The first months of 2025 have yielded far-reaching geopolitical and macroeconomic upheaval and uncertainty. The only thing that’s clear is that nothing is clear.
Organizations, investors, governments, regulators, and consumers worldwide are struggling to navigate a fast-escalating global trade war, constant market variability, ongoing conflicts in Europe and the Middle East, and an emerging trend toward deglobalization that threatens to upend supply chains and operations, curtail growth, and challenge investment.
These chaotic months, however, are merely a continuation of the unrelenting risk-induced disruption we experienced during the first half of the 2020s. The decade thus far has been a hard lesson in the speed of risk and value destruction, and conditions will not return to “normal.” This is our new normal, and much of the conventional thinking about risk is becoming obsolete.
These risk conditions imperil the health, resilience, relevance, and value-creation potential of our organizations. Even the most robust risk management programs are being sorely tested. We must find a better path forward.
That’s why my latest book, Connected Risk: Conquering the Perilous Risk Exposure Gap, is a cross-functional call to action to transform risk management for the modern age. This requires getting better at understanding risk in all its dimensions, revitalizing our focus on strategy, and becoming more agile and flexible in how we monitor and respond to the evolving risk landscape. It also requires new ways of thinking.
Below, I share an excerpt from Chapter 10, “Attributes of Connected Risk Thinkers,” which examines why and how we should change our mindsets to enable the “connected risk thinking” vital for improving how teams work together to protect and create value for their organizations.
Order your copy of Connected Risk: Conquering the Perilous Risk Exposure Gap by Richard Chambers (available in paperback and Kindle).
Attributes of Connected Risk Thinkers
(Excerpted from Connected Risk: Conquering the Perilous Risk Exposure Gap, by Richard Chambers)
Reimagining risk management requires us to embrace new ways of thinking — not only about risk itself, but also about how we think about the work we do and the outcomes we achieve. The effectiveness of any connected risk approach relies on fostering connected risk thinking throughout the organization. It is, therefore, paramount for the architects of this approach to have an in-depth understanding of what this thinking is (and is not).
How are connected risk thinkers wired, and in what ways do they think differently? What sets them apart from traditional thinkers? Most important, how can someone new to these ideas aspire to connected risk thinking?
Connected risk thinkers possess many of the traits of “trusted advisors” and “agents of change” that I have explored in my other books. They also tend to possess a “genetically risk-centric” mindset that fuels their passion for connected risk management. I have compiled seven attributes I believe they share.
1. Connected Risk Thinkers Focus on Strategic Outcomes over Tactical Outputs
Traditional risk management players often focus on outputs as a measure of quality and performance. A risk manager points to how many risks they listed in their risk register and how often they updated it. An internal auditor proudly boasts about how many audit reports or findings they issued. Compliance professionals track the number of regulatory requirements they are monitoring and their current status. This comes about partly because professionals have been historically incentivized and rewarded based on these types of metrics, leading to a preponderance of quantitative outputs that can be easily measured and tracked. After all, as the old saying goes, what gets measured gets done!
This output-focused mentality also reflects thinking about risk management as an end rather than a means. After all, none of these outputs on their own indicates that the organization makes a profit, delivers value to stakeholders, or otherwise achieves its strategic objectives. Risk management adds little value without achieving outcomes — the end for which risk management is ultimately needed. Countless companies with exceptional internal audit, risk management, and compliance functions have failed because their work was tactically good but strategically disconnected.
Unsurprisingly, a mindset that emphasizes “what I do” rather than “what I achieve” sometimes results in risk and assurance teams failing to gain substantial stakeholder alignment or engagement. This may be because these teams are seen as “reporting” rather than “achieving.” Reporting is only valuable insofar as it enables the organization to make decisions, take action, and achieve results.
Operating with a connected risk mindset means focusing on outcomes that drive value, decision-making, performance, and competitive advantage. When an outcomes-oriented approach is aligned with the organization’s strategic objectives, there’s no question of your value to the business. You are not “reporting,” but rather “achieving.”
