Sponsored Content
The new rules of risk: From playing defence to playing to win
By Martin Stevens, Audit Director, Gjensidige Forsikring ASA
In the spreadsheet era, risk management was about avoiding losses based on today’s or yesterday’s position. But in a world moving at AI-speed, that kind of static compliance is its own kind of risk.
Instead of focusing on avoiding defeat, we should shift our approach to actively creating opportunities for success. Here is how the most resilient organizations can turn risk into an advantage.
1. Risk isn't a department. It’s a mindset.
Managing risk across a company requires both attention to detail and a clear view of the whole field. We use statistical models and scenario-thinking not just to anticipate shocks, but to prepare decisive responses. It’s about defending what matters while creating room to attack—so the business can protect value and gain ground.
2. The Board must ask the uncomfortable questions.
Risk management mustn’t be stuck on the side lines. The Board needs a clear, shared view of the organization’s risk profile—and the discipline to act on it. That means moving beyond oversight into active stewardship: probing assumptions, stress-testing decisions, and strengthening the organization’s playbook as conditions change.
3. Compliance is the bare minimum - not the end goal.
Compliance keeps you in the game -but it doesn’t help you win. Enterprise Risk Management (ERM) creates an advantage by making trade-offs explicit and measurable, so strategy is grounded in a real view of exposure and opportunity. When risk is built into planning and performance discussions, leaders can allocate resources with confidence—protecting what matters while pursuing the best plays.
4. Kill the noise with a common language.
From the front-line teams to the boardroom, risk discussions often get lost in competing terminology. The solution is a shared scorecard—using a common monetary language to compare priorities and trade-offs. When everyone talks about impact the same way, decisions get faster, alignment improves, and the organization can respond as one team when the game shifts.
5. Model the un-modellable.
6. Stop being forward-thinking. Start being forward-acting.
Make risk management a competitive advantage.
Strong risk management should be a competitive edge, not a drag on momentum. When risk is embedded in how your teams plan, decide, and execute, you play with more discipline and more confidence - protecting the downside while staying positioned to win.
Learn how you can build risk management into every call - so your leaders can integrate risk management into every business decision.
About the author
Martin Stevens FCA, CIA is an internal audit and governance leader with over 20 years’ experience across the financial and insurance sectors. As Audit Director at Gjensidige, he brings expertise in audit, finance, and operational risk to strengthen risk management and assurance.
A former Chairman of IIA Norway, he founded its Risk Management Network and co-authored several influential publications, including Guidelines for Risk Management, Guidelines for Governance, and Board Guidelines for Risk Management. Martin regularly speaks and delivers training, advocating for risk and audit functions to move beyond compliance and create real business value.
About Optro
Optro (formerly AuditBoard) helps enterprises transform risk into opportunity, redefining GRC through an agentic system of action. More than 50% of the Fortune 500 trust Optro to elevate audit, risk, and compliance in addressing a new era of risk. Optro is top-rated by customers on G2 and was named a Leader in the 2025 Gartner®️ Magic Quadrant™️for Governance, Risk and Compliance (GRC) Tools, Assurance Leaders. To learn more, visit: