In most companies and organizations in our country, risk management is limited mainly to administrative activity without real useful value.

This is not an exaggeration, but a fact that we have come to discover based on dealing with risk management in medium and large companies over the last ten years.

Therefore, the question of whether and how we can improve this is undoubtedly on point.

In every business activity, there are disturbances that employees are solving daily. Recurrent and increasing disorders can escalate into problems and become crises. The consequences of these crises can be small, significant, substantial or, in extreme cases, catastrophic.

The factors that cause them are internal and external. The internal factors are further divided into business ones, related to processes; technological when they include all types of devices and human when human factors influence them.

A practically applicable risk management system is designed to systematically monitor, reduce and prevent all phenomena that can cause any crisis and limit organizations in achieving their goals.

Therefore, risk management should be part of day-to-day operations in all areas.

How does risk management look like in practice?

Even in large companies, risk management is usually an area handled by individuals or a maximum of a few people. The risks are identified and described in risk registers and evaluated by numerical assessments which obscure their actual significance. What is more, most deal with them once a year, only when a need to check grades and produce reports arises.

We have also noticed that companies are primarily aware of financial risks, which of course are an essential factor, but represent only a part of all risks that can cause crises. Therefore, it is perfectly understandable that in such a way, risk management is not perceived as an area with useful value, but merely a formality.

After the last major crisis, which was a recession more than ten years ago, companies have established mechanisms for stable and successful operations. The years of economic growth, however, were interrupted in the worst possible way by the COVID-19, which also revealed several risks that companies could not foresee or prepare for as they occurred for the first time in recent history.

Therefore, the inventions and risk assessments that were in force at the beginning of the year are no longer valid today and need to be thoroughly overhauled.

Although we most often associate risks and crises with negative phenomena, this is not always the case. They can also be caused by positive effects that have negative consequences.

This is why, in times of crises, some companies have recorded unexpected and rapid growth in demand and orders, which creates a feeling of success and security.

However, as said before, it can also lead to problems and risks with possible minor or significant consequences.

For the mentioned and many other reasons, we are increasingly faced with questions about how to achieve that risk management is practically useful and actually helps you to perceive and prevent various threats.

And this is precisely what we at Silver Bullet Risk are good at, and can offer you guidance in the field of risk management in a variety of ways.

The first step, however, is undoubtedly the awareness that practically applicable risk management is instrumental, and also needed.

If you are interested in assesing the quality of risk management in your company or organization and, above all, how we imrpove its practically applicability for your company, write to us at [email protected].

Risk management is a topic that Slovenian marketing community rarely addresses. But a period is coming in which risk management will become an increasingly important business area and in which marketing can also find its place and role. How can marketing improve the impact it has on a company through risk management? Lovro Gruden (Indigo Consulting) talked about this with Igor Zgonc (Silver Bullet Risk).

Before we start thinking about how marketing can assist with risk management, we first have to understand the field of risk management thoroughly. “Risks arise when there is a possibility of a negative deviation from the planned goals, or if there is a probability of damage that prevents the achievement of organizational goals. In short, risk means uncertainty. If we know something is going to happen, then this is not a risk. If a certain outcome of the situation doesn’t mean a financial loss for us, then this is not a risk either. Risk management is a process of assessing and mitigating the consequences of the risks facing an organization. The goal is to reduce risks, which is why we need as much information as possible. Company decisions are based on knowledge, experience and information, meaning we cannot make good decisions without incorporating risks into the equation. Management is always interested in raising the value of the company, or in other words, the higher the cost of capital, the lower the value of the company. Risk management is therefore needed for every company existence,” says Igor Zgonc

Example: If we expect a decline in product sales, then this is not yet a risk. However, if there is a possibility that sale declines unexpectedly, this is a risk of not achieving sales goals and similarly, every challenge or trouble the company goes through, as well as the demanding market conditions, are not a risk. On the other hand, the possibility of failing to enter a new market is.

Risks can occur everywhere in the company and can vary tremendously. “We can divide them into four quadrants according to the impact of the risk on the company and the probability that a particular risk will occur. One could easily say that we need to focus solely on those who have a big impact on the business and are very likely to happen. In reality, this is not entirely the cases, as there are not many of these risks in general. Even more, a company could not even , and the situation would be difficult to solve. Also, we can ignore those risks that have low impact and low probability. Therefore, the key to risk management is the risk field, where the effects can be catastrophic, but there is little chance that this scenario will materialize. This is why we refer to them as “black swans”. The field, where the effects can be catastrophic, but there is little chance this scenario will materialize, is key to risk management,” points out Igor Zgonc.

In the business community, risk management is not yet a fully established area. “According to our international survey, one one-fifth of companies evaluate risks and use risk modelling. As the most common risk, companies see a drop in their economic activity or a crisis; whereas political risk is among the less common risks, but it should also be noted that these results vary from country to country. What is very interesting for marketing is that the decline in a brand’s reputation is recognized as a grave risk. Unfortunately, in Slovenia, conducting research in a business environment and get real answers from organizations regarding their approach to risk management is not an easy task,” continues Igor Zgonc.

