business plan for risk management

Creating a Comprehensive Risk Management Plan: A Step-by-Step Guide

Visual representation of a risk management plan by Aevitium LTD

In today's fast-paced business environment, risks are inevitable. From market fluctuations to cyber threats, businesses face a variety of risks that could impact their operations, finances, and reputation. A comprehensive Risk Management Plan, sometimes referred to as a risk response plan (or the plan), is crucial for identifying, assessing, and mitigating these risks. This guide will walk you through the key components of developing an effective plan for your organisation.

TABLE OF CONTENTS

What is a Risk Management Plan?

Key benefits of a risk management plan, what are the 5 steps to a risk management plan, best practices for an effective risk management plan, how to maintain the risk management plan, risk management plan faqs: what you need to know.

A risk management plan is a structured approach that outlines how an organisation will identify, assess, manage, and mitigate risks that could impact the achievement of its objectives. The goal is to minimise the adverse effects of risks while maximising opportunities.

Proactive Problem Solving: Allows organisations to anticipate potential risks and prepare solutions in advance.

Resource Allocation: Helps allocate resources effectively to areas that need the most attention.

Regulatory Compliance: Ensures that the company adheres to industry regulations and standards.

Stakeholder Confidence: Builds trust with stakeholders by showing a proactive approach to risk.

Step 1: Identifying Risks

The first step in creating a risk management plan is identifying potential risks. These can come from various sources such as internal processes, project risks, external events, market changes, or technological advancements.

Types of Risks to Consider:

Operational Risks : Issues related to internal processes, systems, and people.

Financial Risks: Market volatility, credit risks, or economic downturns.

Reputational Risks: Customer complaints, public relations crises, or social media backlash.

Cyber Risks: Data breaches, cyber-attacks, and software vulnerabilities.

Regulatory Risks: Changes in laws, compliance issues, or governmental actions.

Tools for Identifying Risks:

SWOT Analysis (Strengths, Weaknesses, Opportunities, Threats)

Risk Workshops: Engaging team members in brainstorming potential risks.

Checklists and Risk Registers: Keeping a record of all known risks in an industry.

Step 2: Risk Assessment and Prioritisation

Once risks are identified through risk analysis , the next step is to assess their potential impact and likelihood. Risk assessment allows organisations to prioritise which risks need immediate attention and which ones can be monitored over time.

Assessing Risks Based on:

Likelihood of Occurrence: How probable is the risk? Is it a rare event or a frequent occurrence?

Impact on Business : What would be the financial, operational, and reputational consequences if the risk materialises?

Risk Assessment Matrix:

A risk assessment matrix is a visual tool used to plot risks based on their likelihood and potential impact. Risks that are high in both likelihood and impact should be addressed first.

Step 3: Risk Response and Mitigation Strategies

After prioritising risks, including those identified through project risk management, the next step is to develop strategies for mitigating or responding to them. There are four main risk response strategies:

Avoidance: Eliminating the risk entirely by changing plans or operations.

Reduction: Minimising the impact or likelihood of the risk by taking preventive actions.

Transfer: Shifting the risk to a third party (e.g., through insurance or outsourcing).

Acceptance: Acknowledging the risk but deciding to proceed without action due to its low likelihood or impact.

Common Mitigation Techniques:

Business Continuity Plans (BCP) : Preparing for potential disruptions in operations.

Insurance Policies : Transferring financial risks to an insurance provider.

Technological Safeguards: Implementing cybersecurity measures to protect data and systems.

Employee Training: Ensuring staff are aware of risks and how to handle them.

Step 4: Assigning a Risk Owner

An essential part of executing your plan is designating a risk owner—the person or team responsible for managing specific risks. Without a clear risk owner, there can be confusion over who is accountable for monitoring and mitigating a risk, which may result in delays in response.

