Strategic Risk Assessment

Thyssenkrupp’s recent warning about its €3 billion green steel plant in Duisburg raises serious questions about the practical implementation of industrial #decarbonization in Europe. CEO Miguel Lopez’s stark admission that this flagship project is “operating beyond the limits of economic viability” should be a wake-up call for industry leaders and policymakers alike. The world’s most modern steel plant risks becoming a stranded asset because of a fundamental oversight: ensuring adequate hydrogen infrastructure BEFORE committing billions to construction. This situation highlights three critical failures: 1️⃣ Planning disconnect: How did Thyssenkrupp commit to a €3B investment without securing viable hydrogen supply chains first? The project requires 104,000 tonnes of hydrogen by 2028, scaling to 151,000 tonnes annually—volumes that Germany’s current infrastructure cannot support at competitive prices. 2️⃣ Public funding questions: German taxpayers provided €2B toward this project. Was this investment made with realistic assessments of hydrogen availability and cost? Or are we witnessing another case of green ambitions racing ahead of practical realities? 3️⃣ Industry transformation challenges: Thyssenkrupp’s predicament reflects a broader issue in Europe’s industrial decarbonization strategy—ambitious targets without the necessary infrastructure to support them. Don’t mistake my criticism for opposition to #greensteel. We absolutely need this transition. But successful decarbonization requires honest assessment of infrastructure needs, technological readiness, and economic viability. For industry leaders watching this unfold: Are your green transition plans built on realistic hydrogen availability projections? Or are you risking similar economic pitfalls? For policymakers: Infrastructure must come first. Hydrogen pipelines, renewable energy capacity, and competitive energy pricing are prerequisites for—not consequences of—industrial green transitions. This isn’t just Thyssenkrupp’s problem. It’s a warning for Europe’s entire industrial decarbonization strategy. #GreenSteel #IndustrialDecarbonization #HydrogenEconomy #EnergyTransition #IndustrialPolicy https://lnkd.in/dEb8V_Xp

Where do you think interest rates are going to go? Jamie Dimon has an idea. In his annual letter to JPMC shareholders, he indicates inflation is here to stay a while, and therefore, rates could go as high as 8% in the medium term. He said: "It is important to note that the economy is being fueled by large amounts of government deficit spending and past stimulus. There is also a growing need for increased spending as we continue transitioning to a greener economy, restructuring global supply chains, boosting military expenditure and battling rising healthcare costs. This may lead to stickier inflation and higher rates than markets expect." I can't argue with that. He has a point. Now, if you have to combat inflation, you need to raise interest rates. That isn't a risk-free move, as people in the CRE game know. Now what do you think happens if interest rates stay higher for longer? "A scenario where the federal funds rate hits more than 6% would likely entail more stress for the banking system and for highly leveraged companies... Rates have been extremely low for a long time, and it's hard to know how many investors and companies are truly prepared for a higher rate environment." This is a fantastic summary of our current moment. There is a lot of wishful thinking that interest rates will go back to the 2010-2022 period of QE and low rates. Many of the people trading actively in markets are under 37 and thus have no living memory of working on Wall Street when interest rates were not pressed down along the entire curve by aggressive Fed policy. For banks, for hospitals, for businesses - you need to incorporate scenario analysis into your annual financial plan. What if Fed Funds went to 6% and the 10y UST went to 8%? Would that break anything? Would you be prepared with a flexible balance sheet to absorb these rate changes and still operate normally? Considering this kind of extreme scenario in a relatively calm moment is a helpful exercise to allow organizations to position balance sheets for resilience and prepare necessary actions to take just in case. As financial planning gets underway at institutions this year, I think it's a very good idea to conduct scenario analysis to ensure you are protected. It's all about good risk management. Mr. Dimon claims JPMC is ready to thrive in any economic conditions: "While all companies essentially budget on a base case forecast, we are very careful not to run our business that way. Instead, we look at a range of potential outcomes for which we need to be prepared." Good advice. #fedpolicy #riskmanagement #interestrates

US #CISA has released a summary of #Risk and #Vulnerability Assessments for FY2023, and it's an excellent guide on how to mitigate the most common threats. The release has an infographic (attached) as well as a longer form PDF report (linked). The conclusions are not surprising, but the data points are useful to validate your assumptions with quantified observations. Some key takeaways: 🚩 Valid Accounts (MITRE ATT&CK technique T1078) are the most common initial access vector, seen in 41% of attacks - we could assume that this means either default passwords or credential theft are being utilized 🚩 Spearphishing variations were the next most prevalent initial access vector, highlighting the importance of email security 🚩 Valid Accounts are also the most widely used persistence and privelege escalation method, at 42% and 45% respectively - highlighting the need to monitor IDAM, manage privileges effectively, and look for anomalous behavior 🚩 Pass the hash, pass the ticket, and RDP were most common lateral movement techniques observed There's a lot more useful information in the report - worth a read!

