Risk management in Nordic organisations is entering a new phase in which traditional processes and structures are no longer sufficient to address the growing complexity of the operating environment. Granite’s January webinar explored this transition through the Nordic findings of Deloitte’s The Risk Transformation Challenge Report 2025.
The discussion featured Tomi Seppä, Enterprise Risk Management Services Lead at Deloitte, together with Granite’s Chief Commercial Officer Janne Viljamaa and GRC Consultant Jukka Mäkitalo. The conversation focused on the strategic role of risk management, the influence of leadership and culture, evolving competence requirements, and the impact of technology and artificial intelligence on anticipating risk.
Risk Management as a Strategic Partner
One of the study’s clearest signals is the repositioning of risk management within organisations. A significant proportion of respondents see the future of the risk function as a strategic partner that contributes to decision preparation and monitors the execution of strategy. Tomi Seppä described the direction of travel as follows:
“Risk professionals want to work more closely with executive management and be nearer to the way decisions are made and how the implementation of strategy is monitored.”
From an analytical perspective, this reflects a shift from a control driven model of risk management towards a function that actively supports decision making. The value of risk management increasingly lies in its ability to help leadership understand uncertainty at an early stage and relate it to business objectives. This requires the capability to assess risks as interconnected themes rather than isolated incidents.
Risk Professionals Call for Stronger Leadership Engagement
The research also highlights challenges relating to ownership and visible leadership commitment. From the perspective of risk professionals, engagement from senior management and boards does not always translate clearly into day to day practice. Seppä emphasised the importance of defined responsibilities:
“Everyone needs to understand their own responsibility in risk management, whether that concerns risk ownership or the implementation of control measures.”
From a governance standpoint, risk management functions most effectively when leadership does more than formally approve reports. It requires active participation in discussions about risk, prioritisation of key exposures, and alignment with strategic choices. This creates the foundation for a risk culture in which identifying and managing uncertainty forms a natural part of leadership and decision making processes.
The study also draws attention to a gap in the systematic assessment of risk culture. Although its importance is widely recognised, few organisations measure the maturity of their risk culture in a structured way.
Communication Skills Are Increasingly Essential
The evolving role of risk management is directly reflected in competence requirements. The study indicates growing demand for technical and analytical capabilities, but alongside these, communication skills, stakeholder engagement and the ability to conduct business focused dialogue are becoming equally important.
The role of the risk professional is therefore expanding. Identifying risks is no longer sufficient. Professionals must structure uncertainty into a coherent narrative and bring it meaningfully into executive discussions. This involves articulating why certain uncertainties matter and how they may influence strategic objectives.
Effective risk management increasingly depends on the ability to translate complex risk information into insight that supports strategic judgement.
Artificial Intelligence and Technology Strengthen Risk Identification
The use of technology in risk management remains uneven. Approximately half of the organisations participating in the study use some form of risk management or GRC system, yet interest in expanding technological support is clearly increasing.
Generative artificial intelligence is viewed particularly as a tool to support risk identification, documentation and analysis. Seppä described its practical value in the following way:
“Generative artificial intelligence brings greater breadth and depth to risk identification and helps improve the quality of risk descriptions.”
Analytically, the value of artificial intelligence lies in its ability to enhance expert judgement. It can help identify alternative perspectives, structure large volumes of risk data and improve comparability across risks. At the same time, expert interpretation remains critical. Technology does not replace ownership of risk management. It reinforces it when governance structures and operating models are sound.
A Nordic Perspective
The findings indicate that Nordic organisations face remarkably similar challenges regardless of sector or size. No substantial differences were identified between countries in terms of risk management priorities.
In relation to business continuity and resilience, the need to broaden the perspective from isolated disruptions to overall operational capability was clearly emphasised. Nordic leadership culture, characterised by openness, collaboration and relatively flat hierarchies, supports this development. Seppä described this as a shared regional strength:
“We have a culture where cooperation and open communication make it possible to act together in disruptive situations.”
This cultural foundation can provide a strong platform for strengthening resilience and embedding risk management more deeply within organisational practice.
Implications for Risk Management Professionals
Risk management in Nordic organisations is clearly undergoing transformation. Strategic alignment, leadership engagement and the effective use of technology are emerging as key indicators of maturity. For risk professionals, this implies broader responsibility and a more visible role in supporting decision making.
Future impact will depend on the ability to integrate analytical capability, business understanding and effective communication. Organisations that succeed in combining these elements will be better positioned to embed risk management systematically within strategic leadership and to navigate uncertainty with greater confidence.