How to Assign a Risk Owner

Identify the Relevant Risk Start by fully understanding the risk that needs management. Analyse its nature (operational, financial, strategic, etc.), the potential impact on your business, and the likelihood of occurrence. This will help determine which part of your organisation is best suited to handle it.

Choose the Department or Function Determine which department is most directly impacted by or responsible for the area of the risk. For example:

Financial Risks: Likely managed by the finance department or CFO.

Cybersecurity Risks: Best handled by the IT or security team.

Compliance Risks: Typically assigned to legal or compliance officers.

Assign the risk to the department with the appropriate expertise and proximity to the risk.

Select a Person with Authority The risk owner must have the authority to make decisions and implement mitigation strategies. Ideally, this person should:

Have sufficient influence over the affected areas.

Be knowledgeable in the field of the risk (e.g., a CFO for financial risks).

Be accountable for the outcomes related to the risk’s mitigation and management.

Define the Risk Owner’s Responsibilities Clearly outline the risk owner’s role to ensure smooth execution. Responsibilities should include:

Monitoring the Risk: Continuously assess the risk for changes in status or severity.

Mitigating the Risk: Oversee the implementation of mitigation strategies and preventive measures.

Reporting on the Risk: Regularly update key stakeholders on the risk status and actions taken.

Escalation: Ensure that significant risks are escalated appropriately when they exceed acceptable limits.

Enable Collaboration Across Departments Risks often span multiple functions or departments. Ensure that the risk owner collaborates effectively with other teams to manage cross-functional risks, gather necessary information, and execute mitigation strategies.

Provide Necessary Resources It’s vital to equip the risk owner with the resources required to manage the risk, including:

Adequate budget for mitigation efforts.

Access to key personnel and tools.

Support from leadership to make decisions and take action.

Review and Adjust Periodically Risk ownership may need to be re-evaluated over time. Changes in the organisational structure or the nature of the risk might require reassignment of responsibilities. Regular reviews during risk audits ensure that ownership remains appropriate and effective.

Step 5: Monitoring and Review

Risk management is not a one-time activity. It requires ongoing monitoring and regular review to ensure that new risks are identified and existing ones are adequately managed.

Key Elements of Risk Monitoring:

Regular Audits: Conduct periodic reviews to assess the effectiveness of risk mitigation strategies.

Risk Indicators: Use key risk indicators (KRIs) to signal when a risk is escalating.

Reporting Systems: Maintain a transparent reporting process for risks, ensuring that stakeholders are aware of the current risk landscape.

Step 6: Documentation and Communication

A well-documented plan ensures that all stakeholders understand the risks, the response strategies, and their roles in managing these risks. Clear communication is essential to ensure everyone is aligned and prepared.

Components of Risk Management Documentation:

Risk Register: A detailed log of all identified risks, their assessments, and mitigation actions.

Action Plans: Clear guidelines on how to respond to specific risks.

Roles and Responsibilities: Defined roles for each team member involved in the risk management process.

Are you ready to take control of your business risks? Let our experts at Aevitium LTD help you create a comprehensive risk management plan tailored to your unique challenges. From risk assessment to mitigation and ongoing monitoring, we’ve got you covered every step of the way. Contact us today to get started.

Effective Risk Management and Monitoring means proactive risk for optimised returns.

Involve All Stakeholders: Risk management is a team effort. Include all departments and key stakeholders in the process.

Stay Informed of Industry Trends: New risks can emerge from changes in technology, market trends, or regulations.

Update the Plan Regularly: As your business evolves, so should your plan. Review and update it regularly to reflect new risks and strategies.

Use Technology: Leverage risk management software and tools to automate and streamline the process.

Creating such plan is not a one-time activity. To remain effective, the plan must be continuously maintained, reviewed, and updated as new risks emerge or business conditions change. Failing to maintain the plan can result in outdated information and inadequate responses to evolving risks.

Conduct Regular Reviews

Schedule periodic reviews of the entire plan, at least annually or whenever significant changes occur in the organisation. Key areas to assess include:

Emerging Risks : New risks may arise due to changes in the market, technology, regulations, or internal processes.

