IIA Norway recently hosted a two-day advanced training on Operational Risk, featuring Elena Pykhova. In her opening remarks, she offered a thought-provoking critique: operational risk management has become overly focused on process mechanics, while neglecting the substance of risk itself.
Today, risk functions often prioritize the administration of frameworks over the actual management of operational risks. This results in reports filled with data, colorful heatmaps, and trend analyses—but lacking in narrative, insight, and strategic direction. Where is the storytelling? Where are the calls to action that inspire decision-makers to act?
To truly add value to executive management and boards, risk professionals must be bold. They must take a stand, offer informed opinions, and challenge assumptions.
‘Think sharper, act smarter: in a complex and evolving risk landscape, Risk Professionals must rebalance their priorities to serve as strategic advisors and connectors: collaborating, reaching across silos and streamlining processes. ‘
Elena Pykhova, author, Operational Risk Management in Financial Services
Another key challenge is the siloed nature of risk-related functions. Compliance, Sustainability, Internal Audit, and Operational Risk often operate independently, leading to inconsistencies in risk scaling, heatmap interpretation, and reporting processes. Harmonization across these functions is essential. Alignment fosters clarity, consistency, and a shared understanding of risk across the organization.
Strategic Indicators and Forward-Looking Metrics
What is your brand strategy for risk? Do you have the right indicators in place? Are they forward-looking, or are they merely reactive? Effective risk management requires metrics that anticipate future challenges—not just those that reflect past incidents.
Sectoral Differences in Practice
A roundtable discussion during the training highlighted how operational risk practices vary across industries. In the highly regulated financial sector, companies are required to implement specific governance frameworks and comply with detailed regulatory requirements—such as those related to AML and cybersecurity.
In contrast, sectors like international humanitarian aid and construction enjoy more flexibility. These organizations can tailor their operational risk approaches to fit their unique contexts.
From Historical Reflection to Future Orientation
Operational risk management must evolve from being incident-based and historically focused to being proactive and future-oriented. This shift requires courage, creativity, and a willingness to rethink how risk is communicated and acted upon.
