but not least, increasing your value.

PS: If you have a question about risk management or you just want to leave me a comment, feel free to send me a message directly at [email protected].

***

Contact our team if you need help with risk assessment.

For more information about risk management follow our LinkedIn & Twitter account. You can join the debate in Linkedin group ERM – ENTERPRISE RISK MANAGEMENT.

The role of ROI in managing organisational risks

When something happens within an organisation, it is easy to quickly evaluate the effect of said event and determine the responsible department or person. It is more complicated, however, to do the opposite: if nothing earth-shattering happens within an organisation, it is almost impossible to prove that a responsible, conscientious risk manager (RM) is to thank for this. What is more, the management usually takes the credit. (Truth be told, this is not so far-fetched either, since it was the management who brought a good RM on board!)

According to the above, we can conclude that the key issue in risk management is to be able to prove that the system is working. The role of a good RM is to help an organisation attain its objectives by reducing the possibility of derogation or by preventively reducing the consequences of potential derogations of the company on its way to attain its objectives. This means that the RM is playing an extremely important role in his workplace, making him the scapegoat for most of the issues, but receiving little praise for the preventive measures undertaken.

However, the RM’s duty is to help the organisation. His contribution or the value of the entire ERM process can therefore only be measured if we know the company objectives, thus measuring how the ERM system functions in relation to the objectives set.

Here are a couple of questions to help with that:

Compliance: Are we complying with our own directives and policies in our risk management system?
Maturity: How does our risk management system compare to best practices and to our competitors?
Added value: Does our system contribute to achieving the objectives and results of the organisation and, if so, to what extent?

You might be surprised to hear that usually, the hardest part of measuring the effectiveness of a risk management system is to prove that it is contributing added value to the company. In other words: you’ll be able to answer the first two of the above questions relatively quickly and confirm whether you are complying with the standards you commit to in your company, and if your risk management culture or maturity is improving. However, it is a little harder to comply if the management requires proof that the risk management investment is actually paying off in the form of better results. Harder, yes, but not impossible!

We measure the achievement of business objectives through key performance indicators (KPIs) and performance criteria. In other words: when we manage risks in an efficient manner, we are also familiar with all uncertainties that can affect our business objectives, which makes us better equipped for managing all the risks that appear. This also means that the key performance indicators need to be improved on in order to measure the effectiveness of the ERM system!

Silver Bullet Risk - BLOG - ERM - Enterprise risk management - ROI Vision

The benefits of an ERM system are two-fold:

Limiting surprises
Adding value

Of course, we must also realise that the ERM process is not a magic trick. In spite of a well-established system, bad and unpredictable things will keep on happening in companies. However, the system will help you to be better prepared when they do, react faster and in an organised manner, and have all the resources ready to pull the right strings, thus significantly improving the decision-making process within an organisation.

The ERM system also adds other benefits, becoming an indispensable part of business plans as management discussions regularly include risks and uncertainties.

Transparency: even though in many organisations, this value is not (yet) a priority, it represents an enormous advantage for owners and employees alike.
Discipline: when employees, business processes and departments familiarise themselves with risks and suitable measures, the robustness of the organisation increases, thus raising the level of the internal risk management culture.
Clearly defined objectives: For an ERM system to work well, the objectives of the organisation must be clearly defined for all interested parties, which is a task often not implemented in a suitable manner. Clearly defined common objectives and potential obstacles leading to them provide for significantly better results. An organisation must actively react to changes in the environment and the business processes, thus further decreasing the possibility of wrong decisions or missed business opportunities.
Simpler allocation of capital or allocation of funds: Comprehensive information, including risk-related data, allows for a simpler allocation of funds and an easier segmentation, regardless of whether we’re preparing the pricing policy for individual products, markets, clients, and competitors, or comparing risks and income.
Increased trademark reputation: A good ERM system allows us to protect the trademark and the reputation of a company or an organisation. It not “only” affects the value of shares but also contributes to the value of the entire organisation, which is the most important piece of information for the supervisory board and the owner.

Next time, we’ll tell you all about how to deal with each individual KPI!


***

For more information about risk management follow our LinkedIn & Twitter account. You can join the debate in Linkedin group ERM – ENTERPRISE RISK MANAGEMENT.