Effectiveness of Mitigation Strategies: Evaluate whether existing risk mitigation strategies are working as intended or need adjustment.

Risk Assessment Adjustments: Reassess the likelihood and impact of each risk to ensure they reflect the current environment.

Update the Risk Register

The risk register—a record of all identified risks and their assessments—should be regularly updated with new information. This includes:

Adding any newly identified risks.

Updating the status of ongoing risks (e.g., changes in likelihood, impact, or mitigation actions).

Archiving risks that are no longer relevant or that have been fully mitigated.

Incorporate Lessons Learned

After any significant risk event (whether successfully managed or not), conduct a post-incident review to understand what worked and what didn’t. Integrate these lessons into the plan to enhance future risk management efforts. This may involve:

Adjusting response strategies.

Improving risk identification processes.

Strengthening communication protocols.

Stay Informed on Industry Trends

Risks often change as industries evolve. Stay informed about external factors, such as regulatory changes, market shifts, or advancements in technology, which can introduce new risks or alter the profile of existing ones. Regularly incorporating industry insights ensures that your risk management plan remains relevant and proactive.

Ensure Ongoing Stakeholder Engagement

A key aspect of maintaining the plan is ensuring all stakeholders remain actively engaged. Regular communication with executives, risk owners, and relevant departments helps keep the plan top-of-mind and reinforces accountability for managing risks.

Use Technology and Tools

Risk management software and tools can help automate the process of maintaining and updating your plan. These tools can:

Track and assess risks in real time.

Notify risk owners of updates or changes.

Provide centralised documentation for easier management and collaboration.

Perform Risk Audits Periodic risk audits can be beneficial for identifying any gaps or inefficiencies in the risk management process. An internal or external audit can uncover risks that may have been overlooked and ensure compliance with industry standards and regulations.

Train and Re-Educate Employees Risk management practices evolve over time, and so should the skills of the people involved. Regularly train employees, especially risk owners and key stakeholders, on the latest risk management strategies and updates to the plan. This ensures that everyone understands their role in managing risks effectively.

Why Maintenance is Critical

Maintaining the risk management plan ensures that the organisation is always prepared to respond to new threats, improves the ability to mitigate risks in a timely manner, and fosters a culture of proactive risk awareness. Failing to maintain the plan can leave the organisation vulnerable to emerging risks and result in inadequate responses to major incidents.

An effective risk management plan is vital for the long-term success and resilience of any organisation. By identifying, assessing, and mitigating risks, businesses can reduce the likelihood of disruptions and stay competitive in an unpredictable environment. Whether you're a small business or a large enterprise, incorporating a risk management strategy into your operations will help protect your assets, employees, and reputation.

What is a risk management plan?

A risk management plan is a systematic approach that helps organisations identify, assess, and mitigate risks that could affect their operations, finances, or reputation.

Why is a risk management plan important for businesses?

A risk management plan helps businesses minimise the impact of risks, allocate resources effectively, comply with regulations, and build trust with stakeholders.

What are the key steps in developing a risk management plan?

The key steps include identifying risks, assessing and prioritising risks, creating mitigation strategies, assigning risk owners, and monitoring and reviewing risks regularly.

Who should be involved in creating a risk management plan?

Stakeholders across departments should be involved, including executives, department heads, risk owners, and legal and compliance teams, to ensure all potential risks are identified and managed.

How often should a risk management plan be updated?

A risk management plan should be reviewed and updated regularly—at least annually—or whenever significant changes occur within the business or external environment.

What is a risk assessment matrix?

A risk assessment matrix is a visual tool that helps categorise risks based on their likelihood and potential impact, making it easier to prioritise which risks need immediate attention.

How do you assign a risk owner?

Risk ownership is typically assigned to individuals or departments directly impacted by the risk. The risk owner should have sufficient authority and knowledge to manage the risk effectively.

