In an environment where decisions are increasingly made under conditions of uncertainty, an organization’s ability to identify, assess, and manage risks is not a luxury — it is a prerequisite for survival.
Yet, human nature tends to avoid risk. The fear of regretting a decision often leads to excessive risk aversion, inertia, and ultimately stagnation. Both public and private organizations frequently operate with a “how to not loose” rather than a “how can we win, how can we improve” mindset. As a result, the avoidance of risk becomes a strategic choice – one that results in an organization that neither learns nor evolves. The ultimate cost of this mindset is obsolescence.
This avoidance mentality is reflected in the widespread, almost culturally ingrained phrase: “Don’t say it!… knock on wood… why this to happen to us?” In many organizations, risk is treated not as a manageable variable but as something not even to be discussed. Such an approach is not merely outdated – it is dangerous and has no place in a modern, responsible, and reliable business context.
International experience confirms the importance of systematic risk management. The World Economic Forum (2023) notes that organizations with mature risk management systems are 2.5 times more likely to respond effectively to crises. Similarly, a Harvard Business Review study (2020) found that organizations integrating risk management into strategic planning achieve higher levels of innovation and organizational learning. Other studies emphasize that risk management is not only about avoiding problems but also about seizing opportunities.
Greece has made steps in this direction through institutional reforms. In the public sector, Article 22 of Law 4795/2021 introduced risk management provisions for public organizations, while Law 5013/2023 clearly incorporates risk management as a fundamental element of the Internal Control System. Under this framework, every public organization is required to design and implement a risk management policy and mechanism aimed at achieving objectives, enhancing efficiency, and ensuring operational transparency.
Establishing a Risk Management Unit reporting directly to executive leadership is a key element in creating a substantive – rather than merely formal – Internal Control System. Today’s major challenge is transitioning from compliance to integration – from obligation to proper implementation and cultural change. Not as an external imposition, but as an internal commitment.
A Board of Directors aiming to fulfill its role cannot simply “respond” to crises. It must anticipate, recognize uncertainties (whether geopolitical, environmental, or technological), and proactively safeguard the organization. It must act as a beacon of trust, able to communicate confidently, to all stakeholders that the organization has robust preventive mechanisms and a strategy.
As a professional with experience in Boards, institutional bodies, and governance frameworks, I have seen firsthand that risk management is a fundamental tool for enhancing resilience. Especially in the public sector, risk management fosters transparency, accountability, learning, and innovation. It is an action of responsibility: toward citizens and public resources. After all, the greatest threat to an organization is not the risk itself, but the organization’s attitude toward it.
