The Key to Effective Risk Management in Business with Chris Weeks, CFO Center UK

In the latest CFO Club podcast, we had the pleasure of hosting Chris Weeks from CFO Center UK. Chris shared invaluable insights into effective risk management strategies and how businesses can better prepare for uncertainty. Here are some key takeaways from our discussion: 

1. Don’t Predict Risks—Prepare for Their Consequences

Chris emphasized that businesses often focus too much on what might cause a crisis rather than how to manage the consequences. He shared an example from his time at Shell when an earthquake in Turkey disrupted communication, making it impossible to check on employees. The key takeaway? Instead of predicting every potential risk, plan for the impact of disruption. 

A real-world example of this principle in action is Toyota’s response to the 2011 earthquake and tsunami in Japan. While many companies struggled with supply chain breakdowns, Toyota had implemented a business continuity plan that focused on consequences rather than causes. By diversifying suppliers and maintaining critical stock reserves, they were able to recover faster than competitors. 

2. Prioritize Risks Effectively

Using a simple four-box model that categorizes risks based on likelihood and impact, businesses can focus on high-priority risks that need immediate attention. Moreover, risk isn’t just about avoiding threats—it’s also about recognizing missed opportunities. 

Blockbuster’s failure to adapt to digital streaming is a prime example of mismanaging risk. While they may have focused on financial risks like store leases and operational costs, they ignored the risk of missing a market shift. Meanwhile, Netflix identified the opportunity and successfully transitioned to a subscription-based model, securing long-term success. 

3. Embed Risk Culture Across the Organisation

Risk management should be more than a boardroom discussion. Chris highlighted how Shell reduced workplace fatalities by 90% by implementing 12 Life-Saving Rules. By assigning clear accountability and ensuring employees understand the significance of risk policies, companies can foster a culture of risk awareness. 

The 2010 Deepwater Horizon oil spill demonstrates what happens when risk culture isn’t embedded. BP’s failure to enforce safety protocols and prioritize risk management led to one of the most devastating environmental disasters in history. A strong risk culture could have prevented or mitigated this catastrophe. 

4. Test Risk Management Strategies Before a Crisis Hits

Having a risk management plan isn’t enough. Businesses must test their response plans regularly to ensure effectiveness. Chris pointed out that many organizations assume their backup systems work but never test them—leading to chaos when something goes wrong. 

In 2021, Facebook experienced a major global outage, disrupting billions of users and businesses. A lack of proper contingency testing prolonged the downtime. Had they conducted more frequent and realistic disaster recovery drills, they could have reduced the impact significantly. 

5. Leverage Technology—but Don’t Overcomplicate It

While risk management tools exist, Chris stressed that effective risk management relies on people, not just software. Whether you document your risks in a simple spreadsheet or a dedicated risk management platform, what matters most is that key stakeholders actively engage with the process. 

Many financial institutions are turning to AI-driven risk management tools. JP Morgan, for instance, uses AI to detect fraudulent transactions in real time, preventing financial losses and protecting customer data. However, without a strong human oversight framework, technology alone cannot mitigate all risks.  

Final Thoughts 

Effective risk management is not about predicting the future but about preparing for potential consequences. By embedding a strong risk culture, prioritizing threats, regularly testing responses, and leveraging technology wisely, businesses can build resilience and maintain continuity in the face of uncertainty. 

For a more in-depth discussion on risk management, listen to the full episode of the CFO Club podcast:

Transcript: 

Guest: Chris Weeks

Host: Leana van der Merwe

Leana van der Merwe: Good day, listeners, and thank you so much for joining us on today’s CFO Club podcast. We’ve had some really interesting and engaging conversations over the last few weeks and today is going to top them all. I’m thrilled to welcome Chris Weeks to the studio. He’s an experienced CFO and finance leader with a strong track record in driving business performance, optimizing cash flows, and leading strategic growth. Chris also operates in the fractional CFO space, a topic our listeners are quite familiar with from past discussions. 

Chris has extensive experience across multiple industries, specializing in simplifying financial complexities and helping businesses maximize their value. As a portfolio CFO, he partners with companies to navigate transformation and achieve sustainable financial success. But beyond finance, he’s also a long-distance runner, active in the nonprofit sector, and a dedicated beekeeper. Chris, welcome to the CFO Club! 

Chris Weeks: Thank you, Leana. That’s a great introduction. I usually stay humble about these things, but I do appreciate it. I love that you mentioned the beekeeping—it just shows there’s more to life than finance! 

Leana van der Merwe: Absolutely! And interestingly, there seems to be a strong analogy between beekeeping and advising businesses. Bees don’t follow orders; you must guide them, much like businesses and their leadership teams. 

Chris Weeks: Exactly! You need to understand their nature and persuade them toward the right direction rather than simply imposing control. The same applies to business leadership. 