How can businesses use technology to manage risks?

Risk management software can automate risk tracking, assessment, and reporting, ensuring that risks are monitored in real-time and that risk owners are notified of changes.

Risk Management and Monitoring

Developing a Risk and Control Self-Assessment Framework (RCSA): Best Practices and Case Study

Top Enterprise Risk Management Trends in 2024

Operational Risk Management: A Comprehensive Guide to Protect Your Organisation

What is business risk?

A balloon flying dangerously close to a cactus.

You know about death and taxes. What about risk? Yes, risk is just as much a part of life as the other two inevitabilities. This became all the more apparent during COVID-19, as each of us had to assess and reassess our personal risk calculations as each new wave of the pandemic— and pandemic-related disruptions —washed over us. It’s the same in business: executives and organizations have different comfort levels with risk and ways to prepare against it.

Where does business risk come from? To start with, external factors can wreak havoc on an organization’s best-laid plans. These can include things like inflation , supply chain disruptions, geopolitical upheavals , unpredictable force majeure events like a global pandemic or climate disaster, competitors, reputational issues, or even cyberattacks .

But sometimes, the call is coming from inside the house. Companies can be imperiled by their own executives’ decisions or by leaks of privileged information, but most damaging of all, perhaps, is the risk of missed opportunities. We’ve seen it often: when companies choose not to adopt disruptive innovation, they risk losing out to more nimble competitors.

The modern era is rife with increasingly frequent sociopolitical, economic, and climate-related shocks. In 2019 alone, for example, 40 weather disasters caused damages exceeding $1 billion each . To stay competitive, organizations should develop dynamic approaches to risk and resilience. That means predicting new threats, perceiving changes in existing threats, and developing comprehensive response plans. There’s no magic formula that can guarantee safe passage through a crisis. But in situations of threat, sometimes only a robust risk-management plan can protect an organization from interruptions to critical business processes. For more on how to assess and prepare for the inevitability of risk, read on.

Learn more about McKinsey’s Risk and Resilience Practice.

What is risk control?

Risk controls are measures taken to identify, manage, and eliminate threats. Companies can create these controls through a range of risk management strategies and exercises. Once a risk is identified and analyzed, risk controls can be designed to reduce the potential consequences. Eliminating a risk—always the preferable solution—is one method of risk control. Loss prevention and reduction are other risk controls that accept the risk but seek to minimize the potential loss (insurance is one method of loss prevention). A final method of risk control is duplication (also called redundancy). Backup servers or generators are a common example of duplication, ensuring that if a power outage occurs no data or productivity is lost.

But in order to develop appropriate risk controls, an organization should first understand the potential threats.

What are the three components to a robust risk management strategy?

A dynamic risk management plan can be broken down into three components : detecting potential new risks and weaknesses in existing risk controls, determining the organization’s appetite for risk taking, and deciding on the appropriate risk management approach. Here’s more information about each step and how to undertake them.

1. Detecting risks and controlling weaknesses

A static approach to risk is not an option, since an organization can be caught unprepared when an unlikely event, like a pandemic, strikes. So it pays to always be proactive. To keep pace with changing environments, companies should answer the following three questions for each of the risks that are relevant to their business.

How will a risk play out over time? Risks can be slow moving or fast moving. They can be cyclical or permanent. Companies should analyze how known risks are likely to play out and reevaluate them on a regular basis.
Are we prepared to respond to systemic risks? Increasingly, risks have longer-term reputational or regulatory consequences, with broad implications for an industry, the economy, or society at large. A risk management strategy should incorporate all risks, including systemic ones.
What new risks lurk in the future? Organizations should develop new methods of identifying future risks. Traditional approaches that rely on reviews and assessments of historical realities are no longer sufficient.

2. Assessing risk appetite

How can companies develop a systematic way of deciding which risks to accept and which to avoid? Companies should set appetites for risk that align with their own values, strategies, capabilities, and competitive environments—as well as those of society as a whole. To that end, here are three questions companies should consider.

