Introducing Marketplace: Fast-track your ERM system implementation
Learn More

Risk and Compliance Management Journey

by The Protecht Group | 5 minute read

A personal story

Behind every hard-working professional there is always a personal story to tell and one of the best ways of learning is listening, talking and sharing those stories and those personal points of view. A key philosophy at Protecht is to listen and learn from professionals across all lines of business.

I was recently invited to present the Governance Institute Dux Awards for Risk and Compliance, a recognition that Protecht has been sponsoring for a number of years. The award recipients generally don't have a background in risk and compliance management, with many coming from legal or accounting professions.

The awards event is always well organised by the Governance Institute and it is a pleasure to be invited to attend, not just to congratulate the winners, but to talk to a wide range of governance professionals eager to exchange ideas and grow their knowledge.

The NSW Risk and Compliance Dux award sponsored by Protecht recognises the top student in the risk and compliance stream within the Governance Institute’s education program. On this occasion it was a pleasure for me to give the award to Amy Jackson. Apart from the award certificate, Amy received a copy of David Tattam’s book, A Short Guide to Operational Risk.

I had a conversation with Amy about the Governance Institute course and the present and future for Risk and Compliance as part of good governance in Australia. The following is an excerpt of our conversation:

1. Who is Amy Jackson? 

I’m first and foremost a corporate lawyer. I originally began my career in private practice with a large Sydney law firm, before moving to an in-house role with an ASX listed company. I enjoy the challenge of in-house work, where my legal skills need to be brought to bear with a keen consideration of broader commercial objectives and risk management considerations.   

2. How long ago and why, did you start working in the governance field?

WorkinAmy - Dux Awards - Nov 2016.jpgg for an ASX listed company, I inevitably deal with governance matters on a regular basis both in terms of our internal governance and risk frameworks and external regulatory requirements (ASX listing rules etc).

So, it was really my core legal role that led me to have governance field exposure across the last 7 years, rather than a conscious choice to move into the area. However, I really value this part of my role.

3. Why did you decide to further your studies with the Governance Institute? 

Given that my professional training had been predominately in legal areas, I felt the need to expand my technical skills in governance matters to better equip me to perform my current role, as well as positioning me for future career opportunities. The Graduate Diploma of Applied Corporate Governance through the Governance Institute, was a natural choice.

4. As a Senior Legal Counsel within your organisation, how do you see the future for Risk and Compliance Management and how does it support you in this role?

I see Risk and Compliance Management as being a core pillar underpinning how a company can (and should) operate.

The effective identification and management of risk, supported by a strong compliance framework, is clearly critical to the ongoing success of any business.

My primary role is to identify and manage legal risks for the company, and accordingly it is imperative that my role sits within a strong risk and compliance management culture.

5. What do you think are the main challenges Australian companies are facing regarding governance, risk and compliance?

This is a difficult question to answer, as different companies in different industries will face their own particular challenges. Broadly speaking, the pace of regulatory change will remain an ongoing challenge for all businesses, as will the pace of technological change, which brings its own particular risks around data management and cyber security. The need to manage these issues effectively, within an environment of ever present cost and budgetary pressures, is a constant tension.

6. What would be your recommendation for a company that does not have a risk management framework implemented?

Drawing on an often misquoted management adage – “If you can’t measure it, you can’t manage it”:

If a company operates without a risk management framework, they arguably run the very great risk that they remain largely or wholly unaware of significant threats to their business.

This leaves them liable to be blindsided by external developments (e.g., changes to regulation, markets, competitor activities etc.) or unaware of internal decay (e.g., breakdown in process, departure from core strategy etc).

A risk management framework is not about eliminating risk – it’s just about understanding what risks your company faces, what your appetite is to manage those risks and what strategies you can deploy to best mitigate any impacts.

So, in my view, resources expended on developing a risk management culture and framework within an organisation are a worthwhile (and necessary) investment in the company’s long term success.

7. As an experienced governance professional, what would be your advice for people that are just starting a career in Governance, Risk and Compliance?

In short: read, study and talk to people. We are lucky to have a myriad of online resources available – both through organisations such as the Governance Institute, consultants such as Protecht and listed entities themselves. I would strongly recommend that anyone interested in progressing in this field avail themselves of those materials as they provide a huge amount of insight into current market practice.

Further, I found that the Governance Institute’s Diploma of Applied Corporate Governance provided a fantastic foundation for my day-to-day governance work. That study has enabled me to better participate in governance matters within my organisation. Finally, I would encourage people to network with other governance professionals or seek them out within your own organisation, to draw on their views and understand their perspective on what matters within their realm of responsibility.

If you want to become a Risk Management champion this year, the Protecht team, is always here to help. Send us an email to and share with us your own Risk journey.

Compliance eBook for blog.png

Related Articles

feature image

IFGS 2022 - UK FinTech Week

Protecht are proud to be attending the IFGS 2022 event, in Guildhall in the City of London, on Monday 4th & Tuesday 5th April 2022.  The flagship...
Read more
feature image

CeFPro Risk EMEA 2022

Protecht are proud to be attending the 11th Annual CeFPro Risk EMEA 2022 event, in London, on 13th-14th June 2022.  The premier financial risk and...
Read more
feature image

CeFPro New Generation Operational Risk Europe Summit 2022

Protecht are proud to be attending the 7th Annual CeFPro New Generation Operational Risk Europe Summit, in London, on 29th -30th March 2022. The...
Read more