Case Study No. 10: Drill Pipe Struck Crew Member Due to Uncoordinated SIMOPS Incident Description: During ongoing drilling operations, the Driller was performing a Run-In-Hole (RIH) operation after making a connection. At the same time, a floor crew member was engaged in picking up a drill pipe (DP) from the pipe ramp. Due to a lack of coordination and poor communication between the Driller and the floor crew, the drill pipe being handled unintentionally came into contact with the Top Drive System (TDS) or elevator horn. This resulted in a spring-back or stored energy release effect, causing the pipe to swing uncontrollably and strike a crew member working on the drill floor. The impacted crew member sustained injuries required medical attention. Root Cause Analysis (RCA): Immediate Causes: 1- Simultaneous operations (SIMOPS) conducted without proper planning or coordination. 2- Inadequate communication between the Driller and the floor crew. 3- Lack of full attention by the Driller during critical phases of the operation. 4- Poor situational awareness by involved personnel regarding equipment movement and hazards. Underlying Causes: 1- Non-compliance with safe operating procedures for drill pipe handling. 2- Absence of a formal risk assessment or SIMOPS-specific Job Safety Analysis (JSA). 3- Ineffective pre-job briefing (Toolbox Talk) with no clear allocation of responsibilities or hazard discussion. 4- Insufficient supervisory oversight during the planning and execution of high-risk, simultaneous tasks. Preventive Measures: 1- Establish mandatory communication between the Driller, floor crew, and crane/pickup operator before initiating any movement. 2- Use standardized hand signals or radio communication protocols to avoid misunderstandings. 3- Avoid overlapping high-risk activities such as RIH and pipe pickup unless approved by a supervisor with a detailed plan in place. 4- Develop and enforce a SIMOPS matrix to clearly define which tasks can or cannot be performed simultaneously. 5- Conduct thorough Job Safety Analyses (JSA) and Toolbox Talks before beginning operations, especially SIMOPS. 6- Assign roles and responsibilities clearly during pre-task meetings, including hazard identification and mitigation plans. 7- Train all personnel on stored energy hazards, swing radius risks, and emergency response actions. 8- Ensure continuous on-site supervision during critical or concurrent operations. 9- Install CCTV or live monitoring on the drill floor to assist in operational oversight and review. 10- Conduct post-job reviews and incident debriefs to capture lessons learned and improve future practices. #safety #HSE #Drilling #safework

🛑 7 Strategic Risks You May Be Overlooking in Program Management 📊 Not all risks shout for attention. Some quietly grow in the background—and then derail your entire program. In large-scale programs, success doesn’t just depend on tracking tasks or delivering outputs. It hinges on how well you identify, monitor, and respond to risks—especially those that are invisible at the component level. Here are 7 critical risks every program manager must address: ◻️ 1. Compounding Risks Small risks in individual components may seem harmless—but collectively, they can grow into major threats. 🔍 Watch for accumulation across projects. ◻️ 2. Integration Risks Programs deliver value through integration. But mismatches in outputs or delays in aligning deliverables can impact overall outcomes. 🔗 Uncertainties when combining outputs must be anticipated. ◻️ 3. Strategic Alignment Risks Even if outputs are delivered, they may no longer serve the business strategy if alignment is lost. 📈 Regular reviews are essential to stay relevant. ◻️ 4. Emergent Risks Volatile environments and component interactions can trigger unforeseen threats. ⚠️ Stay responsive and adaptive. ◻️ 5. Benefits Delivery Risks Outputs ≠ Benefits. You can complete everything on paper and still fall short of delivering real value. 🎯 Focus on outcomes, not just milestones. ◻️ 6. Transition & Sustainment Risks Will the organization adopt and maintain the new capabilities? If not, benefits fade. 📦 Plan transitions and ensure post-program sustainment. ◻️ 7. Governance & Escalation Risks Rigid or unclear governance slows risk response. 🚨 Delays in escalation leave threats unmanaged. 📌 These are strategic, program-level risks—not just issues for project teams. If you’re preparing for PgMP® or managing complex initiatives, these risks must become part of your regular oversight. 🧠 Want to dive deeper into program risk management? 🎥 Check out our PgMP® Self-Learning Program—designed to help you master strategic program delivery. #ProgramManagement #PgMP #RiskManagement #StrategicRisks #BenefitsRealization #Governance #Integration #PgMPPrep #iZenBridge #PortfolioManagement #Escalation #Sustainment #ChangeManagement