New Year brings new beginnings – this goes for us too! As with the right synergy, one plus one can be three or more, we proudly announce the merger of two risk management companies – Silver Bullet Risk and Fermion. With our joint market approach, we wish to offer to the domestic business environment the most complete range of services and modern risk management tools in one place.

Silver Bullet Risk is a well-established name for standardization and risk management among managers, while Fermion is the leading Slovenian company specializing in financial risks. By combining our vast knowledge and experience under one roof, we will now strive to offer our partners and customers even more.

For this purpose, we present the following:

FREE RISK MANAGEMENT COURSES
In our environment, risk management is too often underestimated. However, global trends, including the ISO management standards, place it at the very heart of the modern management culture. That is why we wish to bring this specific knowledge closer to the Slovenian experts, and by understanding the impact of risks on your organization help you with better decision-making.

RISK MANAGEMENT CONFERENCE
We announce the fifth full-day conference dedicated to enterprise risk management will take place on Thursday, April 18, 2019. The event will feature exceptional lecturers and offer you the most comprehensive industry insight.

RISK MANAGEMENT EXPERT’S GROUP ON LINKEDIN
We invite you to socialize and exchange opinions in our expert group on LinkedIn. If you are interested in managing your risks and wish to participate, follow this link.

It is important to us to offer you content that addresses real and existing challenges in your business environments. For this reason, we kindly ask you to fill in a short questionnaire, and share it among your colleagues, partners and clients who (in)directly deal with this area. Follow this link or click on the button below:

Participate in the survey

 

In our team of risk management experts, we believe that good decisions occur when the same information is viewed from different people, and different angles. That is why are excited to hear your perspective and form our offer to better fit your needs.

Risk Evaluation is the process used to compare the estimated risk against the given risk criteria so as to determine the significance of the risk.

Managing risks in a company starts with a decision to strategically manage risks organization-wide. Risk management team or executive(s) who is(are) responsible for implementing the process must first put together a plan that comprises all the elements that impact risk management process and assemble a team to execute the plan.

What steps should be included in a risk management plan?

An effective risk management plan and following process takes a few steps to achieve. An overview of those processes can be summarized in five steps below.

Silver Bullet Risk - BLOG - ERM - Enterprise risk management

1. Risk management team
First, a risk management team or an individual responsible for the risk management process must be appointed. Usually, the bigger the company, the bigger the team, as more departments are involved in a larger organization. And as risk management culture dictates involvement of all stakeholders in a company, teams can get broader, but the core risk management team holds the process together.

2. Analysis
The whole organization is under the scrutiny, as risks can be known or unknown anywhere in the company. Thorough investigation must be commenced, involving all departments, all organizational and business processes; and all stakeholders who impact the risk assessment.

3. Identification of risks
Recognizing risks can be a daunting task, as some processes are not obvious to be open to risk impact. The goal here is to treat all the processes as risk-prone and later inspected, what kind of risks and if, at all, are possible for impact.

4. Prioritization of risks
When we have all the risks identified, they must be sorted in various ways, according to their impact on organization. Risks with bigger impact have of course higher priority.

5. Monitoring the risk
Strategy is only as good as it is executed. So is monitoring of business processes or in this case, monitoring risks that are identified in an organization.

Silver Bullet Risk - BLOG - ERM - Enterprise risk management

One of the important steps, outlined in this blog, is evaluation of risks. It’s the step where risks are measured and compared through various factors. Risk evaluation allows you to determine the significance of risks.

Evaluation of risks can be done in a various ways, using all sorts of tools and methods. One of the most efficient ways is to sort the risks by scoring and prioritizing them.

Scoring the risks

Scoring (or ranking) is usually mapped with parameters on impact (or consequence) and probability of each risk.

Impact: Every risk is assessed on the impact it has in case of materializing and what kind of consequence does it present in a company. Low impact risks don’t have any significant impact on business processes or organization at large. High impact can alter the course of business, they have impact on company success or even failure.

Probability: In this scoring processes risks also get an assessment form low to high. Low probability risks are the ones who are considered (almost) never to happen. High probability means they are likely to happen and must be considered in any case in the future.

Prioritizing risks

After scoring all the risks, it’s time to cross-match impact and probability. Not every very probable risk has a big impact on the company, and not every risk rarely occurring poses just a small impact.
That’s why it’s useful to develop a grid map with impact level on one axis and probability level on the other (Risk grid map).