How much risk should we take on? Companies should reevaluate their risk profiles frequently according to shifting customer behaviors, digital capabilities, competitive landscapes, and global trends.
Are there any risks we should avoid entirely? Some risks are clear: companies should not tolerate criminal activity or sexual harassment. Others are murkier. How companies respond to risks like economic turmoil and climate change depend on their particular business, industry, and levels of risk tolerance.
Does our risk appetite adequately reflect the effectiveness of our controls? Companies are typically more comfortable taking risks for which they have strong controls in place. But the increased threat of severe risks challenges traditional assumptions about risk control effectiveness. For instance, many businesses have relied on automation to increase speed and reduce manual error. But increased data breaches and privacy concerns can increase the risk of large-scale failures. Organizations, therefore, should evolve their risk profiles accordingly.

3. Deciding on a risk management approach

Finally, organizations should decide how they will respond when a new risk is identified. This decision-making process should be flexible and fast, actively engaging leaders from across the organization and honestly assessing what has and hasn’t worked in past scenarios. Here are three questions organizations should be able to answer.

How should we mitigate the risks we are taking? Ultimately, people need to make these decisions and assess how their controls are working. But automated control systems should buttress human efforts. Controls guided, for example, by advanced analytics can help guard against quantifiable risks and minimize false positives.
How would we respond if a risk event or control breakdown happens? If (or more likely, when) a threat occurs, companies should be able to switch to crisis management mode quickly, guided by an established playbook. Companies with well-rehearsed crisis management capabilities weather shocks better, as we saw with the COVID-19 pandemic.
How can we build true resilience? Resilient companies not only better withstand threats—they emerge stronger. The most resilient firms can turn fallout from crises into a competitive advantage. True resilience stems from a diversity of skills and experience, innovation, creative problem solving, and the basic psychological safety that enables peak performance.

Change is constant. Just because a risk control plan made sense last year doesn’t mean it will next year. In addition to the above points, a good risk management strategy involves not only developing plans based on potential risk scenarios but also evaluating those plans on a regular basis.

Learn more about McKinsey’s Risk and Resilience Practice.

What are five actions organizations can take to build dynamic risk management?

In the past, some organizations have viewed risk management as a dull, dreary topic, uninteresting for the executive looking to create competitive advantage. But when the risk is particularly severe or sudden, a good risk strategy is about more than competitiveness—it can mean survival. Here are five actions leaders can take to establish risk management capabilities .

Reset the aspiration for risk management. This requires clear objectives and clarity on risk levels and appetite. Risk managers should establish dialogues with business leaders to understand how people across the business think about risk, and share possible strategies to nurture informed risk-versus-return decision making—as well as the capabilities available for implementation.
Establish agile risk management practices. As the risk environment becomes more unpredictable, the need for agile risk management grows. In practice, that means putting in place cross-functional teams empowered to make quick decisions about innovating and managing risk.
Harness the power of data and analytics. The tools of the digital revolution can help companies improve risk management. Data streams from traditional and nontraditional sources can broaden and deepen companies’ understandings of risk, and algorithms can boost error detection and drive more accurate predictions.
Develop risk talent for the future. Risk managers who are equipped to meet the challenges of the future will need new capabilities and expanded domain knowledge in model risk management , data, analytics, and technology. This will help support a true understanding of the changing risk landscape , which risk leaders can use to effectively counsel their organizations.
Fortify risk culture. Risk culture includes the mindsets and behavioral norms that determine an organization’s relationship with risk. A good risk culture allows an organization to respond quickly when threats emerge.

How do scenarios help business leaders understand uncertainty?

Done properly, scenario planning prompts business leaders to convert abstract hypotheses about uncertainties into narratives about realistic visions of the future. Good scenario planning can help decision makers experience new realities in ways that are intellectual and sensory, as well as rational and emotional. Scenarios have four main features that can help organizations navigate uncertain times.