Internationally, the decline in the brand's reputation is recognized i as a grave risk.

-Igor Zgonc

For risk management, marketing is a vital function: “Marketing is the face of the company, as the business community, future customers and partners look at the company through these eyes. It is exactly this perception or reputation than can open new doors or destroy the company. Brand reputation and perception is the most obvious risk in the field of marketing, and then there is the illicit use of intellectual property, business ethics, internal communication with employees etc. To sum up, the key task of marketing is to strengthen trust among users and employees, because the growing trust reduces risk.

Marketing is the face of the company, as the business community, future customers and partners look at the company through these eyes.

-Igor Zgonc

Through the perception of risk management, marketing can gain importance from the company’s management and decision-makers. “Marketing has to understand the language of management, and the coming crisis will be an ideal opportunity for marketing to prove its value. Therefore, when management shrinks marketing budgets, prepare risk calculations. What will occur if marketing is unable to carry out its activities and tasks? What is the danger of the brand reputation falling, how will partnerships loosen, what are the challenges of unethical and false advertising? All this can lead to unpredictable costs for the company, which will be significantly higher than the savings due to reduced marketing investments. Marketing creates trust, which is a value that is very difficult to regain. The task of marketing is also to collect data, as making decisions on deficient or incorrect information can lead to huge costs,” advises Igor Zgonc.

When management shrinks marketing budgets, prepare risk calculations. What will occur if marketing is unable to carry out its activities and tasks?

-Igor Zgonc

Generally, risk management in Europe is not sufficiently valued; however, this is entirely different across the Atlantic. “A good risk manager is a central figure of the company in the US and the most likely next director. Why? Because a good risk manager communicates with everyone, from management to the production worker, he knows the processes and people well, and he knows what can go wrong. In Europe, and especially in Slovenia, this is rarely the case. Risk management is still perceived as a department that deals with bureaucracy and the preparation of risk tables, and that is also where it ends. But, risk identification is only the first step, whereas, in the next steps, these risks need to be managed and reduced. Similar can be said for risk management in marketing. First, we identify what could go wrong, but we then close these findings in a drawer and deal with ongoing tasks. Until a few months ago, we were in a period when everything was going well, and in times like these, it is tough to convince people that we need to prepare for different times as well. Now that they are coming, it is too late for preventive measures. Everything we can do is to curate them and prepare for what comes next.

As a company that is well prepared for the onset of potential risk, Zgonc points out the company ELES. They have prepared various risk scenarios of how to react in certain situations, meaning they will respond faster if these events occur. Lovro Gruden (Indigo Consulting) complements his thinking: “The companies in the energy sector and producers of energy-intensive products are well prepared for the current situation. These companies mostly have well-defined risks, especially concerning changes in the price of raw materials and changes in the behaviour of suppliers. On the contrary, those who are not ready at the moment are also thinking only about how to carry out key activities and sell off stocks. However, this way of thinking rarely leads to the right products that users need in this situation and are willing to pay more for them.

Example: Marketing and its inseparable dependence on numbers – One of the tasks of strategic marketing is to monitor developments in various markets. Suppose a company generates two million annual sales in market A and a million euros in market B. Without a broader context and a view through the eyes of risk management, we would be much more satisfied with Market A and plan further activities there. But what if market A is, for example, a Russian market where we sell to low-income companies, and market B is a fast-growing German market. Meaning, we can only raise the price in the Russian market to cover the potential risk of the failure of our customers, and market B is the one to which we must focus all our activities, including marketing.

A particularly big problem for companies is that risk assessments usually end up as printed Excel spreadsheets enclosed in a drawer. “Risk management is too often left to external auditors, who prepare the visualization in a way that marks the probability of the risk with a certain colour. That way, the company’s management has difficulties in understanding what it means if, for example, one risk is red, and the other is pink. We will catch their attention much faster if we present the fact that a certain risk will cost 10,000 euros and another one million euros. A comprehensive review helps the company implement processes to reduce risks. Proper visualization makes it easier to make decisions. We can write anything in Excel spreadsheets or paper, but the question is how useful they are. When we notice that something is wrong in the company, we first need to write it down and then find out why it happened. Only in this way can we manage the risks systemically.” points out Igor Zgonc.

The future is always tricky to predict. “We are all aware we don’t know what’s in store for us, so this is not a risk. Something new is definitely coming, be it a different way of doing business and living. So even this is not a risk. Risk is a complete unknown, which you can prepare for by planning all processes in the company in the direction of robustness and resilience. The robust operation of the company means that we can operate relatively smoothly even if we all have to move to home offices, and if fires, diseases or protests are raging around us. Key processes must run, no matter what. However, for risk management, the current period is certainly a time when the company’s management is more obedient to our advice. If we compare the current situation with the past crisis, the companies have become much more robust and resilient in the past ten years. During the previous crisis, companies prepared scenarios, adjusted processes and structure. However, there is still a lot of room for manoeuvre,” Igor Zgonc thinks at the end of the conversation.

