From Practitioner to Pioneer: Alex Sidorenko’s Journey to Becoming Europe’s Leading Risk Management Voice

An exclusive interview with Alex Sidorenko, FERMA Risk Manager of the Year 2021, RIMS International Honoree 2021, and founder of RISK-ACADEMY.

The Accidental Beginning

Alex, you’ve been recognized as Europe’s top risk management influencer. Looking back, how did your journey in risk management begin?

My journey began academically – I was part of the first-ever undergraduate degree in risk management in Australia. From there, I joined Deloitte where I helped write a risk management guide for small and medium-sized businesses for the ASX. I still remember the partner saying my work was “too academic and theoretical.” Twenty years later, I finally understood what he meant – I was creating more window dressing disguised as risk management.

During those early consulting years, I became increasingly uneasy about what was being sold as risk management. I had my first real fight with a partner in 2008 about how fundamentally absurd risk matrices were. Even then, I could see these tools were creating an illusion of risk mitigation while providing no real decision-making value.

When I moved to PwC in Europe, I joined the working group updating their global risk management methodology and sales playbook. I questioned the methodology so relentlessly that one partner – the project sponsor – finally asked, “Shall we not do this?” I didn’t have the courage then to tell him to pull the plug, but I should have.

The real awakening came when I moved into in-house risk roles. I witnessed firsthand how all the Big Four “best practices” failed completely when applied to real-life planning, budgeting, and decision-making. The disconnect was stark – we had beautiful frameworks and matrices, but they contributed nothing to actual business performance. That’s when I made a promise to myself: I would never do risk management window dressing again. What I now call Risk Management 1, or RM1 for simplicity.

Breaking Away from the Pack

What were some key milestones or turning points that pushed you from a practitioner into a thought leader and global influencer?

By 2012, as Head of Risk for a sovereign fund, I had been steadily moving toward quantitative risk analysis and risk-based decision making. I was proving repeatedly that qualitative risk management was deceiving management and leading to wrong conclusions. Fortunately, management was smart enough to recognize this and chose to largely ignore ERM outputs.

I find it amusing when risk professionals complain that management ignores their work. I was actually glad management ignored ERM – if they had taken that nonsense seriously, the companies would have lost enormous amounts of money.

I needed a platform to challenge these practices openly. So I started RISK-ACADEMY as a hobby project and began openly questioning the orthodoxy of ERM through videos, blogs, and conferences. I published case studies from my actual work showing how traditional tools systematically produce inconsistent and misleading results, often leading to worse resource allocation decisions. More importantly, I demonstrated better alternatives.

I kept A/B testing different approaches, narrowing down to methodologies and ideas that consistently outperformed ERM-type practices. Over the years, the performance difference became stark – like reducing insurance costs by 60% while tripling coverage limits, improving policy quality, and lowering deductibles, then redirecting those savings toward better fire and electrical safety systems. Or successfully lobbying for legislative changes because risk analysis showed this was a mitigation much more effective then the dozen “risk mitigations” sitting in management’s risk register.

The Contrarian Advantage

Many people see risk management as highly technical. What personal qualities or mindsets helped you stand out in this field?

Risk management is highly technical, but it’s not new or unique. The tools we use come from established disciplines – decision science, probability theory, and behavioral economics. Each has decades of research, textbooks, and professional communities.

I went directly to these source disciplines rather than limiting myself to traditional risk management literature. I studied Daniel Kahneman and Amos Tversky, Paul Slovic, Dan Ariely for behavioral economics, and Ralph Keeney and Howard Raiffa for decision making under uncertainty, among others.

This foundation revealed why traditional practices fail – they violate basic principles from these disciplines. Risk matrices contradict measurement theory, qualitative assessments ignore cognitive biases.

Standing on Giants’ Shoulders

Who were your biggest inspirations or mentors along the way, and how did they shape your approach?

Nassim Taleb’s “Fooled by Randomness” was transformative – it showed me how we systematically underestimate the role of chance and overestimate our ability to predict outcomes. His work revealed why traditional risk management often creates dangerous illusions of control.

Douglas Hubbard’s “The Failure of Risk Management” provided the mathematical foundation for understanding why conventional approaches don’t work. He demonstrated that most risk management practices actually make organizations less informed about their real risks, not more.