Scenarios expand your thinking. By developing a range of possible outcomes, each backed with a sequence of events that could lead to them, it’s possible to broaden our thinking. This helps us become ready for the range of possibilities the future might hold—and accept the possibility that change might come more quickly than we expect.
Scenarios uncover inevitable or likely futures. A broad scenario-building effort can also point to powerful drivers of change, which can help to predict potential outcomes. In other words, by illuminating critical events from the past, scenario building can point to outcomes that are very likely to happen in the future.
Scenarios protect against groupthink. In some large corporations, employees can feel unsafe offering contrarian points of view for fear that they’ll be penalized by management. Scenarios can help companies break out of this trap by providing a “safe haven” for opinions that differ from those of senior leadership and that may run counter to established strategy.
Scenarios allow people to challenge conventional wisdom. In large corporations in particular, there’s frequently a strong bias toward the status quo. Scenarios are a nonthreatening way to lay out alternative futures in which assumptions underpinning today’s strategy can be challenged.

Learn more about McKinsey’s Strategy & Corporate Finance Practice.

What’s the latest thinking on risk for financial institutions?

In late 2021, McKinsey conducted survey-based research with more than 30 chief risk officers (CROs), asking about the current banking environment, risk management practices, and priorities for the future.

According to CROs, banks in the current environment are especially exposed to accelerating market dynamics, climate change, and cybercrime . Sixty-seven percent of CROs surveyed cited the pandemic as having significant impact on employees and in the area of nonfinancial risk. Most believed that these effects would diminish in three years’ time.

Circular, white maze filled with white semicircles.

Looking for direct answers to other complex questions?

Climate change, on the other hand, is expected to become a larger issue over time. Nearly all respondents cited climate regulation as one of the five most important forces in the financial industry in the coming three years. And 75 percent were concerned about climate-related transition risk: financial and other risks arising from the transformation away from carbon-based energy systems.

And finally, cybercrime was assessed as one of the top risks by most executives, both now and in the future.

Learn more about the risk priorities of banking CROs here .

What is cyber risk?

Cyber risk is a form of business risk. More specifically, it’s the potential for business losses of all kinds in the digital domain—financial, reputational, operational, productivity related, and regulatory related. While cyber risk originates from threats in the digital realm, it can also cause losses in the physical world, such as damage to operational equipment.

Cyber risk is not the same as a cyberthreat. Cyberthreats are the particular dangers that create the potential for cyber risk. These include privilege escalation (the exploitation of a flaw in a system for the purpose of gaining unauthorized access to resources), vulnerability exploitation (an attack that uses detected vulnerabilities to exploit the host system), or phishing. The risk impact of cyberthreats includes loss of confidentiality, integrity, and availability of digital assets, as well as fraud, financial crime, data loss, or loss of system availability.

In the past, organizations have relied on maturity-based cybersecurity approaches to manage cyber risk. These approaches focus on achieving a particular level of cybersecurity maturity by building capabilities, like establishing a security operations center or implementing multifactor authentication across the organization. A maturity-based approach can still be helpful in some situations, such as for brand-new organizations. But for most institutions, a maturity-based approach can turn into an unmanageably large project, demanding that all aspects of an organization be monitored and analyzed. The reality is that, since some applications are more vulnerable than others, organizations would do better to measure and manage only their most critical vulnerabilities.

What is a risk-based cybersecurity approach?

A risk-based approach is a distinct evolution from a maturity-based approach. For one thing, a risk-based approach identifies risk reduction as the primary goal. This means an organization prioritizes investment based on a cybersecurity program’s effectiveness in reducing risk. Also, a risk-based approach breaks down risk-reduction targets into precise implementation programs with clear alignment all the way up and down an organization. Rather than building controls everywhere, a company can focus on building controls for the worst vulnerabilities.

