What does it take to be a risk manager?
I am often asked “what are the key requirements that make a good risk manager?” My first response is “to be able to walk on water”. Such is the required varied skill set of a good risk manager.
The roles and responsibilities of the risk manager are many and varied depending on the organization they belong to. I will use the example of an organisation that has an independent risk management function where risk, and the day to day management thereof, is owned by the business. Let’s look at the key characteristics of the Chief Risk Officer (CRO) and the staff of the independent function.
The main function of the independent risk manager is to review and challenge what the front line business is doing to manage risk. In addition, they should be seen as subject matter experts and assisters in developing and maintaining the risk management frameworks. They should be seen as value-adding and adopted by, and engaged with, front line staff.
What are the key skills and characteristics needed to be a success in this role?
Here is my list:
- Risk management is to a large degree an art form. This requires a strong right hand (artistic) brain, able to cope with qualitative and inexact concepts and able to “see” into the future.
- At the same time, the risk manager needs to be logical, analytical, problem-solving and exhibit a high degree of common sense. These attributes are found mainly in the left brain. Finding both left and right brain people is rare. I am traditionally more left than right brain but luckily married an artist who dragged me (sometimes kicking and screaming) into my right lobe!
- The risk manager must be commercially astute and demonstrate a high degree of business acumen. They must demonstrate a strong understanding of risk and reward and see themselves as a manager of risk rather than a risk minimiser.
- Having credibility helps. Experience in being in business’s shoes and having scars of previous incidents, failure and success helps build that strength. Hands on business experience is invaluable.
- They must have a reasonably strong knowledge of the business so that they can relate to the front line business staff and talk their language. Engaging the front line is key for success.
- They must have excellent interpersonal skills. They have to be able to challenge assertively, yet professionally and with empathy. I often say a risk manager needs to be able to challenge while providing a “hug” at the same time!
- They must be great negotiators.
- They must be confident to relate to and challenge every level of the organization from the Board, through the C-Suite and across the wider business.
- They must be excellent communicators. Listening is more key than talking and talking needs to be articulate and clear using simple, “real” language.
- They must have empathy for the business and be able to put themselves in the shoes of the front line. They need to be able to sit in the mirror and ask "Does “my” challenge and risk management speak make sense?"
- They must be technically strong in risk management and have clarity of thought over all things risk and risk management. They will be asked for advice and need to show strength and guidance.
- Lastly, the risk manager should be the upholder of integrity and the champion of risk and control culture. Walking the talk is way more powerful than talking the talk. (Read How to Achieve your Risk Management Goals.)
This list is daunting but highlights the incredible challenge the risk manager faces. That said, I could not imagine a more varied and mentally stimulating role in business, one that touches every part of an organisation, every person, and every stakeholder and one that stretches your capabilities on a daily basis.
Such is the role of the CRO!
Protecht prides itself in its vast experience in delivering risk management training to help the risk managers of a business, in the wider sense, learn the many technical skills required of the role.
This is an updated version of the original blog published in June 2016.