Have you got what it takes to become a value creator?

Risk management is evolving rapidly, from a compliance-oriented function into a cornerstone of strategic leadership. But what does this shift look like in practice?

At our latest StrategicRISK webinar in association with Riskonnect, a panel of leading risk professionals dissected the changing dynamics between risk, strategy and technology.

Together, they offered a candid and practical view of how risk leaders can elevate their role – and how technology, especially AI, is accelerating that shift.

A key theme throughout the discussion was that risk is not just a brake on ambition but a foundational element of strategy. And for Bob Bowman, chief risk, ethics and compliance officer at Wendy’s, that makes the risk function indispensable. “There is opportunity for insight, there’s opportunity for input, and there’s opportunity for impact, which is probably the most important,” he said.

“I hope that we continue to see that shift away from just being a compliance officer to being more of a strategic advisor”

He emphasised the importance of distinguishing between strategic and tactical risk management. Strategy, he said, involves a plan that considers purpose, priorities, resources and capabilities over a longer horizon, while tactics are the incremental actions that bring it to life.

“Strategic risk management is on and over the horizon. It is where we have the opportunity to shift from tactical and traditional, which generally tends to rely on our history, more toward participating in our future,” he added.

Quin J. Rodriguez, vice president of strategy and innovation at Riskonnect, echoed this sentiment, observing that the role of the risk manager is shifting. “I hope that we continue to see that shift away from just being a compliance officer to being more of a strategic advisor,” he said. “That allows boards and executive teams to make more forward-thinking, informed decisions.”

The deterministic illusion

Alex Sidorenko, CEO of Risk Academy and head of risk and insurance at Serra Verde, took a provocative stance, arguing that current planning models are fundamentally flawed.

“Accounting disciplines, finance disciplines, all the cornerstones of how organisations operate today are built on the premise that the world is deterministic,” he said. “If you look at your financial statements, single values. If you look at your business plans, single values. If you look at your forecasts, single scenario. This is so fundamentally flawed.”

“Every business plan is a distribution.”

In his view, risk managers shouldn’t be seen as advisors, but as essential contributors to decision-making. “It is criminal to continue to plan, budget, forecast the way companies do today,” he argued. “Businesses plan based on averages rather than ranges of possible scenarios.”

He advocated for a shift to distribution-based thinking: “Every business plan is a distribution. Every decision is a comparison of distributions. Every budget is a distribution from which you can derive your contingency.” Sidorenko also pointed out that this failure to embed uncertainty isn’t just inefficient, it is a governance failure. “You cannot operate in true honesty or fulfil your obligations to shareholders if you ignore volatility,” he said.

Tech: from hindsight to foresight

The panellists agreed that technology plays a central role in helping risk professionals to make this shift, particularly through scenario modelling, predictive analytics and decision support.

“Technology enables us to complete the continuum from data to information to actionable insights,” Bowman noted. “That insight is probably never with 100% certainty. It is more like a reasonable range of foreseeable outcomes.”

Bowman described how Wendy’s uses predictive analytics not just for claims management but to inform decisions around risk transfer. “If I can quantify risk, I can make an informed decision about it. Now I’m participating in that strategic discussion,” he said.

Rodriguez added that leveraging this technology allows risk functions to become not just analysts but enablers of strategic clarity. “If we take this risk assessment and say: ‘Here’s the impact it will have financially on us,’ we can then take that to the leadership team and influence key decisions.”

“Define what risk management is to you… Are you talking about an enterprise risk management system, an operational risk management system, or a traditional risk information system?” 

Sidorenko offered practical examples from his own organisation. “We did the calculation of what our underlying risk profile was, and we found that railcar insurance actually was not economically justified. So, we retained full risk and we stopped the insurance,” he explained.

In another case, he detailed how adjusting deductibles in marine cargo coverage led to significant cost savings worth millions in premiums by modelling how often that decision would produce a better outcome than the status quo.