Risk is a complete unknown, which you can prepare for by planning all processes in the company in the direction of robustness and resilience.

-Igor Zgonc

Lovro Gruden concludes: “The lack of cooperation between individual departments of the company in these times is a huge challenge. It can lead to deteriorating results or even the collapse of those companies that will not be able to effectively adjust their activities or decisions to the impact of risks. It is not enough to have established departments of marketing, sales, development or risk management if they are not connected and if they do not work effectively. With its activities, marketing can certainly help a company to identify and reduce risks, but only if it has a large enough influence in the company. However, it is a fact that it is through risk management that it can build and increase its influence in the company.


The conversation was published on the DMS page. To DMS members, a full recording of the conversation is available in their digital library

In spite of warnings and alarming situations from abroad, one or two weeks ago none of us could imagine the full extent of the effects of the corona virus. In just a few days, we have shut down businesses, closed offices, relocate businesses to virtual offices as much as possible, found web applications and IT tools to work remotely, and organized ourselves in best manner possible to minimize business losses. How to manage a company and its employees successfully in times of crisis, and more importantly, in the aftermath, remains the biggest question for all entrepreneurs as leaders these days.

The situation, which is certainly unique in modern history, requires a great deal of ingenuity and flexibility. In addition to curbing the spread of the virus itself, these days are also crucial for actively planning and managing business damage. Now is the time to take crisis measures which will affect the fitness of your business after the crisis. With the recovery in mind, you may or should ask yourself what should we do today to protect all the stakeholders that are important to us in the business process?

In the blog Risk Management & Business Continuity: Is Your Business Ready for Disaster?we already wrote about why a business continuity management system should be established. This time, however, we offer you a summary of tips on how to survive an outbreak of a corona virus in a business. They were prepared by the Boston Consulting Group, the consulting firm which in their recent global survey also found that only a quarter of companies is adequately prepared for a major external shock.


Sometimes, business executives think that employees, stakeholders and suppliers have enough information about what is happening and what decisions are made: Is that really the case now? Do all your employees and stakeholders know what they need to do and what is the current situation in the company?

In times of crisis, events change daily, sometimes even hour by hour. That is why it is crucial, especially in larger companies, that your communication with key stakeholders is focused and controlled: meaning that all relevant information is located on one (web) site, is easily accessible to everyone, and also that your organization reports consistently. Make sure your conclusions, opinions and instructions are structured and organized and avoid mixed messages, ambiguities and misinterpretations that can also lead to the spread of untruths and perplexity.

During this time, leaders and communicators need to work closely together to establish a crisis communication strategy I which you define the key speakers, topics, channels and frequency of messaging. Be aware that on your involvement will reflect on how your (non) crisis preparedness will be perceived by employees and external audiences. Building confidence and constantly informing people about what is happening, taking action and making decisions is therefore a prerequisite for maintaining stability.


Certainly, this time is not easy for anyone – keep this in mind even if one of your regular business partners is not able to make the deal or make the payment on time. It may be appropriate for you right now to consider extending payment deadlines, adjusting prices or offerings. The moments we are witnessing require listening to a fellow human being and understanding the context of the situation. Maintaining humanity and good relationships is therefore a core value that will pay off in the long run.

It is also a good time to think outside the box: what can you, as a business, to help your clients getting through this difficult period? The answer to this is your added value, which will be appreciated long after the crisis is over. How can you redeploy teams and stabilize supply chains using security stocks, alternative resources and new collaborations? Now is the time to be flexible, communicate with all existing and new relevant stakeholders and design temporary solutions. We are also convinced that the time is right to establish a range of collaborations and innovations that may also bring you the start of new, successful stories.

Get involved socially as much as possible. Every day we hear new, positive stories about how the home economy is activating and finding solutions to the health and social system in times of distress. That way you not only become part of the solution – you also build trust in your brand and showcase what values you as a business live on.


The current situation and the crisis need to be viewed from several angles in order to take the right measures and at the same time ensure business stability to the greatest extent possible. Your crisis management team should include experts in various fields; it is also imperative that the latter have the power to make decisions within the short time available to them.

Among the measures that are crucial for the duration of the quarantine is, first and foremost, the protection of the people and the provision of adequate protective equipment: for employees as well as for everyone with whom you are in contact; it is also essential to maintain and visibly support those employees who are at the same time fearful and are also facing private challenges.

It is also high time for any flexible work plans that involve teleworking or other solution infrastructures. And with that in mind, switching to digital tools for remote work is a great solution, but remember that it also puts a strain on your existing IT system. Therefore, pay special attention to the security of your communication and ensure adequate protection.

