top of page

My Manifesto

August 2025

Why Risk Needs to Grow Up

I’ve spent years trying to unplug executives from the Matrix of checklists and coloured heat maps. After fifty PLCs and a thousand engagements, here’s my message: ERM isn’t a dashboard for triaging endless audit findings. It can’t guide leaders through complex risks with bright colours alone.

 

Corporate life, however, loves shortcuts. We confuse the simplistic with true simplification. Real simplification demands design and discipline—it delivers clarity without cutting away what matters. The simplistic, by contrast, just hacks things down until they look neat. Ross Ashby’s Law of Requisite Variety explains it best: a system that is less complex than the reality it manages cannot work. That’s why mainstream ERM remains theatre—simple, but useless.

 

Boards keep buying what the big consulting firms sell—audit parts repackaged as ERM, designed not to solve risks but to expand their share of corporate governance pie and stretch billable hours. Why bother with real capability when shareholders remain content with cosmetic certainty?

 

The real work of leadership—taking organisations where they need to be—has shrunk into worshipping frameworks and converting them into simplistic heatmaps and scorecards. What’s required is cybernetics: living systems that detect, correct, and anticipate. Systems that can grow without choking innovation.

 

And here’s the point: if leadership keeps cutting corners instead of innovating, AI won’t wait politely at the door.

​​​

The Cult of the Heatmap

Whole industries convinced themselves that colouring heat maps counts as foresight. Workshops debate whether a risk is “red, orange, yellow, or green,” while real risks bypass the chart and hit the bottom line. The science of expected loss seems too hard, so companies settle for colour-coded comfort—finance and internal auditors rebranded as “risk experts,” billing billions for nothing wrapped in graphics.

 

I know this world well. I entered it in 1993, when Arthur Andersen still stood tall. By 25, I had my own firm, serving the full ERM buffet to PLCs: registers, heat maps, the lot. Then I realised ERM was never meant to be clerical theatre. At its best, it’s an adaptive system for management—more like a living organism than a ledger.

 

In 2009, I built one of the country’s first enterprise-scale AI risk platforms: two million lines of code for a state water company, applying Bayesian updates to learn and anticipate risk. It worked, even won awards—but Malaysia wasn’t ready. Boardrooms clung to their heatmap daddy, afraid to lose its endorsement. Government venture caps weren’t any braver: they chased Silicon Valley clones, torching billions of public funds on outdated social platforms nobody used. Because innovation doesn’t matter unless it fits how people actually live. Culture always beats clever.

 

And that’s the realisation: you don’t drag organisations out of inertia—they thrive in it. ERM theatre survives because it flatters that comfort. When the surface cracks, the rot shows—but until then, the same acts keep the spotlight. In boardrooms where trust substitutes for thinking, reputation is the currency. The game isn’t science—it’s trust. Win that, and only then can you replace theatre with substance.

​

Where ERM Meets Life

In 2013, a ramp on a mega-infrastructure project collapsed and killed a motorist. I was parachuted in to replace the ERM consultant who was using an audit-grade product dressed up as risk management —fine for colouring boxes, ineffective for keeping concrete from crushing people.

 

The lesson was clear: ERM only works when it fuses disciplines—engineering, finance, people, marketing. It doesn’t stop at balance sheets or safety manuals; it cuts across everything. At its core, ERM is problem-solving to improve lives. Real practitioners must be multidisciplinary operators, not auditors retrofitted as “risk consultants,” who vanish when problems turn technical and hide behind caveats.

 

Yet these are the very people in demand—for helping directors dodge blame and pass responsibility around like a game of taichi. In this corporate game, no-man’s-land pays the cushiest paycheck.

​

That’s why my next stop wasn’t another risk or innovation committee, but culture: how people live, work, and consume innovation.

 

I spent three years inside the arts ecosystem—especially fine art, where valuation is wildly subjective. If I could hack the hardest corner of the arts, I could decode culture.

 

I mapped how meaning becomes markets—how cultural signals turn into objects of desire, chased at auctions by collectors desperate to broadcast their way of life. The same dynamic can apply for businesses: cultural meaning is what makes innovation relevant.

 

With that revelation, I organised the country’s first National Arts Symposium in 2015. That led to my Art-honer concept and a seat on the Board of the National Art Gallery. I shook hands, posed for selfies, and then vacated the seat—better left to artists who had waited a lifetime for it. Private collectors, meanwhile, had the edge: more funds, sharper foresight, while the Gallery rationed pennies on works chosen for everything but merit.

 

The lesson stuck: culture isn’t garnish; it’s the soil innovation grows in. Ignore it, and you don’t just end up with gadgets nobody buys—you end up breeding rent-seekers, ballooning debt, and shallow societies masquerading as progress.

​​

Now, Reprogramming ERM

In 2017, I founded SCRP to reposition ERM as Total Management—integrating sustainability and bridging risk, climate science, and economics. Collaboration was essential.

 

Risk assessment is not just art; it’s science. For three centuries it has drawn on probability, distributions, and bias correction to model uncertainty—even with sparse data and shifting regimes. Yet most practitioners, led by finance types, sidestep the science because they can’t do it. So they shrink risk into coloured heatmaps—audits in disguise. Audit has its place, but not when it overreaches. And overreach it did: powered by the big firms, this audit-first mindset didn’t just dominate the stage; with global billings larger than half our GDP, it bought the theatre.

 

I didn’t stockpile degrees that take lifetimes yet never answer real questions. I hacked my learning through collaboration with the learned and through field experiments that sold. What better proof of solving complexity than paying customers? Now, with AI, I’m re-documenting everything—faster, clearer, and more practical than any ivory-tower dissertation. Autodidact to polymath—that is the way forward.

 

The voyage into storms to understand steersmanship has run its course. Now it’s about building the ark. My mission rests on four long-term projects:

 

  • ERM Agentic AI — embedding quantitative risk into daily tools, so leadership decisions become smarter and defensible in the AI era.

 

  • Blockchain Future of Work — turning time and skill into capital. DAO governance ensures transparency, fair rewards, and no padded bills.

 

  • Culture-based Innovation — fusing tradition with contemporary design through digital ekphrasis, creating a cultural infrastructure to power creativity at scale.

 

The method is straightforward: start with private standards, prove them in high-impact pilots, scale through leadership roundtables and accelerators, build the tools, then lock them into policy.

And finally, the convergence of all manifestos into a showcase model: the Sustainable Chemical Park — a Net Zero-from-inception ecosystem where energy, culture, and technology unite in practice. Powered by an off-grid SELCO backbone with a private grid to rail and ports, the park integrates agrovoltaics, chemical production, logistics, AI + IIoT, workforce design, and culture-based innovation. All tied to full-spectrum environmental attributes—carbon, water, biodiversity, and ecosystem services. From day one: competitive, resilient, sustainable.

​​

Why Bother?

Because risk was meant to be science in service of life—systems that help people survive uncertainty and thrive through change. Reduce it to heat maps, and you don’t just trivialise science—you misdirect wealth and distort lives.

 

That’s when leadership collapses into simplistic profit-painting. Money itself is only paper—tokens in a virtual game scripted by the system. When leaders chase savings instead of growth, they stop steering reality and become custodians of a simulation, keeping people trapped in blissful ignorance.

 

The alternative is clear: build systems that detect, correct, and anticipate. The future lies in cybernetics and sustainability, in decentralised transactions and community grids, in distributed governance, deep knowledge networks, and cultural digital twins. The true task is to awaken—transcend the simulation, and recover life’s meaning before it’s priced out of existence.

 

And that’s why I bother. Because being truly human means seeking truth, applying it, and scaling it for society’s advance. That’s how civilisation inches forward. Anything less, and we’re just raw material for someone else’s story.

​​

​​​

​

20140730_113407000_iOS (3).jpg
_edited.png
  • White LinkedIn Icon
  • Facebook
  • Twitter Clean

© 2025 by Winston Peng.                                                                                                                                                                  

bottom of page