𝗛𝗲𝗿𝗲'𝘀 𝗵𝗼𝘄 𝗖𝗙𝗢𝘀 𝗰𝗮𝗻 𝗶𝗺𝗽𝗹𝗲𝗺𝗲𝗻𝘁 𝗳𝗼𝗿𝗲𝗰𝗮𝘀𝘁𝗶𝗻𝗴 𝗮𝗻𝗱 𝘀𝗰𝗲𝗻𝗮𝗿𝗶𝗼 𝗮𝗻𝗮𝗹𝘆𝘀𝗶𝘀. CFOs are constantly looking to forecast better and run more scenarios to improve decision-making. How do you best do that though? Here are 8 steps to implement forecasting and scenario analysis 👇. 1️⃣ Objectives Identify the specific questions or decisions that need to be addressed through these processes. For example, it could be assessing the impact of different market scenarios on cash flow or evaluating the financial feasibility of a strategic initiative. 2️⃣ Assumptions Identify the key variables and assumptions that drive the financial forecasts and scenarios. These variables could include market trends, customer behavior, cost drivers, or regulatory changes. 3️⃣ Analytical tools Gather historical financial data, market data, industry benchmarks, and any other relevant information. Implement suitable financial modeling and analytical tools to facilitate accurate and efficient analysis. 4️⃣ Develop models Utilize statistical techniques, time-series analysis, regression models, or other appropriate methodologies based on the nature of the data and the objectives of the forecasts. Continuously refine and validate the models based on historical data and feedback. 5️⃣ Sensitivity analysis Perform sensitivity analysis impact of changes in key variables on financial outcomes. Vary the assumptions within a range and assess the resulting financial impact. This helps identify the most critical variables. 6️⃣ Scenario ranges Consider best-case, worst-case, and moderate-case scenarios to cover a broad spectrum of possibilities. Assign probabilities or weights to each scenario to reflect their likelihood. Align the scenarios with the organization's risk appetite. 7️⃣ Analyze scenarios Assess the impact of different scenarios on financial statements, cash flow, profitability, and key performance indicators. Identify risks, opportunities, and trade-offs associated with each scenario. 8️⃣ Communication Provide clear and concise reports highlighting the assumptions, methodology, key findings, and implications of each scenario to all relevant stakeholders. Seek feedback and engage stakeholders in discussions to gain their insights and perspectives. ---------- Do you agree that this 8-step process is a great way to implement forecasting and scenario analysis? Anything you'd add, take away, or change? #cfo #finance #accountingandaccountants #careers ---------- 🎧 Listen to our #FinanceMaster Podcast here: https://bit.ly/3NLSt73 📰 Sign up for our newsletter here: https://bit.ly/TrendsInFnA 🧑🎓 Learn how we can help your finance team here: https://bit.ly/3prsWXH 🤝 Book a discovery call with me here: https://lnkd.in/eJWAub9r

🚨 Mastering IT Risk Assessment: A Strategic Framework for Information Security In cybersecurity, guesswork is not strategy. Effective risk management begins with a structured, evidence-based risk assessment process that connects technical threats to business impact. This framework — adapted from leading standards such as NIST SP 800-30 and ISO/IEC 27005 — breaks down how to transform raw threat data into actionable risk intelligence: 1️⃣ System Characterization – Establish clear system boundaries. Define the hardware, software, data, interfaces, people, and mission-critical functions within scope. 🔹 Output: System boundaries, criticality, and sensitivity profile. 2️⃣ Threat Identification – Identify credible threat sources — from external adversaries to insider risks and environmental hazards. 🔹 Output: Comprehensive threat statement. 3️⃣ Vulnerability Identification – Pinpoint systemic weaknesses that can be exploited by these threats. 🔹 Output: Catalog of potential vulnerabilities. 4️⃣ Control Analysis – Evaluate the design and operational effectiveness of current and planned controls. 🔹 Output: Control inventory with performance assessment. 5️⃣ Likelihood Determination – Assess the probability that a given threat will exploit a specific vulnerability, considering existing mitigations. 🔹 Output: Likelihood rating. 6️⃣ Impact Analysis – Quantify potential losses in terms of confidentiality, integrity, and availability of information assets. 🔹 Output: Impact rating. 7️⃣ Risk Determination – Integrate likelihood and impact to determine inherent and residual risk levels. 🔹 Output: Ranked risk register. 8️⃣ Control Recommendations – Prioritize security enhancements to reduce risk to acceptable levels. 🔹 Output: Targeted control recommendations. 9️⃣ Results Documentation – Compile the process, findings, and mitigation actions in a formal risk assessment report for governance and audit traceability. 🔹 Output: Comprehensive risk assessment report. When executed properly, this process transforms IT threat data into strategic business intelligence, enabling leaders to make informed, risk-based decisions that safeguard the organization’s assets and reputation. 👉 Bottom line: An organization’s resilience isn’t built on tools — it’s built on a disciplined, repeatable approach to understanding and managing risk. #CyberSecurity #RiskManagement #GRC #InformationSecurity #ISO27001 #NIST #Infosec #RiskAssessment #Governance

