Vasily Kudrin spoke about strategic business risk management at the Conference “Risk Management in Strategy Development and Implementation” of Association of Strategic Management Professionals.

Presentation (ENG | RUS)

Coherent exposition of the presentation

1. Introduction and Experience. Vasily Kudrin began his presentation by greeting the conference participants and announced that he would dedicate his speech to the matters of strategic business risk management. The speaker shared his experience of over 15 years in assessing and managing risks across various economic sectors and projects of different scales, including practical business experience since the early 2000s.

2. Speech Objectives. The speaker explained that the purpose of his presentation was not to simply recount the body of knowledge accumulated by the professional community, as that would be neither feasible nor particularly engaging. Instead, he focused on sharing his personal views on the most critical challenges in strategic risk management. Based on his projects, the speaker highlighted the diversity of ideas and approaches to identifying strategic risks, which he sees as a positive reflection of the inherent variety in business itself.

3. Diversity of Approaches. Then Vasily Kudrin emphasized that this diversity of approaches is beneficial and is reflected in international methodologies. He drew particular attention to the COSO framework, where strategic risks are linked to higher-level goals that align with the company’s mission and vision. It’s noted that strategic risk management primarily occurs at the top executive level, setting the tone for risk management at all lower levels and influencing stakeholders.

4. Influence on Governance. The speaker pointed out that for large, industry-shaping companies, this management approach can even influence industry-wide or state-level governance. He recommended drawing on established knowledge in business and marketing strategy development and mentioned well-known analytical tools, such as Porter’s market forces analysis, SWOT, and PEST analysis.

5. Key Standards Overview. Mr. Kudrin listed the most recognized standards — COSO, FERMA, and ISO — which employ slightly different approaches to identifying strategic risks. He stressed that there are no rigid rules in this area and advised against imposing them and suggested focusing on categories and techniques associated with top management when considering strategic risks.

6. Roots of Strategic Risks. Vasily Kudrin explained that strategic risks have their roots in events and consequences arising from the objectives of lower management levels and operational units. He praised the COSO methodology for effectively linking risks to strategy, addressing entity-level risks tied to various goal categories, including strategic ones. Then it’s noted that this approach helps foster a risk culture at the highest level, beyond mere routine specialist work.

7. Framework Characteristics. The expert recommended identifying specific strategic risks to facilitate dialogue at the executive level and engage leaders in risk assessment and management. Then the speaker outlined the key characteristics of a strategic risk management framework in three sections: objectives, applicable control model, and roles of participants. He emphasized the importance of recognizing that strategic risks are not to be entirely avoided or prevented.

8. Accepting Strategic Risks. Vasily Kudrin stated that businesses consciously accept strategic risks to a certain degree, which significantly shapes the nature of assessment and management efforts. He highlighted the potential for deriving business benefits from these risks and underscored the importance of analyzing the cost-effectiveness of their management.

9. Control and Dialogue. Then Mr. Kudrin clarified that control activities in this context are not bureaucratic desk work but rather dialogues and interactive discussions among stakeholders. It’s recommended to use key risk indicators as valuable support tools. The expert stressed the importance of coordination while insisting on involving senior management in developing action plans, including finance and HR managers for resource allocation.

10. Participants and Roles. Then Vasily Kudrin presents categorizion of risk management process participants in groups: the management and corporate governance level (including the board of directors) and other stakeholders. He highlighted the crucial role of external experts, advisors, industry specialists, and independent board members. It’s also emphasized the value of coordinating support from in-house or external teams.

11. Distinctive Features. Mr. Kudrin presented the distinctive features of strategic business risk management based on his observations and recommendations. He noted that it focuses more on opportunities than preventable issues, with direct involvement of top executives and directors, and pointed out its positive impact on the company’s overall risk management culture and the high level of accountability, given that failures often become public sensations.

12. Expert Judgments Priority. Vasily Kudrin emphasized the predominance of expert judgments over quantitative statistical assessments, with significant reliance on business and professional intuition. He stressed the need to integrate outcomes into company planning and strategy, without which the effort is futile. The speaker advocated for agile methods, avoiding bureaucracy and excessive paperwork.

