Risk and Decision-Making

•February 5, 2026

Norman Marks on Governance, Risk Management, and Internal Audit•Feb 5, 2026

Why It Matters

Embedding uncertainty‑driven questions into risk processes turns risk management into a strategic decision‑enabler, improving resource allocation and resilience across the enterprise.

Key Takeaways

•Ask about outcome ranges, not just likelihood
•Focus risk questions on decision impact
•Replace risk appetite lists with scenario analysis
•Align risk management with strategic choices
•Test assumptions to uncover hidden uncertainties

Pulse Analysis

The latest conversation sparked by Alex Sidorenko’s LinkedIn post, amplified by Norman Marks, challenges the traditional risk‑management playbook. Instead of compiling static top‑risk lists, practitioners are urged to reframe their inquiry around the decision at hand and the uncertainties that could sway it. This shift from probability‑impact matrices to outcome‑oriented questioning creates actionable insight, turning risk assessment into a decision‑enabling function. Companies that adopt this mindset can move beyond false precision and align risk work directly with business objectives. The approach also dovetails with agile governance, where rapid iteration demands real‑time risk insight. Understanding uncertainty is the linchpin of this new approach. ISO 31000 defines risk as the effect of uncertainty on objectives, a nuance many managers miss when they equate risk with likelihood alone. By asking “What could happen or not happen that would change your decision?” risk professionals translate abstract concepts into concrete scenarios that resonate with executives. This language shift not only demystifies risk but also surfaces hidden variables, enabling more robust contingency planning and faster response when conditions evolve. When uncertainty is mapped to financial impact ranges, CFOs can model scenario‑based forecasts, improving capital allocation. Practically, risk teams should embed decision‑centric questions into every governance checkpoint. Instead of a generic “What’s our risk appetite?” they might probe “Which option maximizes success given unknowns?” or “What must be true for this choice to fail?” Such probes force managers to articulate assumptions, prioritize data gaps, and allocate resources where they matter most. Early adopters report tighter alignment between risk registers and strategic roadmaps, reduced mitigation spend, and clearer communication with boards—all hallmarks of a mature, value‑driven risk function. Technology platforms that capture question‑driven risk data further automate analysis, turning qualitative insights into quantitative metrics for dashboards.

Risk and decision-making

Norman Marks

We tend to agree on most things, but there is one word that sets us apart, and that word is “uncertainty.”

In a recent LinkedIn post, Alex Sidorenko wrote:

Most risk professionals ask: “What are our top risks?”

Better question: “What decision are we trying to make, and what uncertainties could change our choice?”

The difference? The first creates lists. The second creates insight.

Stop asking

“What’s the likelihood and impact?” (Forces false precision)
“How do we manage this risk?” (Assumes you know what to do)
“What’s our risk appetite?” (Abstract concept divorced from choices)

Start asking

“What range of outcomes could this produce?” (Embraces uncertainty)
“Which option gives us the best chance of success given what we don’t know?” (Decision‑focused)
“What would have to be true for this choice to be wrong?” (Tests assumptions)

The quality of your risk management is directly proportional to the quality of your questions.

I agree wholeheartedly with Alex when he says we should be focusing risk management on enabling better decisions. The periodic review of a list of top risks is a low‑value (sorry, traditionalists) activity. Risk is taken (a better expression than “accepted”) or modified with every decision that is taken or not taken.

I also agree that risk practitioners should seek to understand what business decisions are being made—both tactical and strategic—and help management understand the related risks and opportunities.

What is “uncertainty” and why consider it?

How do you think a typical business manager will answer the question, “what uncertainties could change our choice?”

They will look befuddled. Maybe they will point out that nothing in this world is certain, except death and maybe taxes. They certainly won’t know what you are talking about unless they have been to a training class where the ISO 31000 definition of risk (the effect of uncertainty on objectives) is discussed and explained.

In this case, we are not talking about a lack of certainty. Increasing your certainty that something will happen doesn’t change its potential effects; it just increases your ability to understand and respond to it.

So let’s change the question to something that everybody will understand: “What could happen or not happen that would change your decision?” (Note that I modified the last word.)

Sample questions for a manager

What are your options? Given all the things that might happen, their potential effects and the likelihoods of those effects, what is the best option? What can you change to improve the likelihood of success while avoiding unacceptable losses? Can I help you assess them?
How will they change things? There’s usually a range of potential effects or outcomes. What’s the likelihood of them having an effect that means you should change your decision? Can I help you with that?
What might happen, both good and bad, that needs to be considered? Do you have sufficient information about it? If not, how can I help?
What is the current situation? Is it acceptable? What needs to be changed or addressed or not?
What decisions do you have to make now or soon? Which are more critical to your success, our achieving those objectives?
How serious is it if you don’t achieve them? What margin do you have?
What are you trying to achieve? What are your objectives and which are the most important?

Of course you should tailor your questions—and the way you ask them—to the person you are asking.

What do you think? I welcome your thoughts, including the questions you would ask.

Read Original Article

Comments

Want to join the conversation?

Loading comments...

We tend to agree on most things, but there is one word that sets us apart, and that word is “uncertainty.”

In a recent LinkedIn post, Alex Sidorenko wrote:

Most risk professionals ask: “What are our top risks?”

Better question: “What decision are we trying to make, and what uncertainties could change our choice?”

The difference? The first creates lists. The second creates insight.

Stop asking

“What’s the likelihood and impact?” (Forces false precision)
“How do we manage this risk?” (Assumes you know what to do)
“What’s our risk appetite?” (Abstract concept divorced from choices)

Start asking

“What range of outcomes could this produce?” (Embraces uncertainty)
“Which option gives us the best chance of success given what we don’t know?” (Decision‑focused)
“What would have to be true for this choice to be wrong?” (Tests assumptions)

The quality of your risk management is directly proportional to the quality of your questions.

What is “uncertainty” and why consider it?

How do you think a typical business manager will answer the question, “what uncertainties could change our choice?”

So let’s change the question to something that everybody will understand: “What could happen or not happen that would change your decision?” (Note that I modified the last word.)

Sample questions for a manager

What are your options? Given all the things that might happen, their potential effects and the likelihoods of those effects, what is the best option? What can you change to improve the likelihood of success while avoiding unacceptable losses? Can I help you assess them?
How will they change things? There’s usually a range of potential effects or outcomes. What’s the likelihood of them having an effect that means you should change your decision? Can I help you with that?
What might happen, both good and bad, that needs to be considered? Do you have sufficient information about it? If not, how can I help?
What is the current situation? Is it acceptable? What needs to be changed or addressed or not?
What decisions do you have to make now or soon? Which are more critical to your success, our achieving those objectives?
How serious is it if you don’t achieve them? What margin do you have?
What are you trying to achieve? What are your objectives and which are the most important?

Of course you should tailor your questions—and the way you ask them—to the person you are asking.

What do you think? I welcome your thoughts, including the questions you would ask.

Finance Pulse

Risk and Decision-Making

Why It Matters

Key Takeaways

Pulse Analysis

Ask Pulse AI:

Risk and decision-making

What is “uncertainty” and why consider it?

Sample questions for a manager

Comments

Finance Pulse

Risk and Decision-Making

Why It Matters

Key Takeaways

Pulse Analysis

Ask Pulse AI:

Risk and decision-making

What is “uncertainty” and why consider it?

Sample questions for a manager

Comments