Sam Savage’s “The Flaw of Averages” revolutionized how I think about uncertainty. His insight that “plans based on average assumptions are wrong on average” explained why so many business decisions fail despite sophisticated yet deterministic analysis.

Carl Spetzler’s work on decision quality gave me the framework for connecting risk analysis directly to business decisions, planning and budgeting. His emphasis on clarity of purpose and creative alternatives shaped how we approach decision-centric risk management.

Gerd Gigerenzer’s “Risk Savvy” showed me how misunderstanding statistical risks costs lives and money every day. His research on how people actually process risk information informed our communication strategies with executives and boards.

The Philosophy Revolution

What makes your philosophy on risk management different from the traditional, compliance-driven model?

Traditional risk management creates artificial separation between risk analysis and decision-making. It treats risk management as a separate function that produces reports for boards and regulators. I call this RM1 – Risk Management for external stakeholders.

My philosophy, RM2, integrates risk analysis directly into existing business processes. Instead of asking “What are our risks?” I want you to ask “What uncertainties might affect this specific decision, and how should that influence our choice?”

The fundamental difference is timing: RM2 analyzes risk BEFORE making decisions, not after. Whether you use simple scenario analysis for routine decisions or sophisticated Monte Carlo models for complex investments, the principle remains the same – consider uncertainty when it matters most.

Disrupting a Comfortable Industry

You’ve often challenged established standards in risk. Why do you think the industry needed disruption?

The risk management industry had become comfortable with approaches that looked logical but didn’t improve the bottom line. Adding velocity to a qualitative risk score calculation looks smart but actually embeds dangerous mathematical errors and cognitive biases. Most risk matrices violate basic principles of measurement theory. They can’t consistently rank risks, they’re sensitive to arbitrary label choices, and they often lead to worse resource allocation than random selection. Yet they remain the dominant tool in corporate risk management.

The industry needed disruption because it was failing its fundamental purpose – helping organizations make better decisions under uncertainty.

Balancing the Theoretical and Practical

How do you balance theory, regulation, and the practical realities of managing risk in organizations?

The key insight I can take away from my work is recognizing that different stakeholders want completely different things. Regulators and auditors need compliance documentation (RM1), while decision makers need uncertainty analysis that helps make decisions and trade-offs (RM2). The practical approach is to handle RM1 requirements efficiently and use AI wherever possible – typically taking 1-2 weeks annually – then focus resources on RM2 activities that create actual business value. You can satisfy regulatory requirements with simple risk register while simultaneously implementing sophisticated decision analysis for strategic choices.

The mistake is trying to make one approach serve both purposes. Compliance-focused risk management rarely improves decisions, and decision-focused risk analysis rarely satisfies regulatory expectations.

The Persistent Problems

What are the most common mistakes companies still make when it comes to risk?

The biggest mistake is treating risk management as a separate function rather than an integral part of decision-making. Companies spend enormous effort identifying and documenting risks but never connect that analysis to specific business choices. Who cares if we have 2 red risks or 6 yellow risks, tell me how much contingency should be added to next years budget and at what confidence level.

Second is the over-reliance on subjective qualitative assessments. When executives rate risks as “high,” “medium,” or “low,” they’re introducing systematic biases and inconsistencies that often make resource allocation worse, not better.

Third is confusing risk taking with risk reporting. Many organizations and all GRC software vendors excel at producing colorful dashboards and executive summaries but struggle to point to specific decisions that were improved by their risk analysis.

Building Digital Authority

You have a strong presence online and built a large community. How did you leverage digital platforms to establish thought leadership?

The strategy was simple: provide value first, build authority second. I like my work, so I actually enjoy sharing case studies on how I integrate risk analysis into investment decision making, into procurement and insurance buying.

The RISK-ACADEMY blog and YouTube channel became my platforms for challenging conventional wisdom with evidence-based arguments. Social media allowed direct engagement with practitioners worldwide. LinkedIn became particularly powerful for sharing insights and debating ideas with risk professionals who were experiencing the same frustrations with traditional approaches. It helped me realise that a lot of risk professionals across the world shared the same frustrations that I had.

Making Risk Relevant to Leadership

What role does communication play in making risk management relevant to executives and boards?

