We exchanged both good (and challenging) practices in risk management at the public sector seminar. The discussions reinforced several key points: risk management is a shared responsibility across the organization, aligned with roles, authority, and resources; the four-eyes principle is not a formality but a critical control at all levels; and risk appetite and limits are not theoretical concepts, but essential elements of effective risk management in practice. Organizations are encouraged to regularly assess their current and target risk maturity, adopt a balanced approach to risk management, and where possible, measure its impact, cost, and value creation. Equally important are a clear understanding of risk sources, context, and meaningful engagement of key stakeholders. Ultimately, risk management is not just a process – it impacts the quality of decisions. And if everything appears “green,” that in itself may be a significant red flag.