In sum, connected risk thinkers recognize that all organizations exist to achieve objectives — and appreciate that the strategies organizations use to achieve their objectives are inevitably fraught with risks. Consequently, connected risk thinkers focus on strategic outcomes, striving to help their organizations navigate not only operational, compliance, financial, and technology risks, but strategic risks as well. They leverage their extraordinary risk acumen to recognize and understand the systems that define and influence the organization’s goals and direction, and to pursue a strategic role on behalf of their organization. They know that progress necessitates an often disruptive and visionary mindset. As John F. Kennedy wrote, “There are risks and costs to action. But they are far less than the long-range risks of comfortable inaction.”
2. Connected Risk Thinkers Champion the Relationship between Risk and Opportunity
Traditional thinking about risk management too often views risk as inherently negative — something to be avoided or mitigated at all costs. Conversely, connected risk thinkers embrace risk in all its dimensions. Yes, some risks must be avoided. But some risks are worth leaning into as paths to opportunities and innovation.
Connected risk thinkers possess a keen understanding of the relationship between risk and opportunity. They appreciate that organizations must take risks, and know that risks involve the possibility that actions or events will negatively impact the achievement of objectives or create the potential for loss, harm, or other adverse outcomes. They also readily see the possibility that an action or event will positively impact the achievement of objectives, offering the potential for gain, improvement, or other favorable outcomes.
When risk and assurance teams are guided by connected risk thinking, they are able to play a pivotal role in helping their organizations determine their risk appetites to achieve their strategic objectives. They become trusted advisors who help first-line teams make risk-informed strategic decisions about where to go, where to turn, when to turn around, and when to take a detour rather than the straighter path.
3. Connected Risk Thinkers Thrive on Collaboration
Traditional risk management thinking often results in disconnected teams operating in silos and keeping other teams at arm’s length. These teams may genuinely believe that the separation allows them to do their best work, or that staying in one’s lane or cave helps establish and protect credibility, objectivity, and independence while magnifying the specific value one provides. After all, if you came out of your cave with an idea, it’s obviously yours alone.
This mindset tends to see siloed identities and structures as helping to create and define individual success. The focus on what “I” can do often manifests as a binary perspective that there’s a finite “us” and an opposing “them.”
Connected risk thinking focuses on connecting and aligning with a cross-organizational “we,” widening the definition of “team” to include the entire organization. This way of thinking emphasizes the common goal shared by everyone in the organization, regardless of where they sit. While each key player has a distinct purpose, everyone shares a common objective: helping the organization achieve its goals. As Michael Jordan — inarguably one of the greatest basketball players of all time — is often quoted as saying, “Talent wins games, but teamwork and intelligence win championships.”
Indeed, connected risk thinkers understand that they can achieve more by collaborating across traditional lines. For example, they quickly see how agreeing on a shared language and taxonomy — one of the foundational projects outlined in the previous chapter — will enable them to get more done and provide more value. They appreciate that unifying data and sharing insights will improve their understanding of the organization’s overall risk management, positioning them to be more effective in their roles.
To put it bluntly, connected risk thinkers are willing to get comfortable using the word “collaboration.” 
What are the four remaining characteristics of connected risk thinkers? To find out, order your copy of Connected Risk: Conquering the Perilous Risk Exposure Gap by Richard Chambers (available in paperback and Kindle). The book, which The Financial Times described as “a galvanising call to action for auditors and risk professionals to come together,” takes readers on a journey that will help them better understand the root causes underlying current risk conditions, how these conditions are creating a “risk exposure gap” that poses an existential risk to many organizations, and what they can do to change the game in their favor.
Richard Chambers is the CEO of Richard F. Chambers & Associates, a global advisory firm for internal audit professionals, and also serves as Senior Advisor, Risk and Audit at AuditBoard. Previously, he served for over a decade as the President and CEO of The Institute of Internal Auditors.