In the meantime, it is especially important to look as realistically as possible at the current situation and any damage that has already occurred, and determine where mitigation is needed and how long it will take you to re-establish your business. The key is to be aware of which company activities are systemic and which are optional. Above all, operations that are critical to you need appropriate plans to protect them. Be sure to be rational in financial terms, too, and prudently handle wages, promotions, new hires and similar additional expenditures, so as not to overburden the system.



The eyes of the whole world are now focused on limiting the impact of the new virus and in reality, none of us can know for sure what its long-term consequences will be. Certainly, we can also take the crisis as an opportunity to learn, because in a short time it has shown us where our weaknesses are in the processes and also what we are strong at!

All businesses will need to take greater account of the principles of flexibility in policy development in the future, as we are again confronted with the fact that everything is changing and nothing is forever. The longer the crisis will last, the more changes we can expect. Already think about potential changes in your end-customers’ buying habits, greater digitization of services and offers, but most of all – stay home and stay safe. Even the crisis will one day pass – and then it will be time for new ventures again.

Change has always been a common part of business; and yet today, companies are feeling overwhelmed by the pace of development and technological change. As a consequence, only a few risk departments think they are adequately prepared for technological change, and that they also enjoy the support of their organization. In such circumstances, how will we manage the risks tomorrow?

What are the biggest challenges ahead?

Let’s go back to the beginning. If we aim to manage risks well, we must first know which risks need managing. What are the biggest challenges for our company? When looking at various survey results, I came across some interesting information.

The Risk Survey in Organizations for 2025 found that the greatest uncertainty lies in the technological change. The fact is, we now live in an era of new technologies, reaching from self-driving cars to medical consultations online. Internet of things (IoT), blockchain, artificial intelligence (AI), robotics and big data are already changing the way we work, and how we work and therefore represent both, opportunity as well as risk. However, five to ten years is a very long period to predict. Who in 2009 could have imagined the scope of success for companies like Uber and Airbnb?

The survey also found that only 24 respondents said they evaluate the risks. Only 20 percent use risk modeling, and 12 percent said they didn’t have a formalized process for identifying risks. Below there is a list of issues that businesses consider the most pressing, and as you can see, after a few years of pause, the economic crisis is again in the first place.

These are the risks that companies are facing. However, the obstacle that most of them will have to cross is the change in the traditional mindset of risk managers and all those who manage the business so they begin to perceive risk as an opportunity to achieve business goals more effectively. In doing so, risk management will no longer be a mere “reporting”, but a shift on to understanding where and why each problem arises, and what are the necessary challenges to overcome similar problems.

To do this, we will need to integrate risk management into the core of a particular business and its decision-making. This paradigm shift will place risk management at the value chain higher, as risks will become part of the discussion at the highest levels. Then, the risk managers will be able to provide a deeper analysis of breaches and give the managers the means to understand how and where the strategy implementation leads to failure, rather than simply reporting the risk values. Likewise, such a risk management system will already to some extent include culture, involvement in strategy formulation and value creation as part of the risk management agenda. Only that way, organizations will be able to move from preventive behavior to integrating the risk appetite debate into the decision-making phase, which will enable them to consciously consider the risks and their impact.

This is why, despite the negative outlook and the significant rise in the number of risks, my answer to the question of how will we manage risks tomorrow is – better. Why? Because we will be equipped with the right information at all times, and able to make better decisions.

To know where we are going, we first need to learn where we are (and were)

The first risk managers were merely buying insurance for their businesses. They were dealing with a so-called net risk, which describes potential losses that occur in the event of fires, floods or lawsuits for defective products. All those liabilities were then protected by the company through a proper form of insurance. That is why it is often said that the traditional concept of risk management is only related to the identification of the risks in the business environment, and risk management through the mitigation controls.

Nevertheless, the approached changed over time. If the system in 2013 was still focused on internal risk controls, the modern system is already focused on enterprise-level risks and is therefore much broader. It no longer deals with net risks, but also with speculative risks.

These include business risks, such as currency fluctuations, market embargoes, and damage to reputation, or in other words, the types of risks where companies are not only hedging against losses but are also looking for profit opportunities. This type of risk management can also be called entrepreneurial risk management and has gained considerable momentum in recent years.

What does the “new” approach to risk management bring?

Today, in small and mid-sized companies, the responsibility for managing insurance, security, and risks is usually transferred to the employee in the company’s finance department. Similarly, in larger companies, the HR directors are hired to take care of business risks. An improved process will lead to a positive outlook for risk management only when companies understand and decipher how risks positively affect their business.

Increased involvement of risk managers in achieving the business goals will also mean that the risk managers will once know risks better than the staff. At the same time, this means increased involvement of risk managers in achieving the business goals of the organization.

What will be the role of the digitalization?