For Rodriguez, the core issue is that most organisations still rely on spreadsheets, which are inadequate for complex, enterprise-wide risk assessment. “That data just can’t be done in spreadsheets anymore. It doesn’t have the capacity,” he said. “The risk quantification piece excites me a lot about the future of risk management.”

He emphasised that choosing the right technology depends on the type of risk being managed and the maturity level of the organisation. “Define what risk management is to you… Are you talking about an enterprise risk management system, an operational risk management system, or a traditional risk information system?” He highlighted the need for platforms that can integrate and correlate diverse data sources – from governance to ESG, compliance, operational risk and beyond.

AI: risk management’s enabler?

On the subject of AI, the panel was enthusiastic but also cautious. “AI should be viewed as a once-in-a-lifetime opportunity,” said Sidorenko. “It now allows risk managers to do all sorts of things that I had math PhDs do in the past.” He described how modern language models can understand business challenges and produce code to run sophisticated risk simulations.

However, he warned against relying on general-purpose tools. “Don’t use public LLMs for risk management because all the answers they’re going to give you are from the risk management book, which kind of means that they’re wrong,” he said.

“Predictable results make what’s desirable possible.”

Rodriguez noted that while risk professionals are excited about AI, other stakeholders are more cautious. “The hardest part is: how do we embrace it quickly?” he said.

Bowman added: “Predictable results make what’s desirable possible. The challenge now is to wrestle with the technology in order to make it more credible, more reliable, more predictable.”

The panel also raised the critical role of governance in safe AI deployment. Risk managers must design approval processes, set controls around data models, and validate outputs continually to ensure responsible AI use.

From mitigator to value creator

As risk professionals seek to add greater value to their organisations, the conversation is shifting beyond loss prevention and control, toward helping shape future success.

“Opportunity is just the flip side of uncertainty,” Bowman said. He argued that risk managers should be comfortable supporting innovation decisions, including those with positive variance. “We talk about risk appetite for innovation. If I know the range reasonably is between x and y, then I can deal with either outcome.”

Rodriguez added: “It’s about becoming a value creator and ambassador. Some of the things that I’ve seen with technology over the past few decades is the ability to process that information to create value for leadership.”

“If you’re not evolving your capabilities, your influence will be marginal.”

Sidorenko added that distribution-based models naturally account for both upside and downside. “For me, this risk and opportunity thing doesn’t exist, it’s all just distributions. In one model I’m working on now, the probabilistic value of a company is actually higher than the deterministic value, because we’re finally accounting for the upside potential in price.”

Rodriguez identified several “must-haves” for top-performing risk tools: integration across departments and systems, data modelling capabilities for both known and emerging risks, configurability to match organisation-specific needs, and dashboards that translate data into insights that leadership can act on. “If you can tie operational risk to strategic goals and quantify it, you get attention at the board level,” he said.

Bowman added that embracing this toolkit isn’t optional, saying: “If you’re not evolving your capabilities, your influence will be marginal.”

Embracing the new model

The final message from the panel was clear: the future of risk management belongs to those who can communicate value, adapt quickly and integrate across the business. This requires a mindset shift – from gatekeeping and governance to enabling and influencing.

The risk professional of tomorrow is a collaborator, a data translator, and a trusted advisor in strategic planning rooms.

As Bowman put it: “Risk management is and remains a team sport.” Therefore, if risk leaders want influence, they must earn it by bringing actionable insights to the table.

“Don’t just read the risk management book. Look at decision science. Use better models.”

Rodriguez urged professionals to “be a value creator… bring insights, break down silos and communicate with impact.” That means more than tracking controls or red flags. It means providing leadership with clarity in the face of uncertainty.

Sidorenko concluded that today’s tools offer exponential opportunities to lead, but only if risk managers evolve with them. “Use AI to upskill yourself and your team. Use that to generate outputs that you couldn’t in the past,” he said. And above all, he warned: “Don’t just read the risk management book. Look at decision science. Use better models.”

Those who embrace the new model won’t just manage risk – they’ll help define the future of their organisations.