Silver Bullet Risk - BLOG - ERM - Enterprise risk management

The approach of prioritizing risks results in a risk grid map for developing 4 mitigating strategies.

Low impact & Low probability
With both scores low, risks are not actively mitigated, but mostly only monitored.

Low impact & High probability
This strategy proposes mitigating risk through reducing the frequency of occurrence.

High impact & Low probability
Although probability of risks materializing is low, it can have big impact if or when it occurs. That’s why reducing the severity of risk happening is advised.

High impact & High probability
These are the kind of risks we most definitely don’t want to meet and we want to avoid them. Strategy here is to reduce the severity of impact and to reduce the frequency of an occurrence.


***

For more information about risk management follow our LinkedIn & Twitter account. You can join the debate in Linkedin group ERM – ENTERPRISE RISK MANAGEMENT.

A story on how risk management tool will help your organization get from passing judgement to making risk-informed decisions and that on how Silver Bullet Risk tool was born.

More than 10 years ago, I had an important meeting with a German company. To decide upon the future of their corporation, several risk factors had to be carefully studied. This was the reason Igor had to prepare and deliver their boss a comprehensive, 40-pages report in Excel. Can you imagine the look at that man`s face? The was also the day the idea for Silver Bullet Risk management tool came to life.

Silver Bullet Risk - BLOG - Upravljanje tveganj

I knew this kind of situation happens often. And he was more than familiar with the feeling on both sides of the table: the person who needs to make an informed decision gets furious for having to go through all the data, whereas the person who is in charge to prepare them feels paralyzed as he or she simply doesn’t have the necessary tools, knowledge or time to gather and make sense of all the information necessary.

Would it be possible to mitigate all company`s risks in order to read the information faster, better and most importantly, act on them in due time? This was and still is the main motivation behind developing Silver Bullet Risk.

Even more, our research showed that even today and despite the increasingly demanding market, it is the mid-size companies that the most often don`t devote enough time, energy or resources to manage their risks strategically. For many of them, risk management is still a somewhat “intangible” area and, therefore, at least at first glance, doesn’t give them clear or profound results.

However, no matter where you operate, problems that have been identified in similar business environments all over the globe are that the management, supervisory boards owners, internal and external auditors simply don’t have a comprehensive overview of their key risks and therefore cannot predict nor act on the possible outcomes.

Risk reports are not supported by financial impacts on the organization itself. Employees don’t have adequate information and a methodological support in their divisions to organize and strategically follow up the risks. By using spreadsheets, their work is time-consuming, not transparent, audit trails are impossible to provide and history unverified, and the preparation of more comprehensive reports, based on a uniform methodology, is virtually impossible.

However, if implemented correctly — risk management works and does wonders! When that is the case, you will practically not know it exists. Whereas in case of the opposite — you surely will be glad to have made the correct predictions, risk scenarios and possibly avoided a huge catastrophe.
Thus, the goal of Silver Bullet Risk is that the mid-size organization management gets a comprehensive overview of all the risks their organization is faced with. This is the basis for risk-informed decisions and not just judgment passing! Our tool is a kind of radar to see how to avoid the risks and act upon the information wisely.


***

For more information about risk management follow our LinkedIn & Twitter account. You can join the debate in Linkedin group ERM – ENTERPRISE RISK MANAGEMENT.

Immutability, transparency and blockchain private ledger aim to provide business advantage in risk management industry.

In a quest for real life blockchain implementations, risk management is also looking for ways to use the promises of blockchain to better serve their risk management clients.

Some of the main features of blockchain technology are immutability, transparency, security, distributed ledger and many other technological and cryptographic elements. As risk management industry is exploring the potentials of blockchain technology, few blockchain elements are being considered as the front runners for the ideas and implementations.

Silver Bullet Risk - BLOG - ERM - Enterprise risk management

Immutability in Risk Management

Following trends in business is crucial for insights on what’s going on the market we’re in. Future, of course, is something that is always changing and we cannot control directly. However, we can have an influence on the future with better management of the history and staying on top of present.

The history, as it stays the same, we can use to better understand our present and future business. To ensure business history stays forever unchanged, for the purposes of conducting a solid business, the immutability of blockchain can serve as the platform to provide an audit trail feature.

In business that means that every operational transaction is captured in the system as it is, unchanged and forever documented, without the option to delete it or any other way tamper with the information. In risk management, an audit trail is the process of ensuring data integrity, an operational history “written in stone”.