In my opinion, the digitalization of risk management is also the key to answering the question of how we will manage risks in the future, since the process, and therefore the entire experience will significantly change. We may be risk managers or even CEOs today, however tomorrow we will all do our jobs differently:

–    Risk managers will be able to focus on more strategic and high-value decisions as the routine work will be automated, with fewer exceptions that require manual management. Using advanced analytics, they will be able to visualize information that is difficult today (such as demanding correlations and trend analyses) to help an organization or department optimize their decisions and offerings.

–    We will introduce a centralized “brain” center representing a central information point that will be able to learn intelligently and provide us with improved connectivity and extraordinary risk sensing (credit, market and operational). The assessment of these risks will be immediate, followed by the establishment of risk mitigation strategies and dynamic adaptation to constraints. Such a center will, therefore, improve the identification of future risks and the management of different types of risks. The risk managers will use their own highly customizable displays to access these centers which can delve into the most important numbers and perform real-time analyses of their definitions.

–    Management of the organization or individual areas will be able to receive automatically generated strategic advice on risk-related business decisions, such as identifying risk-taking opportunities, reducing unwanted exposures, managing investment portfolios and allocating capital. Here too, leaders will rely on their visual tools to provide advice at any time and with an appropriate level of accuracy (such as specific markets, portfolios, or products). These tips will be based on active analytical processes, meaning that CEOs will rely on a tool that directly displays results related to their specific work, such as the impact of credit and market risk-taking on a country’s risk under different macroeconomic scenarios.

–   Customers and partners will be able to receive individualized experiences that meet high expectations. We will be able to be present at key moments in their work, helping them to make more informed decisions, skilfully anticipate their needs and provide customized solutions. Customers will not have to communicate over large channels or browse through piles of paper.

–    Regulators will be able to move beyond receiving reports to (near) real-time data reporting. Regulators will be able to immediately perform ad hoc analyses (such as improved stress tests) and enable improved management of systemic risks. Similarly, they will be able to control affiliated organizations in the same, digitally supported way.


What is the most likely future?

The future holds many possible scenarios, however, in the next five to ten years there is still a wide range of possible end-states. Organizations will probably continue to do as they do today, whereas the winners will differ in their ability to take advantage of new digital opportunities and the interface of competition with new digital players in the areas where they have established their presence.

The changes described above will also mean that the skills needed for the risk management of tomorrow will be rather different from those of today by refocusing skills beyond traditional “manufacturing” activities and through flexible analytical and consulting skills. Therefore, risk management teams should be seen as a company’s strategic partner, fully involved in the strategic planning process and agile in managing change.

Risk managers should evaluate where each of their current and future activities can be pursued. Can the task that remains in-house be relocated? Can you automize the tasks, or even rely much more on third-party applications?

How can we help you manage risks?

All these changes, as well as our many years of experience, have led us to the decision to create a new platform that will support the enterprise risk management process in all possible versions of the future. Our goal is to provide risk managers with an ultimate tool for tomorrow. What does that mean?

Such a risk management platform has to be highly adaptable to enable you to work in a cloud or using an internal network; it must meet the needs of one or thousands of users; it must be modular so each organization can mold it to its needs; it should also be open to integration with all types of other existing and future systems;  adaptable for maximum automation of data entry and processing, safe and accessible to all at any time or place; full of pre-set good practices, yet able to expand further, complex in performance but easy to use. And, the latter may be the biggest challenge.

Why all this? Because we want to add value to the organization using the SBR platform. We wish to give you the tool that can help you solve serious problems arising from the lack of the right information in everyday decision-making, thereby reducing the time it usually takes to acquire the latter, and last but not least, increasing your value.

PS: If you have a question about risk management or you just want to leave me a comment, feel free to send me a message directly at [email protected].


Contact our team if you need help with risk assessment.

For more information about risk management follow our LinkedIn & Twitter account. You can join the debate in Linkedin group ERM – ENTERPRISE RISK MANAGEMENT.

The role of ROI in managing organisational risks

When something happens within an organisation, it is easy to quickly evaluate the effect of said event and determine the responsible department or person. It is more complicated, however, to do the opposite: if nothing earth-shattering happens within an organisation, it is almost impossible to prove that a responsible, conscientious risk manager (RM) is to thank for this. What is more, the management usually takes the credit. (Truth be told, this is not so far-fetched either, since it was the management who brought a good RM on board!)

According to the above, we can conclude that the key issue in risk management is to be able to prove that the system is working. The role of a good RM is to help an organisation attain its objectives by reducing the possibility of derogation or by preventively reducing the consequences of potential derogations of the company on its way to attain its objectives. This means that the RM is playing an extremely important role in his workplace, making him the scapegoat for most of the issues, but receiving little praise for the preventive measures undertaken.

However, the RM’s duty is to help the organisation. His contribution or the value of the entire ERM process can therefore only be measured if we know the company objectives, thus measuring how the ERM system functions in relation to the objectives set.

