Risk Leadership

Triumph and disaster: A framework for risk?

Ahead of CFG's annual Risk Conference, Caron Bradshaw shares her latest thinking on different approaches to risk, inspired by a well-known poet.



The Rudyard Kipling poem, ‘If’ has the following sentence: 'If you can meet with triumph and disaster, and treat those two impostors just the same…' that always makes me think ‘ooh, that’s great risk management’.

I am not sure what that says about me if art inspires me to think about charity finance, but you can draw your own conclusions!

I’m a risk management enthusiast. You may have heard me say that, in my view, the industry of risk in the sector fails to manage it.

We get hooked on an illusion of a sanitised environment in which it is possible to predict, measure, monitor and eradicate the majority of risks.

Increasingly detailed and complicated mechanisms are deployed; swim lanes, charts documenting inherent/mitigated risks and risk targets/appetites, in pursuit of control – all requiring significant time and resource.

We can confuse what is achievable with what is desirable, leading to a perpetual sense that if the risk comes home to roost someone or something failed when the reality may be that failure was unavoidable.

I fear we have lost sight of the critical power of the discussion and the importance of understanding the decisions we make, preferring instead to seek false comfort in heat maps and War and Peace-length risk registers.

This thinking has been overtly and covertly promoted to us for years. But here is the thing: Not all ‘good’ decisions lead to success and sometimes great outcomes come from pretty rubbish decisions.

If triumph and disaster are just imposters, as Kipling says, if we really cannot judge the quality of the decision on outcome that follows where does that leave us? What should we be thinking about when it comes to risk management? Or do we just throw up our hands and say what will be will be?

CFG have been flexing our approach to risk over the last few years. The pandemic has stress-tested the prudence of our tinkering during the most challenging times we’ve faced. Whilst there are adjustments to be made, I have been convinced we are on to something. The simplicity of our model and embedding it in everything we do has served us well.

We’ve been hugely fortunate to have Nigel Kippax, a charity consultant of many years’ experience and a fellow risk enthusiast, volunteer to work with us to refine our approach with a view to sharing it with the membership. (We intend to do so at the CFG Risk Conference that’s just around the corner, so do join us.)

Chewing over different aspects with Nigel has sharpened my thinking in a number of areas which will ultimately change and refine our model. I thought I’d share some of my reflections in the meantime.

In my view the most important two elements of effectively dealing with risk are culture and clarity of framework.


Everyone should own risk and take responsibility for both spotting things going off the rails and flagging opportunities that would otherwise be missed. Giving your team permission to fail is part of that positive risk culture because learning consequentially becomes the norm.

Clarity of framework

In some regards it really doesn’t matter what mechanism you decide to use, provided it is clear and drives behaviour at all levels. I do think many over-engineer their systems and end up doing things, not because it actually helps drive up impact and avoid harm, but because it is what the established risk framework requires.

It’s time for us to strip back, to rigorously question the tools we use and ensure we have something that is clear, simple and flexible, that drives behaviour and change.

Finally, I’ve been pondering on how we express organisational risk appetite. The process often feels like nailing jelly to the wall, messy and pointless.

I sit on a number of risk committees and in all models used I have yet to observe a comfortable relationship between expressed risk appetite and reality.

I’m frequently left thinking – ‘So what?’ What is realistic to achieve? Do the mitigating actions stand a snowball’s chance of getting us anywhere near the target?

If you could achieve a shared understanding of what your organisational appetite for risk is, that reflects the views of the board and the executive, could failure be avoided and resilience increased?

Or is this an elusive Holy Grail; is it realistic to think all members of the board or executive can have the same level of confidence, tolerance for failure or assessment of the circumstances faced?

And if you could, such a collective position would probably present other concerns and risk. Typically, what the organisation ends up with is a consolidation of individuals’ thoughts and feelings, crunching aspiration and perception together, somewhat detached from reality.

Maybe it would be more valuable to develop a mechanism to ensure visibility of individual assessments, something which prompts conversation and exploration of different points of view.

Whilst we don’t have all the answers I’m enjoying digging around in this space and look forward to sharing our thinking.

In the end, triumph is sometimes a product of good fortune, and disaster sometimes flows from making bold decisions to encounter risks that were worth taking.

Perhaps in treating these two imposters the same we can have a healthier relationship with risk management that drives us towards growing impact, minimising loss and learning along the way.


Join us at this year's Risk Conference on 27 January! Find out more.

This post was last reviewed on 19 January 2022 at 11:55
« Back to all blog posts