Risk Management & Business Preparedness 

Leana van der Merwe: Today, we’re talking about effective risk management strategies. In your experience, what is the biggest risk businesses will face in the next five years, and how can they prepare for it? 

Chris Weeks: That’s a great question, and there’s no single right answer. The one constant we can predict is change. Whether it’s a pandemic, a change in government, or geopolitical instability, businesses must be prepared for disruption. The ones that survive and thrive are those that remain nimble and adaptable. 

Leana van der Merwe: So, it’s less about the specific risks and more about how prepared organizations are to face uncertainty? 

Chris Weeks: Exactly. One key principle I follow when assessing risk is not to focus on the causes but on the consequences. You can’t always predict what will trigger an event, but you can plan for its impact. 

For example, when I worked at Shell, we had a business continuity plan for each country. However, during a severe earthquake in Turkey, we realized our plan was based on causes rather than consequences. The plan assumed mobile networks would function, but the earthquake took down all communications. Without a way to contact our staff, we were blindsided. 

After that, we restructured our approach, focusing on the consequences: What if communication fails? What if people can’t reach their workplace? By planning for consequences rather than causes, businesses can develop more effective risk strategies. 

Leana van der Merwe: That’s a fascinating perspective! Thinking about consequences rather than causes ensures businesses are prepared for multiple risk scenarios rather than just one. 

Chris Weeks: Absolutely! None of us have a crystal ball, but we can prepare for a variety of possible outcomes. 

Prioritizing Risks 

Leana van der Merwe: Many companies create long risk registers. How do you decide which risks to prioritize? 

Chris Weeks: Great question. Businesses often get caught up listing risks but struggle with prioritization. One useful tool is a simple four-box model with “consequence” on one axis and “likelihood” on the other. The top-right quadrant—high consequence, high likelihood—should get the most focus. 

Businesses should integrate risk assessments into their quarterly board meetings and strategy discussions. And let’s not forget that risk isn’t just about avoiding threats—it’s also about seizing opportunities. Missing a major market shift, like Blockbuster did with Netflix, is as much a risk as an IT system failure. 

Embedding Risk Culture in an Organisation 

Leana van der Merwe: How can organizations ensure risk management is taken seriously from leadership to frontline staff? 

Chris Weeks: It starts at the top. Risk management cannot be a tick-box exercise that sits in a drawer until the next board meeting. Assign clear accountability—not just responsibility—so that risks are actively managed. 

A great example is Shell’s 12 Life-Saving Rules, which were implemented across the company to reduce workplace fatalities. The rules became part of the company’s culture, and non-compliance had real consequences. Over time, this approach reduced workplace fatalities by nearly 90%. Embedding risk awareness into the culture makes all the difference. 

Leana van der Merwe: That’s a powerful example. I also recall a company that banned senior executives from riding motorcycles due to safety concerns. Harsh, but effective in reducing accidents. 

Chris Weeks: Exactly. It’s about embedding risk-conscious behaviour rather than just writing policies. 

Crisis Management 

Leana van der Merwe: When a crisis happens, how should companies respond effectively? 

Chris Weeks: The best way to manage a crisis is to have already practiced the response. Many companies have business continuity plans, but few test them. A company might assume their backups work, but have they tested restoring them? The time to discover a plan’s flaws is before an actual crisis, not during one. 

Regular drills—just like fire alarm tests—are essential. If employees know what to do in an emergency, panic is reduced, and the response is smoother. 

The Role of Technology in Risk Management 

Leana van der Merwe: Has technology changed how businesses manage risk, or are we still relying on traditional boardroom discussions? 

Chris Weeks: While technology provides tools for tracking and managing risks, the fundamental process still depends on people. The key is not the software but the quality of discussion and planning that goes into risk management. That said, businesses should ensure their risk data is accessible and regularly updated, whether that’s in Excel or a dedicated platform. 

Common Mistakes in Risk Management 

Leana van der Merwe: What common mistakes do businesses make in risk management, and how can they avoid them? 

Chris Weeks: Three main mistakes stand out: 

  1. Focusing only on negative risks – Companies overlook opportunities by being too risk-averse. 
  1. Failing to reassess risk regularly – What worked at $5M turnover may not be enough at $25M. 
  1. Not testing risk responses – A plan is only useful if it has been tested in real conditions. 
Final Thoughts & Book Recommendation 

Leana van der Merwe: Before we wrap up, is there a book that has significantly shaped your perspective on business? 

Chris Weeks: One book I really enjoyed is At Home by Bill Bryson. It explores how culture and traditions develop over time. Understanding how history shapes our thinking is crucial in business, especially when working across different regions and markets. 

Leana van der Merwe: That’s a unique recommendation! Chris, thank you for your time and insights. You’ve made risk management incredibly relatable. We look forward to having you back on the CFO Podcast! 

Chris Weeks: It’s been a pleasure. Thank you! 

ELEVATE YOUR BUSINESS WITH

CFO Club

Become part of a international community of finance executives.

CONTACT US