Protecht.ERM Showcase: Manage the full lifecycle of risk management in one system
Register Now

A personal story

Behind every hard-working professional there is always a personal story to tell and one of the best ways of learning is listening, talking and sharing those stories and those personal points of view. A key philosophy at Protecht is to listen and learn from professionals across all lines of business.

I was recently invited to present the Governance Institute Dux Awards for Risk and Compliance, a recognition that Protecht has been sponsoring for a number of years. The award recipients generally don't have a background in risk and compliance management, with many coming from legal or accounting professions.

The awards event is always well organised by the Governance Institute and it is a pleasure to be invited to attend, not just to congratulate the winners, but to talk to a wide range of governance professionals eager to exchange ideas and grow their knowledge.

The NSW Risk and Compliance Dux award sponsored by Protecht recognises the top student in the risk and compliance stream within the Governance Institute’s education program. On this occasion it was a pleasure for me to give the award to Amy Jackson. Apart from the award certificate, Amy received a copy of David Tattam’s book, A Short Guide to Operational Risk.

I had a conversation with Amy about the Governance Institute course and the present and future for Risk and Compliance as part of good governance in Australia. The following is an excerpt of our conversation:

1. Who is Amy Jackson? 

I’m first and foremost a corporate lawyer. I originally began my career in private practice with a large Sydney law firm, before moving to an in-house role with an ASX listed company. I enjoy the challenge of in-house work, where my legal skills need to be brought to bear with a keen consideration of broader commercial objectives and risk management considerations.   

2. How long ago and why, did you start working in the governance field?

WorkinAmy - Dux Awards - Nov 2016.jpgg for an ASX listed company, I inevitably deal with governance matters on a regular basis both in terms of our internal governance and risk frameworks and external regulatory requirements (ASX listing rules etc).

So, it was really my core legal role that led me to have governance field exposure across the last 7 years, rather than a conscious choice to move into the area. However, I really value this part of my role.

3. Why did you decide to further your studies with the Governance Institute? 

Given that my professional training had been predominately in legal areas, I felt the need to expand my technical skills in governance matters to better equip me to perform my current role, as well as positioning me for future career opportunities. The Graduate Diploma of Applied Corporate Governance through the Governance Institute, was a natural choice.

4. As a Senior Legal Counsel within your organisation, how do you see the future for Risk and Compliance Management and how does it support you in this role?

I see Risk and Compliance Management as being a core pillar underpinning how a company can (and should) operate.

The effective identification and management of risk, supported by a strong compliance framework, is clearly critical to the ongoing success of any business.

My primary role is to identify and manage legal risks for the company, and accordingly it is imperative that my role sits within a strong risk and compliance management culture.

5. What do you think are the main challenges Australian companies are facing regarding governance, risk and compliance?

This is a difficult question to answer, as different companies in different industries will face their own particular challenges. Broadly speaking, the pace of regulatory change will remain an ongoing challenge for all businesses, as will the pace of technological change, which brings its own particular risks around data management and cyber security. The need to manage these issues effectively, within an environment of ever present cost and budgetary pressures, is a constant tension.

6. What would be your recommendation for a company that does not have a risk management framework implemented?

Drawing on an often misquoted management adage – “If you can’t measure it, you can’t manage it”:

If a company operates without a risk management framework, they arguably run the very great risk that they remain largely or wholly unaware of significant threats to their business.

This leaves them liable to be blindsided by external developments (e.g., changes to regulation, markets, competitor activities etc.) or unaware of internal decay (e.g., breakdown in process, departure from core strategy etc).

A risk management framework is not about eliminating risk – it’s just about understanding what risks your company faces, what your appetite is to manage those risks and what strategies you can deploy to best mitigate any impacts.

So, in my view, resources expended on developing a risk management culture and framework within an organisation are a worthwhile (and necessary) investment in the company’s long term success.

7. As an experienced governance professional, what would be your advice for people that are just starting a career in Governance, Risk and Compliance?

In short: read, study and talk to people. We are lucky to have a myriad of online resources available – both through organisations such as the Governance Institute, consultants such as Protecht and listed entities themselves. I would strongly recommend that anyone interested in progressing in this field avail themselves of those materials as they provide a huge amount of insight into current market practice.

Further, I found that the Governance Institute’s Diploma of Applied Corporate Governance provided a fantastic foundation for my day-to-day governance work. That study has enabled me to better participate in governance matters within my organisation. Finally, I would encourage people to network with other governance professionals or seek them out within your own organisation, to draw on their views and understand their perspective on what matters within their realm of responsibility.

If you want to become a Risk Management champion this year, the Protecht team, is always here to help. Send us an email to and share with us your own Risk journey.

Compliance eBook for blog.png

Related Articles

feature image
Risk Culture

Risk Culture Audits!

The IIA-Australia's guide is a timely reminder of the need for continued focus on risk culture. Although the guide is focused on Financial Services,...
Read more
feature image
Risk Culture, Risk Manager

How will you shape the future of Risk Management?

A futurist’s role is to help shape the future of something (risk management) in order to make it more relevant and valuable based on: Its known...
Read more
feature image
Risk Culture, Risk Professionals, Protecht.ERM

Webinar Q&A: How to easily measure your risk culture

You can find here the list of questions and answers to the topics that were raised during the live session of the webinar: How to easily measure your...
Read more