Protecht.ERM Showcase: Manage the full lifecycle of risk management in one system
Register Now

What does it take to be a risk manager?

I am often asked “what are the key requirements that make a good risk manager?”  My first response is “to be able to walk on water”. Such is the required varied skill set of a good risk manager.

The roles and responsibilities of the risk manager are many and varied depending on the organisation they belong to. I will use the example of an organisation that has an independent risk management function where risk, and the day to day management thereof, is owned by the business. Let’s look at the key characteristics of the Chief Risk Officer (CRO) and the staff of the independent function.

The main function of the independent risk manager is to review and challenge what the front line business is doing to manage risk. In addition, they should be seen as subject matter experts and assisters in developing and maintaining the risk management frameworks. They should be seen as value-adding and adopted by, and engaged with, front line staff.

What are the key skills and characteristics needed to be a success in this role?

Here is my list:

  1. Risk management is to a large degree an art form. This requires a strong right hand (artistic) brain, able to cope with qualitative and inexact concepts and able to “see” into the future.

  2. At the same time, the risk manager needs to be logical, analytical, problem-solving and exhibit a high degree of common sense. These attributes are found mainly in the left brain. Finding both left and right brain people is rare. I am traditionally more left than right brain but luckily married an artist who dragged me (sometimes kicking and screaming) into my right lobe!

  3. The risk manager must be commercially astute and demonstrate a high degree of business acumen. They must demonstrate a strong understanding of risk and reward and see themselves as a manager of risk rather than a risk minimiser.

  4. Having credibility helps. Experience in being in business’s shoes and having scars of previous incidents, failure and success helps build that strength. Hands on business experience is invaluable.    
  5. They must have a reasonably strong knowledge of the business so that they can relate to the front line business staff and talk their language. Engaging the front line is key for success.

  6. They must have excellent interpersonal skills. They have to be able to challenge assertively, yet professionally and with empathy. I often say a risk manager needs to be able to challenge while providing a “hug” at the same time!

  7. They must be great negotiators.

  8. They must be confident to relate to and challenge every level of the organisation from the Board, through the C-Suite and across the wider business.

    What it takes to be a risk manager_Blog_Image 2_Resized

  9. They must be excellent communicators. Listening is more key than talking and talking needs to be articulate and clear using simple, “real” language.

  10. They must have empathy for the business and be able to put themselves in the shoes of the front line. They need to be able to sit in the mirror and ask "Does “my” challenge and risk management speak make sense?"

  11. They must be technically strong in risk management and have clarity of thought over all things risk and risk management. They will be asked for advice and need to show strength and guidance.

  12. Lastly, the risk manager should be the upholder of integrity and the champion of risk and control culture. Walking the talk is way more powerful than talking the talk. (Read How to Achieve your Risk Management Goals.)

This list is daunting but highlights the incredible challenge the risk manager faces. That said, I could not imagine a more varied and mentally stimulating role in business, one that touches every part of an organisation, every person, and every stakeholder and one that stretches your capabilities on a daily basis. 

Such is the role of the CRO!

Protecht prides itself in its vast experience in delivering risk management training to help the risk managers of a business, in the wider sense, learn the many technical skills required of the role.

Related Articles

feature image
Risk Culture

Are you really in control of your Culture and Conduct risks?

The list of key risks that should be keeping us awake at night seems to be forever changing. Whatever your list, Culture and Conduct Risk should be a...
Read more
feature image
Risk Culture

Victorian Government raises the bar on Risk Management. How will you rise to the occasion?

The Victorian Government’s Risk Management Framework (VGRMF) which applies to Victorian Government departments and public bodies covered by the...
Read more
feature image
Risk Culture

Risk Culture Audits!

The IIA-Australia's guide is a timely reminder of the need for continued focus on risk culture. Although the guide is focused on Financial Services,...
Read more