Public vs Private Ledger

Blockchain was first designed as a public ledger, where everyone could see the content on the chain. As more enterprises join the blockchain revolution, private chains are being developed, meaning each organisation can also implement private blockchain for the purposes of running their own business process and ecosystem on the blockchain.

In risk management, main stakeholders are a part of the company’s structure. That would enable private blockchain to enter organisational process, choosing their own consensus algorithm and enable stakeholders to make contributions according to the rules, specified in the organizational smart contract.

Transparency as Business Advantage

One of the aims of Silver Bullet Risk is empowering stakeholders. Blockchain technology and its feature of transparency can help underlie the platform to enable all who participate in the business process to be able to track, understand, audit and provide an input to maximize risk management work efficiently and with that participate in the final assessment of risk management in the organisation.

Having that kind of transparent internal business processes can lead to a smother business operations, eliminating mistakes and supporting efficiency of all stakeholder and company at large.


***

For more information about risk management follow our LinkedIn & Twitter account. You can join the debate in Linkedin group ERM – ENTERPRISE RISK MANAGEMENT.

Every new solution in company’s business processes needs to deliver added value to all stakeholders in the organization, from leadership to employees.

Managing risks is one thing most companies look at only as a management value, without realizing that it needs to connect through every department in the organization.

Silver Bullet Risk solution introduces single solution, enabling stakeholders and responsible employees to contribute to the final key risk assessment.

Identifying and acting upon risks in your organization is one of the crucial processes in managing a successful company. And exposure to risks opens company’s vulnerability in vast array of processes, from strategic to operational, to financial performance.

That’s why every company’s leadership should ask themselves the following questions:

• How much profit is lost in the last five years due to not managed risks?
• Is there a systematic overview of all the potential risks that affect the company? How is a reliable analysis performed?
• Does the company’s management have access to the necessary aggregated information on the risk factors affecting EBITDA
• How much time and effort are spent on managing risks?

Answers to those questions can be provided through our Silver Bullet Risk innovative solution, where company’s economic information is accessible and transparent to all involved anytime, anywhere; through familiar work environment that enables all contributors to work seamlessly.

What is Silver Bullet Risk management tool?
Silver Bullet Risk is a risk management tool that is designed to meet the individual needs of any company, no matter the type or structure. It boosts work cooperation, economic transparency and state of the art risk management.

Its main purpose is not just compliance, but rather a direct impact on EBITDA!
With Silver Bullet Risk management tool, risk management team work is optimized as a result of tools ability to gather information on potential threads. Consequently, the company’s decision makers have constant access to holistic and up to date information on key risks impact on the company’s financial performance.
Decisions based on the concise overview of strategic, financial and operational risks can now be made more efficiently and in no time!

Silver Bullet Risk - BLOG - ERM - Enterprise risk management

It’s time to bring to light what is out of sight. Mitigate risks, create EBITDA!

Silver Bullet Risks is a tool that helps the company’s management, manage! Daily!


***

For more information about risk management follow our LinkedIn & Twitter account. You can join the debate in Linkedin group ERM – ENTERPRISE RISK MANAGEMENT.

Today, systematic risk management is one of the key advantages when it comes to running a lucrative business. We believe every modern business organization should implement risk management process. That means that all stakeholders should be involved in the process, starting with the management. Management as one of the key stakeholders should be able to make informed decisions, as it is their purpose. And making good decisions leads to success and prosperity.

In our extensive experience working with companies of all sizes, we identified four typical challenges organizations, their employees and all impacted stakeholders recognize in their operations.

• Management doesn’t see the value in risk management
• Organizational structure is unsuitable
• Risk management culture is not developed
• Risks are not quantified

These challenges impact the company’s performance on the inside and public aspect. From operational activities to the profit-based performance, if those challenges are not addressed, they can even affect the survival of the company.

All decisions are based on two parameters, knowledge, based on experiences and information, that is available to us. Decision to implement risk management process is therefore crucial for the future success of the company.

Silver Bullet Risk - BLOG - ERM - risk management

As one quote from one of the most respected global companies Ernst & Young puts it:

“Companies in the top 20% of risk maturity generated three times the level of EBITDA as those in the bottom 20%.”



***

For more information about risk management follow our LinkedIn & Twitter account. You can join the debate in Linkedin group ERM – ENTERPRISE RISK MANAGEMENT.