🌐 Navigating Risk in the #Boardroom: A Strategic Imperative In today’s rapidly evolving business landscape, risk management has become more than just a compliance exercise—it’s a critical element of strategic decision-making at the board level. 💡 Key Focus Areas for Effective Risk Management: 1️⃣ Proactive Identification: Boards must actively identify emerging risks, from geopolitical shifts to cybersecurity threats, ensuring a holistic view of potential challenges. 2️⃣ Integrated Approach: Embedding risk management into the company’s strategic goals fosters resilience and prepares the organization for uncertainty. 3️⃣ Scenario Planning: Leveraging data and advanced analytics to anticipate and model various outcomes ensures preparedness for even the most unpredictable situations. 4️⃣ Culture of Transparency: A culture that encourages open dialogue about risks and opportunities strengthens decision-making at all levels. 🤝 As stewards of long-term value, boards play a pivotal role in guiding organizations through turbulent times. By prioritizing robust risk management practices, we’re not only protecting today’s operations but also paving the way for sustainable growth. 📢 Let’s exchange ideas: How is your organization redefining risk management to stay ahead in 2025? Share your thoughts below! 👇 #Leadership #RiskManagement #BoardLeadership #Strategy #percyvaid

How robust is your Strategy confronting high volatility and disruption? No one can completely predict today how the world will unfold over the next twelve months; advancements in technology, geopolitical actions, conflict, societal and environmental adjustments, natural disasters, and monetary policies bind together with industry shifts. External Forces drive exceptional change. Yet in many organizations, the Strategy discussions tend to be very "inward" focused, based on incremental changes, leading to blind spots and unquantified risks that impact your firm, your suppliers, your customers, your ecosystems. This does not mean however we need to give up. In my experience there are five steps you can take to be better prepared: 1. Get together your board and management team with an experienced facilitator for a focused session with just this one item on the agenda. 2. Make visible your vital few Strategic Assumptions (no more than 5 or 6,) and write down the implications for your business, considering Supply, Demand, Technology, and key external impacts. Carefully address any bias that may be present in both your thinking and data sources. 3. Develop an action plan of what you can do in the event of the most probable and highest impact scenarios. 4. Set in place a plan to test and monitor your assumptions, and a fast alert to board and management in the event of both expected and unexpected changes. Leverage your Strategy process to stay ahead of the game. 5. Ensure your budget and operational plans are coherent with your Strategic assumptions, and update regularly based on new information. It can feel as if small changes in the world may lead to dramatic shifts in your industry, and yet it does not need to be overwhelming. You can set in place a system and plan which allows your people to be their best, and ensures you are not solely focused on internal discussions while external events change everything. What have you found to be most effective in ensuring your Strategy identifies and addresses external trends, pressures, and industry shifts? Strategy is Mastery.

How do banks balance profitability with risk when lending? Imagine, You're a bank evaluating a loan application. The client looks promising rated as low risk with a solid repayment history. But what if small changes in assumptions, like the probability of default, could completely alter the picture? This is where understanding risk-adjusted return on capital (RAROC) becomes crucial. In a recent exercise, I explored how tweaking just one variable default probability can reshape decisions. For instance, Increasing the probability of default from 1% to 1.5% (a seemingly small change) resulted in a noticeable drop in the year-one RAROC. Why does this matter? It means the bank may see the client as less profitable and adjust terms or even reconsider the loan altogether. Here’s an example: -A $4M operating loan with a 75% utilization rate and a 60% loss given default. -At a 1% probability of default, the facility appears profitable. -But raise the probability to 1.5%, and profitability takes a hit impacting both the client and the bank's bottom line. Banks also face pressure to integrate factors like ESG risks into their models. If a client operates in industries with higher environmental or social risks, those risks could translate into a higher default probability. This adjustment not only impacts pricing but also highlights how much these factors influence lending decisions. Why should this matter to us as professionals? It’s a reminder that data-driven decisions don’t exist in isolation they directly impact real people and businesses. It’s not just about percentages and formulas; it’s about trust, opportunity, and financial well-being. From my perspective, This exercise was a valuable way to see how small assumptions can cascade into major outcomes. Whether we’re working in banking, sustainability, or beyond, it’s a call to examine the assumptions driving our choices. What do you think? How do you account for subtle risks in your decision-making process? Let’s discuss.