There seem to be a lot of angry talk about various risk management certifications on the web lately. Most such comments are coming from people who are very ill-informed about how certification, any certification, works in general. As a creater of 2 national risk management certification programs that have been hugely successful in Russia, here are my 5 cents.
First, here are some sobering facts:
- almost every country in the world has it’s own national non-financial risk management certification, there are also few pan-eurpean and global ones
- all are optional, none are compulsary by law (despite many unethical attempts to limit competition)
- most certifications are done by national risk management associations, although some countries have healthy competition offering more than one certification program to local market
- regulators, employers are mainly ignorant to non-financial risk management certifications hence one certification program does not have noticable advantage over the other
- all certifications are build upon some globally regognised foundation, ISO31000 seems to be a favourite one, my favourite one as well
- certification is just an exam with options including self-study, online prep training or face to face prep training (how long the training is irrelevant, since certifications test prior and existing knowledge, training is more like a refresher)
- most existing certification programs are useless, because they still focus on conducting risk assessments and treating risk management as a stand-alone independent process, however there are some good ones
- there is limited or no quality control or oversight in place.
Below is an example of the certification program developed by RISK-ACADEMY — a Russian leader in risk management training, Global Institute for Risk Management Standards and the best risk managers from Russia and the CIS. The program is aligned with the international risk management standards ISO31000:2009 principles and shows numerous examples of how COSO:ERM 2004 is flawed in almost all regards.
It consists of 4 modules:
MODULE I. RISK MANAGEMENT FOUNDATIONS
- Definition of risk
- History of risk management
- International and national standards in risk management
- Introduction to finances, project management and process management
- Introduction to statistics
- Insurance basics
MODULE II. RISK MANAGEMENT IN DECISION MAKING
- Tools and techniques to identify risks associated with decision making or the achievement of goals/KPIs
- Tools and techniques to analyse and quantify effect of uncertainty on decisions or on achievement of KPIs (decision trees, sensitivity analysis, scoring models, Monte-Carlo simulations, scenario analysis, bow-ties)
- Risk mitigation within the confines of decision making and achievement of KPIs
- Monitoring, reporting and communicating decisions made or the achievement of KPIs with risks in mind
MODULE III. PSYCHOLOGY AND CULTURE OF RISK MANAGEMENT
- Cognitive biases inherent to decision making and risk management
- Integrating risk management principles into the overall corporate culture
- Principles of professional ethics
MODULE IV. INTEGRATING RISK MANAGEMENT IN A BUSINESS
- Aligning risk management efforts with the overall risk appetite
- A roadmap for integration of risk management:
- Developing new and updating existing policies and procedures
- Integration into decision making, planning, budgeting, purchasing, auditing
- Risk management roles and responsibilities, risk management KPIs
- Integrating risk information into management reporting
- Resources required for the implementation of risk management
- Monitoring and evaluation of the effectiveness of risk management (maturity models, including our own advanced risk management maturity model)
- Risk management continuous improvement
- Risk management software
Bio:
Alex Sidorenko is an expert with over 13 years of strategic, innovation, risk and performance management experience across Australia, Russia, Poland and Kazakhstan. In 2014 Alex was named the Risk Manager of the Year by the Russian Risk Management Association.
As a Board member of Institute for strategic risk analysis in decision making Alex is responsible for risk management training and certification (including creating exams) across Russia and CIS, running numerous risk management classroom and e-learning training programs. Alex represents Russian risk management community at the ISO Technical Committee 262 responsible for the update of ISO31000:20XX and Guide 73 since 2015.
Alex is the co-author of the global PwC risk management methodology, the author of the risk management guidelines for SME (Russian standardization organization), risk management textbook (Russian Ministry of Finance), risk management guide (Australian Stock Exchange) and the award-winning training course on risk management (best risk education program 2013, 2014 and 2015).
In 2012 Alex created Risk-academy www.risk-academy.ru a web portal dedicated to free risk management training for SME across Russia and CIS.
Alex worked as a Head of Risk Management at RUSNANO, one of the largest private equity funds in Russia, specializing in technology investment. Alex won an award for best ERM implementation at RUSNANO in 2014.
Prior to that Alex worked in senior risk roles at Skolkovo Foundation, Strategy Partners, PwC and Deloitte.
Alex recently published his second risk management book called “Effective Risk Management 2.0”. Alex also regularly presents at risk management conferences in Russia and Europe. In November 2012 Alex short a series of TV programs dedicated to risk management in start-ups. Alex teaches risk management at major Russian business schools including OpUS, Technopark Skolkovo, MIRBIS, MFUA, SKOLKOVO and USIB as well as corporate universities, like Gazprom.
He has successfully completed his double Bachelor degree in Risk Management and Econometrics at Monash University, Australia, achieving the top risk management and statistics student award two years in a row.
More information can be found here:
http://ru.linkedin.com/in/alexsidorenko