Communication is everything. Risk professionals often speak in technical jargon that executives can’t translate into business impact. We talk about “percentiles and confidence intervals” when executives want to know “How will this affect our quarterly results?”

The biggest success story was connecting risk analysis directly to decisions executives actually face. Instead of presenting abstract risk lists, I try to show how uncertainty analysis can improve capital allocation, strategic planning, vendor or project selection.

I remember when some brokers and underwriters looked at our risk and were convinced it was worth $4 million to transfer. We did the calculations, understood our risk profile intimately, and managed to communicate it well to other underwriters. We ended up increasing the limit 3X improving the terms, not changing the deductibles and transferred the risk for $1 million – that’s a $3 million annual saving. Both the broker and the old underwriter were blacklisted forever because they didn’t understand the risk they were insuring.

The Underestimated Threats

What risks do you think are most underestimated by businesses, governments, or society right now?

The biggest underestimated risk is the risk of risk management itself. Organizations spend enormous resources on risk management activities that create an illusion of control while actually making them more vulnerable.

On a broader scale, I think we underestimate systemic risks that emerge from the interaction of seemingly independent factors. Climate change, AI disruption, pandemics, GMOs, and geopolitical instability don’t operate in isolation – they amplify each other in ways our traditional risk models can’t capture.

The Evolution Ahead

How do you see the role of risk managers evolving in the next 5–10 years?

Risk managers will either evolve into decision advisors or become irrelevant. The traditional role of risk documentation and compliance reporting is being automated by AI and integrated software platforms.

The future belongs to risk professionals who can enhance decision quality through uncertainty analysis. This means developing skills in decision science, behavioral economics, and quantitative modeling while maintaining deep business knowledge.

I’m already seeing this transformation. Risk managers who I respect, already sit in strategic planning meetings, contribute to capital allocation decisions, do vendor due diligence, and help evaluate major investments. They’re valued business partners, not compliance functionaries.

Advice for the Next Generation

What advice would you give to young professionals who want to follow in your footsteps and make an impact in risk management?

First, focus on decision quality, not risk documentation. Learn how to improve specific business decisions through uncertainty analysis rather than mastering traditional risk management frameworks. 

Second, develop quantitative skills but remember that sophisticated modeling isn’t always necessary. Simple decision trees often provide more value than complex Monte Carlo simulations if they’re connected to actual choices. Sam Savage’s book “Flaw of averages” is so fundamental to this. Making business plans stochastic is not a nice to have, it is a matter of survival.

Third, be willing to challenge conventional wisdom, but do it with evidence and humility. Ok, humility is not a thing in my world , but you understand what I mean. Don’t just criticize existing approaches – demonstrate better alternatives with measurable results. I actually stopped explaining why we don’t do heatmaps, I just do basic Monte-Carlo models instead and pretend like heatmaps never existing. Noone complained yet.

Finally, remember that risk management is ultimately about helping people make better choices. If your risk analysis doesn’t change what someone chooses to do and not bringing direct and immediate savings, it’s probably not creating value.

The Road Ahead

Finally, what’s next for you? Are there new projects or ambitions on the horizon?

We’re developing AI-powered risk tools that can analyze risks faster and more comprehensively than traditional brainstorming sessions. The goal is to democratize sophisticated risk analysis so smaller organizations can access decision-science approaches. I have now created 20+ risk management AI agents that anyone can test at https://riskacademy.ai/

The ultimate ambition is creating a global community of decision-focused risk professionals who can demonstrate measurable business value. When risk managers can point to specific decisions they’ve improved and quantify the impact, the profession transforms from a cost center into a value creator.

The future of risk management isn’t about better compliance or more sophisticated documentation – it’s about fundamentally improving how organizations make decisions under uncertainty.

Book your ticket for Risk Awarness Week 25 from October 13-17.

The interview was conducted by Binci Heeb, Editor-in-Chief.

Alex Sidorenko is the founder of RISK-ACADEMY, author of several books on risk management and developer of the risk management wizard RAW@AI. His work has influenced risk management practices in organizations in Europe, Australia and the Middle East. Contact Alex and discover resources on decision-oriented risk management here.

Read also: Smarter risks, stronger business: 5 data-driven strategies for the next era of risk management

---

---