February 5, 2019

Management Training and Awareness: Part 2

Risk management may seem simple enough in theory, but not all employees have the necessary skills and competencies to successfully apply it in practice. One of the key components in driving change is employee training and development.

Conduct training for “risk-champions”

Provide additional risk management training to the in-house risk management team and business units responsible for internal control, audit, finance, strategy and others. Risk managers may conduct it personally or outsource to third-party providers. In-depth risk management training should include (this example is based on the actual risk management training provided by Institute for Strategic Risk Analysis in Decision Making (ISAR) and RISK-ACADEMY):
Risk Management Foundations
  • Definition of risk
  • History of risk management
  • International and national risk management standards
  • Introduction to finance, project management and process management
  • Introduction to statistics
  • Insurance basics
Risk Management in Decision Making
  • Identification of risks associated with decision making or goals/KPIs achievement
  • Risk analysis in decision making (sensitivity analysis, scenario analysis, Monte-Carlo simulations, decision trees, scoring models)
  • Risk mitigation and risk-based decision making
  • Disclosure, reporting, monitoring and review

Psychology and Risk Management Culture
  • Risk psychology and cognitive biases in decision making
  • Risk management culture
  • Principles of risk management ethics

Integrating Risk Management into the Business
  • Understanding the organisational appetite for risk
  • A roadmap for risk management integration:
  • Developing new and updating existing policies and procedures
  • Integration into decision making, planning, budgeting, purchasing, auditing etc.
  • Risk management roles and responsibilities, risk management KPIs
  • Integrating risk information into management reporting
  • Resources required for the implementation of risk management
  • Auditing risk management effectiveness
  • Risk management continuous improvement
  • Risk management software


More information about training programmes or to order training for your company go here >
If you are interested in sitting the G31000 certification exam after the training and receiving a risk management certification, go here >
Make risk training competency based
Just like any other business expense, a risk management training budget needs to be justified. And just like any investment decision, risk management training needs to show adequate return on investment. Training costs money: the development process, hiring trainers and getting employees to dedicate time away from their workplace to participate in training.
One useful way, suggested by risk managers we interviewed, was to make all risk management training competency based and setting KPIs to check for noticeable improvement in the quality of risk-based decision making. Each training session should start and end with competency tests. Surveys should also be conducted one month and six months after the training to test for knowledge retention.
Develop certification programmes for employees in high-risk activities
Another useful suggestion is to develop an internal risk management certification for employees working in high-risk activities. This will ensure staff working in high-risk activities, like manufacturing, trading, insurance, security and others, possess adequate risk management skills and remain aware of the risks associated with their work.
Certification programmes may be developed internally or outsourced. Depending on the high-risk activity the certification may be high level or in-depth, in any case it should test:
  • Understanding of legal obligations
  • Awareness of risks in the workplace
  • Ability to make quality decisions under uncertainty
  • Understanding the protocol for communicating and escalating risks
  • Evidence of moral and ethical behaviour
Use passive learning techniques
Make sure that risk management information is available to employees, contractors and visitors. Place Risk Management Policy on the intranet and the corporate website, record and publish risk management training or awareness sessions videos on the dedicated risk management intranet page.
Invite guest speakers (risk managers from other companies) to speak at the Audit Committee or Risk Management Committee and give employees the opportunity to participate. We have used this in the past and it worked very well.

Periodically post useful risk management related articles and research papers on the corporate intranet. Make the risk management information easily accessible to staff.

Alex Sidorenko - Risk Academy - Risk Management - Feature Writer - INX Software

Alex Sidorenko, Owner and Chief Risk Officer, Risk-Academy

Alex Sidorenko is an expert with over 14 years of private equity, sovereign wealth fund risk management experience across Australia, Russia, Poland, and Kazakhstan.

He is the owner and Chief Risk Officer at Risk-Academy, which provides risk management education and consulting services, and the Risk Management Advisor at Neironix.

In 2014, Alex was named the Risk Manager of the Year by the Russian Risk Management Association.

Want to know more? Then don’t hesitate to get in touch with us >

INX Software

Be informed of the latest industry news, key updates and our product and version releases, by following us on LinkedInFacebook, and Twitter. You can also get them delivered straight to your mailbox here.