Here are a couple of questions to help with that:

Compliance: Are we complying with our own directives and policies in our risk management system?
Maturity: How does our risk management system compare to best practices and to our competitors?
Added value: Does our system contribute to achieving the objectives and results of the organisation and, if so, to what extent?

You might be surprised to hear that usually, the hardest part of measuring the effectiveness of a risk management system is to prove that it is contributing added value to the company. In other words: you’ll be able to answer the first two of the above questions relatively quickly and confirm whether you are complying with the standards you commit to in your company, and if your risk management culture or maturity is improving. However, it is a little harder to comply if the management requires proof that the risk management investment is actually paying off in the form of better results. Harder, yes, but not impossible!

We measure the achievement of business objectives through key performance indicators (KPIs) and performance criteria. In other words: when we manage risks in an efficient manner, we are also familiar with all uncertainties that can affect our business objectives, which makes us better equipped for managing all the risks that appear. This also means that the key performance indicators need to be improved on in order to measure the effectiveness of the ERM system!

Silver Bullet Risk - BLOG - ERM - Enterprise risk management - ROI Vision

The benefits of an ERM system are two-fold:

Limiting surprises
Adding value

Of course, we must also realise that the ERM process is not a magic trick. In spite of a well-established system, bad and unpredictable things will keep on happening in companies. However, the system will help you to be better prepared when they do, react faster and in an organised manner, and have all the resources ready to pull the right strings, thus significantly improving the decision-making process within an organisation.

The ERM system also adds other benefits, becoming an indispensable part of business plans as management discussions regularly include risks and uncertainties.

Transparency: even though in many organisations, this value is not (yet) a priority, it represents an enormous advantage for owners and employees alike.
Discipline: when employees, business processes and departments familiarise themselves with risks and suitable measures, the robustness of the organisation increases, thus raising the level of the internal risk management culture.
Clearly defined objectives: For an ERM system to work well, the objectives of the organisation must be clearly defined for all interested parties, which is a task often not implemented in a suitable manner. Clearly defined common objectives and potential obstacles leading to them provide for significantly better results. An organisation must actively react to changes in the environment and the business processes, thus further decreasing the possibility of wrong decisions or missed business opportunities.
Simpler allocation of capital or allocation of funds: Comprehensive information, including risk-related data, allows for a simpler allocation of funds and an easier segmentation, regardless of whether we’re preparing the pricing policy for individual products, markets, clients, and competitors, or comparing risks and income.
Increased trademark reputation: A good ERM system allows us to protect the trademark and the reputation of a company or an organisation. It not “only” affects the value of shares but also contributes to the value of the entire organisation, which is the most important piece of information for the supervisory board and the owner.

Next time, we’ll tell you all about how to deal with each individual KPI!


For more information about risk management follow our LinkedIn & Twitter account. You can join the debate in Linkedin group ERM – ENTERPRISE RISK MANAGEMENT.

New Year brings new beginnings – this goes for us too! As with the right synergy, one plus one can be three or more, we proudly announce the merger of two risk management companies – Silver Bullet Risk and Fermion. With our joint market approach, we wish to offer to the domestic business environment the most complete range of services and modern risk management tools in one place.

Silver Bullet Risk is a well-established name for standardization and risk management among managers, while Fermion is the leading Slovenian company specializing in financial risks. By combining our vast knowledge and experience under one roof, we will now strive to offer our partners and customers even more.

For this purpose, we present the following:

In our environment, risk management is too often underestimated. However, global trends, including the ISO management standards, place it at the very heart of the modern management culture. That is why we wish to bring this specific knowledge closer to the Slovenian experts, and by understanding the impact of risks on your organization help you with better decision-making.

We announce the fifth full-day conference dedicated to enterprise risk management will take place on Thursday, April 18, 2019. The event will feature exceptional lecturers and offer you the most comprehensive industry insight.

We invite you to socialize and exchange opinions in our expert group on LinkedIn. If you are interested in managing your risks and wish to participate, follow this link.

It is important to us to offer you content that addresses real and existing challenges in your business environments. For this reason, we kindly ask you to fill in a short questionnaire, and share it among your colleagues, partners and clients who (in)directly deal with this area. Follow this link or click on the button below:

Participate in the survey


In our team of risk management experts, we believe that good decisions occur when the same information is viewed from different people, and different angles. That is why are excited to hear your perspective and form our offer to better fit your needs.

Risk Evaluation is the process used to compare the estimated risk against the given risk criteria so as to determine the significance of the risk.

Managing risks in a company starts with a decision to strategically manage risks organization-wide. Risk management team or executive(s) who is(are) responsible for implementing the process must first put together a plan that comprises all the elements that impact risk management process and assemble a team to execute the plan.

What steps should be included in a risk management plan?

An effective risk management plan and following process takes a few steps to achieve. An overview of those processes can be summarized in five steps below.

