Uncertainty is the New Certainty: If You Think You Have Risk Under Control, You Don't

In just the opening weeks of 2026, geopolitical tensions escalated, AI disruption radically accelerated, and markets reacted sharply to structural threats to what were previously considered bullet proof assumptions. The 2026 Global Risks Report by the World Economic Forum forced corporate stakeholders to fully recognise uncertainty is the new normal, with only 1% expecting a calm outlook over the medium term. 

This insight has further been corroborated by research from both INSEAD, as well as research from IoD Ireland published at the end of 2025. The latter research found that IoD Ireland members see global economic growth/geopolitical uncertainty as the leading business risk to their organisation in 2026. 

Geopolitical crises are now ranked as the leading threat to business. AI and digital transformation are viewed simultaneously as a major opportunity as well as a significant risk. Unfortunately, as company directors we don't have the luxury of standing on the sidelines and observing from a distance, saying, these are unprecedented times. In a recent meeting I found myself saying: 

"Risk management gives companies a structured way to deal with all the uncertainty we are dealing with right now."

I could sense a reduction in corporate anxiety right away. It's impossible to have all the answers, you cannot control all the variables, but you do have a choice in how you face into the challenge of uncertainty.

From Strategic Oversight to Dynamic Management

Many organisations still operate on static risk management frameworks: annual reviews, compliance driven reporting, outdated assumptions. That model is now defunct. Strategic assumptions that have held for years are expiring. In the financial services industry regulators have been sounding warning signs around this for years. The European Central Bank (ECB) explicitly expects banks’ ICAAP (Internal Capital Adequacy Assessment Process) and ILAAP (Internal Liquidity Adequacy Assessment Process) to be “living documents”, meaning they must be continuously updated to reflect evolving risks, business models, and market conditions, rather than static, once-a-year reports.

Corporates are becoming increasingly aware of the importance of a dynamic approach where volatility appears to be structural. A great example is the Taiwan Semiconductor Manufacturing Company (TSMC). 

In just the past 12 months they have materially expanded U.S investment and advanced semiconductor fabrication facilities more rapidly in Japan, accepting higher costs to diversify geopolitical exposure amid rising AI-driven demand, showcasing rapid, board-approved shifts from static to opportunity-aligned risk appetite. 

Risk management will need to evolve further from static to dynamic. Directors should interrogate material risks at every board meeting, not as a compliance item but through a strategic lens. As directors are we: 

• Asking uncomfortable questions about emerging risks we are under estimating? 
• Considering risk management as a strategic advantage creating entity value? 
• Taking enough risk to remain commercially viable and grow sustainability? 
• Seeking diverse views/surfacing blind spots, listening to what we don't want to hear? 

In a rapidly changing environment, yesterday's tolerance may be today's vulnerability. Dynamic risk appetite management requires regular recalibration, recognising strategic intent, capital capacity, stakeholder expectations and emerging and mutating external threats. Your risk management needs to be alive, adaptive and evolving as fast as the risks it seeks to control. Another key consideration for effective risk management is to ensure there is clear ownership in the organisation. 

Clear Ownership. Real Accountability.  

Effective risk management requires absolute clarity on risk ownership and responsibility. Uncertainty heightens the importance of accountability. There are practical implications for board members and executives, increasingly liability now extends beyond corporate shields, breach of duty, negligence or oversight failures can translate into personal legal and financial exposure. Boards must document informed challenge and engagement on risk. As directors we must be able to evidence vigour in review, oversight and governance of risk management. 

Arguably the current environment demands more clarity of risk ownership than ever before. The CEO is responsible for embedding risk management into daily operations, decision making and culture. The board sets risk appetite, challenges assumptions, probes resilience and ensures alignment with strategy. Where this boundary blurs governance and execution weaken. We, as good and effective directors, need to ensure that the responsibility lines are clear. The CEO owns risk. The board oversees risk.

Risk Management as a Strategic Advantage

Moving towards more dynamic risk management and clearer ownership makes sense as heightened uncertainty and the value of effective risk management become more correlated. Why not go further and fully realise the superpower of risk management through the strategic lens? 

Risk management should not be considered solely defensive; it can be directional. If risk is the effect of uncertainty on objectives (ISO 31000) then it opens an opportunity gap. Used to best effect risk management can be a powerful internal capability informing decisions on capital allocation, innovation, market strategy, digital transformation and reputation. Organisations that treat risk as a compliance obligation will remain reactive or enter stasis. Those that embed it as a strategic capability will progress with greater confidence. As a board director reviewing risk in your organisation ask yourself:

Are you getting the right information at the right altitude to make the right decisions about both the threats and opportunities for your organisation? 

Harness risk and unlock reward for your organisation.

Final Takeaways for Directors 

For decades I have tried to extol the importance of risk management, but it tended to result in boredom, an instinct of ‘box ticking’ or even as a cure for insomnia. In 2025 this reaction and perception began to change, this is accelerating even further in 2026. What is interesting now, is how risk management can help directors apply a structured approach to addressing the unprecedented challenge of the acute uncertain environment we face. 

Work to use risk management as a strategic tool for your business. Consider new material top level risks such as Geopolitical risk and AI risk deeply. Don’t only use it as a framework for uncertainty but unearth its fuller power to consider threats and opportunities. It is also critical to keep your risk appetite and risk management dynamic. To quote Warren Buffet in 2025:

"Adapt to reality, reality won't adapt to your risk tolerance."

Make no mistake the volatility is not going away and yet strikingly, change will never be as slow as it is today, we are only going in one direction. If you think you have it all under control you probably don’t. Make risk management your dynamic value engine. As uncertainty and volatility rise stakeholders will demand more evidence of not only risk management competence but also its intelligent application.

Risk Exchange: A Director Forum

As uncertainty and AI disruption reshape the risk landscape, boards must strengthen how they oversee risk and strategy. 

As part of IoD Ireland's remit to support members and directors to strengthen their approach to risk, I will facilitate The Risk Exchange: A Director Forum, a structured session focused on strengthening board-level risk dialogue and governance. For details, please contact the IoD Learning and Education Team. 

This article is the view of the author(s) and does not necessarily reflect IoD Ireland’s policy or position.

About the Author

David Hanley is a seasoned risk and strategy professional with over 25 years of executive leadership experience across Europe, the UK, Asia, and North America. As founder of Risqon, he advises organisations on enterprise risk management, financial governance, and strategic transformation. 

David previously served as Head of Strategy & Business Enablement at Wells Fargo Bank International, and co-founded Neotutum Risk Management, where he developed advanced risk frameworks for global institutions. Earlier roles include Head of Balance Sheet Management and designated ‘Material Risk Taker’ under the UK’s PRA Senior Manager Regime and later Director of Treasury & Business Development at Virgin Money, where he helped build a greenfield digital bank.  

A graduate of the Diploma in Company Direction, David holds a bachelor's degree in financial services, and multiple postgraduate diplomas in Strategy and Advanced Risk Management (UCD/IoB). He has an MSc in Financial Services, specialising in sustainable finance, strategy and risk. He is also the creator of the 3CR© Strategy Development Model, which supports organisational growth and strategic resilience.