Traditional approaches to risk fail to resonate with senior managers, they are too “subjective” and ”anecdotal”. And if they dismiss risk management, it is because they lack understanding. So, the answer? We need to embark on #ChangingRisk with the use of data, says Danny Wong, CEO of Goat Risk Solutions

What can risk managers do to ensure that enterprise risk management is effective?

I believe we can help organisations achieve greater outcomes through better risk management leveraging data.

Senior executives and boards care a lot about risk, and if they are dismissive, it’s due to a lack of understanding.

Most traditional approaches fail to resonate with senior managers because they are too subjective, anecdotal, and high level. Risk registers and reports don’t provide sufficient content to enable meaningful decision making.

This in my opinion is the root cause of our profession’s challenge around maturity, culture, and the value derived from our efforts.

What’s the difference between ‘risk management’ and ‘ERM’?

The profession doesn’t help itself by creating terms that are ambiguous and providing varying expert opinions about their meanings.

Whilst I can appreciate the importance of language, I prefer to keep things simple when communicating to boards and senior executives because they have enough to worry about.

They know risk is important because it can affect performance, reputation, finances, operations, supply chains, people, the broader community and the environment…. everything that affects or is related to the organisation is in scope.

We should speak to them in simple language, focus on how risk management affects their organisation and seek to give them new perspectives and add value rather then using stakeholder meetings as information extraction exercise.


The essential ERM toolkit for risk managers - training programme

Through direct engagement with hundreds of risk professionals and senior executives, we know that many businesses struggle to have meaningful and value-adding risk discussions particularly when engaging with senior executives and at Board level. The risk profession is still falling short in terms of culture, value and impact on decision-making.

This course has been designed to take you through a journey to discover why traditional risk frameworks and methods fall short and how to implement a practical and data-led approach to risk that engages with the c-suite and drives decision-making.

The course builds on risk management fundamentals and will guide you through how to implement a practical and data-led approach to risk that engages with the c-suite and drives decision-making.

The course includes four modules, including:

  • · Rethinking risk management frameworks: how to create a risk management framework that resonates with senior executives
  • · Build and lead effective risk workshops that target senior executives
  • · How to use data to build an impactful narrative in risk discussion
  • · How to use risk appetite to drive business value


WHEN: Wednesday 25 September, 9:00-17:00

WHERE: 52 Horseferry Rd, Westminster, London SW1P 2AF

To view the full training programme agenda, click here.

To register for the course, click here.


What other challenges do risk managers face when building an ERM framework that works?

We know the world is full of risk. The markets are volatile, regulation is getting tougher, technology and society is changing at pace.

We’re also faced with new competition and business models. Companies like Amazon, Uber and Netflix are thriving while traditional businesses are struggling to remain relevant and cutting costs.

In this high risk and high change environment, it’s frustrating to be faced with the seemingly unmovable wall that is defined by the tick box mindset.

There are so many best practice frameworks, models, systems and solutions available – but how do I choose what’s right for me and my organisation? So much has been tried, what can I do that is different and works?

We should avoid “throwing out the baby with the bathwater”, there is much that the profession has done well, we just need to build on it. Keep things simple, focus on your key stakeholders and deliver content that helps them make decisions. In my opinion using data wrapped in a risk narrative is the best way through that tick box wall.

What tips can you give risk managers on effecting change with ERM?

I’ve had quite an interesting career where I’ve personally influenced significant risk reductions/improvements in several of the organisations that I’ve worked for. These are hand-on-heart moments where you can honestly say that you affected meaningful change.

For example, I worked with a major corporate that was fully dependent on a central mainframe system it had been using for more than 50 years. The technology had reached the end of its lifecycle and needed to be replaced, and the business wanted to add a lot more capability.

This was a mega-project there were many twists and turns. One third of the original budget was written off and the final budget was triple the original plan.

I lobbied the risk committee to get involved and ended up influencing its final delivery strategy. Specifically, the original plan was to divide the project into three phases to mitigate risk – I questioned why three rather, than 10 or 100?

I suggested using an IOS approach where we would create the base product with minimal capabilities (the phone) and then introduce new capabilities like you would an ‘app’. This meant creating a completely flexible platform.

You’re hosting a training session on effective ERM. Why should risk managers attend?

Many risk managers want to achieve more through risk management, affect change, help the business, and demonstrate value.

I’ve developed a programme that takes the current risk frameworks and approaches, gives it some subtle tweaks by emphasising some aspects and de-emphasising others and bringing in data so we can better engage our key stakeholders and help them inform decisions.

This programme will show you HOW? and give you the slides and templates that you can customise and use in your own organisations.