Silver Bullet Risk - BLOG - ERM - Enterprise risk management

1. Risk management team
First, a risk management team or an individual responsible for the risk management process must be appointed. Usually, the bigger the company, the bigger the team, as more departments are involved in a larger organization. And as risk management culture dictates involvement of all stakeholders in a company, teams can get broader, but the core risk management team holds the process together.

2. Analysis
The whole organization is under the scrutiny, as risks can be known or unknown anywhere in the company. Thorough investigation must be commenced, involving all departments, all organizational and business processes; and all stakeholders who impact the risk assessment.

3. Identification of risks
Recognizing risks can be a daunting task, as some processes are not obvious to be open to risk impact. The goal here is to treat all the processes as risk-prone and later inspected, what kind of risks and if, at all, are possible for impact.

4. Prioritization of risks
When we have all the risks identified, they must be sorted in various ways, according to their impact on organization. Risks with bigger impact have of course higher priority.

5. Monitoring the risk
Strategy is only as good as it is executed. So is monitoring of business processes or in this case, monitoring risks that are identified in an organization.

Silver Bullet Risk - BLOG - ERM - Enterprise risk management

One of the important steps, outlined in this blog, is evaluation of risks. It’s the step where risks are measured and compared through various factors. Risk evaluation allows you to determine the significance of risks.

Evaluation of risks can be done in a various ways, using all sorts of tools and methods. One of the most efficient ways is to sort the risks by scoring and prioritizing them.

Scoring the risks

Scoring (or ranking) is usually mapped with parameters on impact (or consequence) and probability of each risk.

Impact: Every risk is assessed on the impact it has in case of materializing and what kind of consequence does it present in a company. Low impact risks don’t have any significant impact on business processes or organization at large. High impact can alter the course of business, they have impact on company success or even failure.

Probability: In this scoring processes risks also get an assessment form low to high. Low probability risks are the ones who are considered (almost) never to happen. High probability means they are likely to happen and must be considered in any case in the future.

Prioritizing risks

After scoring all the risks, it’s time to cross-match impact and probability. Not every very probable risk has a big impact on the company, and not every risk rarely occurring poses just a small impact.
That’s why it’s useful to develop a grid map with impact level on one axis and probability level on the other (Risk grid map).

Silver Bullet Risk - BLOG - ERM - Enterprise risk management

The approach of prioritizing risks results in a risk grid map for developing 4 mitigating strategies.

Low impact & Low probability
With both scores low, risks are not actively mitigated, but mostly only monitored.

Low impact & High probability
This strategy proposes mitigating risk through reducing the frequency of occurrence.

High impact & Low probability
Although probability of risks materializing is low, it can have big impact if or when it occurs. That’s why reducing the severity of risk happening is advised.

High impact & High probability
These are the kind of risks we most definitely don’t want to meet and we want to avoid them. Strategy here is to reduce the severity of impact and to reduce the frequency of an occurrence.


For more information about risk management follow our LinkedIn & Twitter account. You can join the debate in Linkedin group ERM – ENTERPRISE RISK MANAGEMENT.

A story on how risk management tool will help your organization get from passing judgement to making risk-informed decisions and that on how Silver Bullet Risk tool was born.

More than 10 years ago, I had an important meeting with a German company. To decide upon the future of their corporation, several risk factors had to be carefully studied. This was the reason Igor had to prepare and deliver their boss a comprehensive, 40-pages report in Excel. Can you imagine the look at that man`s face? The was also the day the idea for Silver Bullet Risk management tool came to life.

Silver Bullet Risk - BLOG - Upravljanje tveganj

I knew this kind of situation happens often. And he was more than familiar with the feeling on both sides of the table: the person who needs to make an informed decision gets furious for having to go through all the data, whereas the person who is in charge to prepare them feels paralyzed as he or she simply doesn’t have the necessary tools, knowledge or time to gather and make sense of all the information necessary.

Would it be possible to mitigate all company`s risks in order to read the information faster, better and most importantly, act on them in due time? This was and still is the main motivation behind developing Silver Bullet Risk.

Even more, our research showed that even today and despite the increasingly demanding market, it is the mid-size companies that the most often don`t devote enough time, energy or resources to manage their risks strategically. For many of them, risk management is still a somewhat “intangible” area and, therefore, at least at first glance, doesn’t give them clear or profound results.

However, no matter where you operate, problems that have been identified in similar business environments all over the globe are that the management, supervisory boards owners, internal and external auditors simply don’t have a comprehensive overview of their key risks and therefore cannot predict nor act on the possible outcomes.

Risk reports are not supported by financial impacts on the organization itself. Employees don’t have adequate information and a methodological support in their divisions to organize and strategically follow up the risks. By using spreadsheets, their work is time-consuming, not transparent, audit trails are impossible to provide and history unverified, and the preparation of more comprehensive reports, based on a uniform methodology, is virtually impossible.