13. Risk Categories: Entries/Exits. Following the logic of his presentation, Mr. Kudrin advised each company to develop its own unique profile of strategic risks and proposed his methodology based on four strategic categories. The first — “Entries and Expansion” — covers risks associated with strategic moves such as entering new markets, developing new products, altering the business concept, acquisitions, and transformations. The second — “Exits and Recovery” — involves risks related to abandoning ambitions, safeguarding accumulated assets, or rebuilding the business.

14. Risk Categories: Barriers. The speaker then described the third category — “Barriers and Changes” — as encompassing market forces, including buyers, suppliers, political and macroeconomic conditions, and the influence of communities and social groups. He referenced examples like WallStreetBets on Reddit and highlighted leadership competencies as potential barriers, along with company behavior during periods of change and crisis.

15. Risk Categories: Competitors. Vasily Kudrin outlined the fourth category — “Alternatives and Competitors” — as covering various forms of competition: direct, foreign, substitute products and models. This includes price wars, market share battles, protectionism, and sanctions. The speaker explained that the upper categories relate to risks at the input and output of decisions, while the lower ones address risks arising during implementation.

16. Holistic Management Approach. Vasily Kudrin presented a holistic, comprehensive approach to the stages of strategic risk management, from assessment planning to system improvement. He emphasized integrity, a cyclical process, and ongoing self-improvement within the company. The speaker identified applicable assessment types: individual dialogues for identification, inherent risk evaluation, and assessment considering existing response measures, with minimal rules to foster open dialogue.

17. Group Assessments Process. Vasily Kudrin described the group assessment stage involving senior management, strategic subordinates, and stakeholders. He recommended supporting the process with corporate benchmarks to analyze practices and ensure alignment with best standards. The speaker stressed the importance of market intelligence and strategic analysis backed by evidence-based practical examples for each risk group.

18. Practical Project Example. Mr. Kudrin provided a practical example from a large industry-shaping organization: approximately 20 individual meetings and 5 group assessments completed in two months. He highlighted the role of a support team with external experts, development of a meaningful risk assessment criteria matrix, and progression from initial registers (about 10 risks) to a refined list (about 20), including ranking, residual risk analysis, and facilitated management board sessions.

19. Monitoring and Improvement. Vasily Kudrin noted that risk management extends beyond assessing inherent and residual risks to how decisions are made and documented. He advised defining the format and content of response measures and plans in advance, with quality criteria and examples. The speaker emphasized the role of dedicated methodological support from a specialist team, along with dashboards and visualization tools for monitoring, conducted by coordination units and internal audit at least annually.

20. Benefits and Recommendations. In the final of the presentation, Mr. Kudrin outlined the benefits of strategic risk assessment and management: effective prioritization of efforts (including controls and finances), reduction of uncertainty-related fears, and consistency in senior management actions. The expert highlighted a clear focus on results and opportunities, ownership by top leadership, tone-setting from above, cultural shaping, skill development, cross-functional engagement, and enhanced cohesion internally and with stakeholders. Vasily Kudrin recommended continuous competency improvement in strategic risk management for top executives, investors, and stakeholders, expressed gratitude, and offered cooperation and contact details.

About Vasily Kudrin.

HLB Vneshaudit’s Advisory Practice Partner; audit and risk management and business consulting. Professional in finance and business with over 20 years of experience in real sector, finance and advisory.

More than 300 professional projects and educational events in process organization, risk management, internal control, transformation of corporate systems.

Vasily Kudrin has current professional international diplomas: CIA (internal audit, since 2004), CFE (investigation and risks of fraud, since 2007), CCSA (self-assessment of internal control and risks, since 2004).

Experience in internal audit, corporate governance and internal control in accordance with international and generally recognized standards and recommended practices since 2002 (largest oil company, investment company, retail group, international consulting).

Participated in the boards and working groups of a number of professional public organizations, such as Institute of Internal Auditors (IIA), Association of Certified Fraud Examiners (ACFE). Member of organizations in the field of corporate governance and internal control (Association of Professional Directors (NAND), Russian Institute of Directors (RID), IIA), participates in the coordination board of “Debates Club” that deals with innovations in corporate governance, risk management and control.