ISJ Exclusive: How can we control risk?


Share this content


Sorana Parvulescu, Partner, EMEA at specialist risk consultancy, Control Risks, speaks exclusively with International Security Journal.

Whether it’s energy crisis in Europe, extreme weather events – or something trivial like not insuring a holiday against cancellation – risks and risk-based decisions influence us on a daily basis.

In the world of corporate and government risk however, preparation does not manifest itself in the form of simply paying an additional fee or looking both ways whilst crossing the road; it is about implementing effective policies, building resilience strategies and preparing for what will come next – not what might.

In this month’s Head to Head Exclusive therefore, ISJ caught up with Sorana Parvulescu, Partner, EMEA at Control Risks, a global risk consultancy that operates with a commitment to helping clients build secure, compliant and resilient organisations and navigate an ever-evolving risk landscape.

In her role at Control Risks – a company which she has been with for over a decade – Parvulescu works closely with both government and private organisations to understand how their strategy might be exposed to the action of internal or external political actors. In doing so, she helps her clients devise strategies which allow them to operate effectively amidst geopolitical uncertainty.

Can you tell us more about the services and products Control Risks provides?

Control Risks is a specialist risk management consultancy and we are quite bespoke in this field in terms of our size. We have been around since 1975 and our key mission is, and always has been, to help the clients we work with operate responsibly in complex jurisdictions.

We mostly focus on political risk, but we also work in the field of geopolitics by helping clients on a country-specific risk basis. Control Risks also advises on security risk both in terms of digital and physical security risks, as well as what you could put under the umbrella of integrity risk; for example, anything to do with compliance, sanctions, corruption, fraud and even environmental, social and governance (ESG), in a broader sense.

Control Risks is an employee-owned organisation, which has helped us retain our independence both in terms of the advice we give and, primarily of course, it has further enabled us to become a truly international organisation. We currently have 37 offices and a strong footprint in Africa, Asia and Latin America, regions where many of these risks materialise.

Our network of global offices is built on a diverse employee pool, not just in terms of professional specialisation and a host of different backgrounds, but also in terms of their location; many of our experts work in these countries – they know the language and can provide the local insights that clients need to better understand their own operating environment.

What are some of the day-to-day risks facing organisations and businesses currently?

The ‘traditional’ (for lack of a better word) risks we have come to know around physical security and digital security are still here, but in recent times, we have seen businesses and organisations asking more about geopolitical issues and political issues. I think this is because we have moved away from a time where most companies were able to operate below the radar when it came to politics.

Now, however, with the polarisation we are seeing around the world, it is becoming important to recognise that many political decisions or international relations affect your supply chains and beyond. With polarisation in policymaking in the US and Europe, there is a higher political risk premium, particularly given what has happened over the last few years.

Companies and boards are facing the same challenges and are now actively questioning how they can manage these factors and what they should be looking out for.

With this in mind, it is important to mention the supply chain as a major risk facing organisations, specifically in terms of disruption to it, ESG issues and how far the responsibility of an organisation stretches through their supply chain. It’s also a question of: ‘How do companies move into the world of fighting the climate change we see, both in terms of their operating model and also in terms of responding to the extreme weather events that we see around the world?’

How can global, ambitious organisations convert risk into opportunity?

We see quite a wide range of sophistication in terms of how far organisations have gone. And, I’d say there’s some which go beyond regulatory obligations and they actually want to set the standards in terms of how they do this; they often end up being the more agile type of business, especially now that companies and governments deal with multiple crises.

If you look at the European governments, they have extreme weather events, they have protests and strikes that disrupt supply chains, not to mention political issues and strains on the supply of natural resources. Many companies are experiencing these same issues.

Those who have a better system of looking ahead and thinking through scenarios can navigate these risks. For a long time, it was difficult to convince clients to think through that, so now it feels like we’ve moved on from, ‘what are the main risks to my organisation now?’ to ‘what are the main risks to my organisation now and how could this change? What are the alternative outcomes that could actually lead to a very different result?’

Can you tell us more about Control Risks’ Core+ Hyperion risk monitoring platform?

The Core+ Hyperion risk monitoring platform is a direct result of the big investment we’ve made in our partnership with Geospark which focuses on combining artificial intelligence with human intelligence. A lot of our advice until now has very much been qualitative; for example, we’ve resisted putting numbers on risk ratings because we feel we know the local environment as a result of having boots on the ground and understanding what the local specifics are.

But, of course, because there is a need for more data in the modern day, particularly in real time; it’s a lot harder to do that on a human basis alone. So, we partnered with Geospark because they have the artificial intelligence and data collection capabilities to actually deliver on the real time alerting whilst we offer the human analysis and knowledge that blends in with it.

There are a lot of GSOC teams in the organisations of our clients that are using the platform on a day-to-day basis; their teams can use the data to set up alerts, newsletters or to geofence. One other area in which we’ve helped a lot of clients already is related to preparation for upcoming events. In this instance, you get a feed of data that comes from Hyperion in terms of the key incidents – such as a protest or travel restrictions – but then you also get the insights from our analysts that the AI wouldn’t be able to capture on its own.

Can you tell us more about your team of Experts and the key regions in which they are located?

We offer this as a service and we call it ‘Access to Experts’. We have our country experts and there’s about 90 of us spread around the world, in various locations. For me in the EMEA region for instance, the team I lead is made up of 45 people spread around 11 locations across Europe, the Middle East and Africa; we also have Cyber Experts, Cyber Threat Experts and ESG Specialists, Compliance Specialists and so on.

Our expertise is applied in very different ways, from the more in-depth consulting to getting a sense of what ‘good’ looks like in terms of risk management. As a result, clients are using this service for very specific reasons – ultimately, they get bespoke elements through their interaction with experts.

As I have mentioned, it’s a very diverse team and the individuals who are a part of it have specialties in human rights, voluntary principles, anti-corruption and country-specific issues. A key differentiator is that we put the best of these Experts in the right place to deal with issues appropriate to their skillset. If you want to discuss issues facing Colombia, you’re going to be talking to a person who is likely based in Colombia or at least has extensive knowledge of the country and its nuances. We’re not going to get someone in the UK to take a guess just because it’s convenient.

What are the major risks that are set to disrupt global supply chains in 2022 and beyond?

I think there’s a couple of things that I would genuinely advise any business to keep an eye on. People say that the COVID-19 pandemic was surprising, but actually it wasn’t. There’s a group of what are called systemic risks, which are statistically likely events; we just don’t know when they will happen and how major they will be. Extreme weather events are grouped in this as well.

With this in mind, I think there are things we fail to keep reminding ourselves are present, which is exactly why pandemics disappeared from risk registers post-SARS. Power cuts is another example that I keep raising when I speak with clients as it is something they have to be prepared for.

Finally, one which is not a question of where and when, is mass strikes and social unrest. This is beginning in Europe already and it may occur in the US soon as well. The food supply crunch is probably going to hit somewhere in September/October when local or national reserves have been depleted and the global supply is below what we’ve been used to – that’s going to be a serious moment we need to be ready for.

1-ISJ- ISJ Exclusive: How can we control risk?
Sorana Parvulescu, Partner, EMEA

To find out more information, visit:

This article was originally published in the August edition of International Security Journal. To read your FREE digital copy, click here.

Receive the latest breaking news straight to your inbox