However, if implemented correctly — risk management works and does wonders! When that is the case, you will practically not know it exists. Whereas in case of the opposite — you surely will be glad to have made the correct predictions, risk scenarios and possibly avoided a huge catastrophe.
Thus, the goal of Silver Bullet Risk is that the mid-size organization management gets a comprehensive overview of all the risks their organization is faced with. This is the basis for risk-informed decisions and not just judgment passing! Our tool is a kind of radar to see how to avoid the risks and act upon the information wisely.


For more information about risk management follow our LinkedIn & Twitter account. You can join the debate in Linkedin group ERM – ENTERPRISE RISK MANAGEMENT.

Immutability, transparency and blockchain private ledger aim to provide business advantage in risk management industry.

In a quest for real life blockchain implementations, risk management is also looking for ways to use the promises of blockchain to better serve their risk management clients.

Some of the main features of blockchain technology are immutability, transparency, security, distributed ledger and many other technological and cryptographic elements. As risk management industry is exploring the potentials of blockchain technology, few blockchain elements are being considered as the front runners for the ideas and implementations.

Silver Bullet Risk - BLOG - ERM - Enterprise risk management

Immutability in Risk Management

Following trends in business is crucial for insights on what’s going on the market we’re in. Future, of course, is something that is always changing and we cannot control directly. However, we can have an influence on the future with better management of the history and staying on top of present.

The history, as it stays the same, we can use to better understand our present and future business. To ensure business history stays forever unchanged, for the purposes of conducting a solid business, the immutability of blockchain can serve as the platform to provide an audit trail feature.

In business that means that every operational transaction is captured in the system as it is, unchanged and forever documented, without the option to delete it or any other way tamper with the information. In risk management, an audit trail is the process of ensuring data integrity, an operational history “written in stone”.

Public vs Private Ledger

Blockchain was first designed as a public ledger, where everyone could see the content on the chain. As more enterprises join the blockchain revolution, private chains are being developed, meaning each organisation can also implement private blockchain for the purposes of running their own business process and ecosystem on the blockchain.

In risk management, main stakeholders are a part of the company’s structure. That would enable private blockchain to enter organisational process, choosing their own consensus algorithm and enable stakeholders to make contributions according to the rules, specified in the organizational smart contract.

Transparency as Business Advantage

One of the aims of Silver Bullet Risk is empowering stakeholders. Blockchain technology and its feature of transparency can help underlie the platform to enable all who participate in the business process to be able to track, understand, audit and provide an input to maximize risk management work efficiently and with that participate in the final assessment of risk management in the organisation.

Having that kind of transparent internal business processes can lead to a smother business operations, eliminating mistakes and supporting efficiency of all stakeholder and company at large.


For more information about risk management follow our LinkedIn & Twitter account. You can join the debate in Linkedin group ERM – ENTERPRISE RISK MANAGEMENT.

Every new solution in company’s business processes needs to deliver added value to all stakeholders in the organization, from leadership to employees.

Managing risks is one thing most companies look at only as a management value, without realizing that it needs to connect through every department in the organization.

Silver Bullet Risk solution introduces single solution, enabling stakeholders and responsible employees to contribute to the final key risk assessment.

Identifying and acting upon risks in your organization is one of the crucial processes in managing a successful company. And exposure to risks opens company’s vulnerability in vast array of processes, from strategic to operational, to financial performance.

That’s why every company’s leadership should ask themselves the following questions:

• How much profit is lost in the last five years due to not managed risks?
• Is there a systematic overview of all the potential risks that affect the company? How is a reliable analysis performed?
• Does the company’s management have access to the necessary aggregated information on the risk factors affecting EBITDA
• How much time and effort are spent on managing risks?

Answers to those questions can be provided through our Silver Bullet Risk innovative solution, where company’s economic information is accessible and transparent to all involved anytime, anywhere; through familiar work environment that enables all contributors to work seamlessly.

What is Silver Bullet Risk management tool?
Silver Bullet Risk is a risk management tool that is designed to meet the individual needs of any company, no matter the type or structure. It boosts work cooperation, economic transparency and state of the art risk management.

Its main purpose is not just compliance, but rather a direct impact on EBITDA!
With Silver Bullet Risk management tool, risk management team work is optimized as a result of tools ability to gather information on potential threads. Consequently, the company’s decision makers have constant access to holistic and up to date information on key risks impact on the company’s financial performance.
Decisions based on the concise overview of strategic, financial and operational risks can now be made more efficiently and in no time!

Silver Bullet Risk - BLOG - ERM - Enterprise risk management

It’s time to bring to light what is out of sight. Mitigate risks, create EBITDA!

Silver Bullet Risks is a tool that helps the company’s management, manage! Daily!


For more information about risk management follow our LinkedIn & Twitter account. You can join the debate in Linkedin group ERM – ENTERPRISE RISK MANAGEMENT.