Here are eight actions that comprise a best practice for developing a risk-based cybersecurity approach:

fully embed cybersecurity in the enterprise-risk-management framework
define the sources of enterprise value across teams, processes, and technologies
understand the organization’s enterprise-wide vulnerabilities—among people, processes, and technology—internally and for third parties
understand the relevant “threat actors,” their capabilities, and their intent
link the controls in “run” activities and “change” programs to the vulnerabilities that they address and determine what new efforts are needed
map the enterprise risks from the enterprise-risk-management framework, accounting for the threat actors and their capabilities, the enterprise vulnerabilities they seek to exploit, and the security controls of the organization’s cybersecurity run activities and change program
plot risks against the enterprise-risk appetite; report on how cyber efforts have reduced enterprise risk
monitor risks and cyber efforts against risk appetite, key cyber risk indicators, and key performance indicators

How can leaders make the right investments in risk management?

Ignoring high-consequence, low-likelihood risks can be catastrophic to an organization—but preparing for everything is too costly. In the case of the COVID-19 crisis, the danger of a global pandemic on this scale was foreseeable, if unexpected. Nevertheless, the vast majority of companies were unprepared: among billion-dollar companies in the United States, more than 50 filed for bankruptcy in 2020.

McKinsey has described the decisions to act on these high-consequence, low-likelihood risks as “ big bets .” The number of these risks is far too large for decision makers to make big bets on all of them. To narrow the list down, the first thing a company can do is to determine which risks could hurt the business versus the risks that could destroy the company. Decision makers should prioritize the potential threats that would cause an existential crisis for their organization.

To identify these risks, McKinsey recommends using a two-by-two risk grid, situating the potential impact of an event on the whole company against the level of certainty about the impact. This way, risks can be measured against each other, rather than on an absolute scale.

Organizations sometimes survive existential crises. But it can’t be ignored that crises—and missed opportunities—can cause organizations to fail. By measuring the impact of high-impact, low-likelihood risks on core business, leaders can identify and mitigate risks that could imperil the company. What’s more, investing in protecting their value propositions can improve an organization’s overall resilience.

Articles referenced:

“ Seizing the momentum to build resilience for a future of sustainable inclusive growth ,” February 23, 2023, Børge Brende and Bob Sternfels
“ Data and analytics innovations to address emerging challenges in credit portfolio management ,” December 23, 2022, Abhishek Anand , Arvind Govindarajan , Luis Nario and Kirtiman Pathak
“ Risk and resilience priorities, as told by chief risk officers ,” December 8, 2022, Marc Chiapolino , Filippo Mazzetto, Thomas Poppensieker , Cécile Prinsen, and Dan Williams
“ What matters most? Six priorities for CEOs in turbulent times ,” November 17, 2022, Homayoun Hatami and Liz Hilton Segel
“ Model risk management 2.0 evolves to address continued uncertainty of risk-related events ,” March 9, 2022, Pankaj Kumar, Marie-Paule Laurent, Christophe Rougeaux, and Maribel Tejada
“ The disaster you could have stopped: Preparing for extraordinary risks ,” December 15, 2020, Fritz Nauck , Ophelia Usher, and Leigh Weiss
“ Meeting the future: Dynamic risk management for uncertain times ,” November 17, 2020, Ritesh Jain, Fritz Nauck , Thomas Poppensieker , and Olivia White
“ Risk, resilience, and rebalancing in global value chains ,” August 6, 2020, Susan Lund, James Manyika , Jonathan Woetzel , Edward Barriball , Mekala Krishnan , Knut Alicke , Michael Birshan , Katy George , Sven Smit , Daniel Swan , and Kyle Hutzler
“ The risk-based approach to cybersecurity ,” October 8, 2019, Jim Boehm , Nick Curcio, Peter Merrath, Lucy Shenton, and Tobias Stähle
“ Value and resilience through better risk management ,” October 1, 2018, Daniela Gius, Jean-Christophe Mieszala , Ernestos Panayiotou, and Thomas Poppensieker