The risk manager’s role is key to ensuring the business is proactively thinking about and planning for future events. Risk management is more than ever an essential part of how you run your business. While you might not be able to see one of Nassim Nicholas Taleb’s ‘black swans’ coming, you can take reasonable steps to manage the risk your company is exposed to.
Risk management as a function is split across several levels and all teams in the organization, but most firms will have a Risk Manager in post to coordinate and oversee the efforts of each team. So what does the role of risk manager involve? This article looks at the major job responsibilities for someone in a corporate risk management position.
Managing risk governance
A risk manager is responsible for the governance of risk across the organization. This is probably the first thing you think of when considering a risk manager’s daily tasks. They put together the framework for risk management and how that will be managed, monitored and controlled. They spearhead the governance policies and processes, ensuring they are fit for purpose and implemented across the business.
They may chair risk management committees, and will often be called upon to consult with other senior leaders in the organization.
Leading on risk appetite
‘Risk appetite’ might not be a phrase many of your department managers are familiar with, so part of the risk manager’s role is to make sure that everyone understands the parameters around what risk the company is prepared to take.
Risk appetite is the level of risk the company is prepared to accept across all its operations. It’s important to get the level right. Too restrictive, and the company won’t take any risk, missing out on innovative or creative projects that might see it leap ahead in the competitive stakes. Too permissive, and the business risks financial or reputational loss by gambling on something that ultimately doesn’t pay off.
The risk manager makes sure the company takes an approach to risk that helps limit potential loss while balancing taking calculated risk that can be tolerated.
Overseeing risk responses
Another key role for the risk manager is to design and implement risk responses in a way that makes sense for the organization. There are a number of different approaches for risk response, such as transference, avoidance and reduction. The risk manager is well-versed in all the options and can advise on how best to deal with the risk facing the business.
If your business has risk management software, the risk manager (or someone in their team) will be responsible for running simulations and predictions that will help the business take better decisions about how to deal with risk.
They may consult with team leaders who want support on implementing risk response measures, by helping with risk analysis to identify the upsides and downsides of risk. Risk isn’t always a bad thing, so the risk manager is a key in spreading the word about opportunity risk and helping the organization uncover and exploit those to the best of its ability.
A core part of risk management is making sure there are risk response plans for identified risk, and that these are being actively worked on.
Manage business continuity
Beyond project, program and portfolio risk, the risk manager is also the person who will lead on business continuity for the business. Each team may have their own business continuity and disaster recovery plans, but the risk manager is the person who holds it all together.
They coordinate business continuity efforts across all the departments, making sure the business as a whole has a robust approach and clear guidance on what to do.
The risk manager’s role is also responsible for business continuity policies at the corporate level, and they may approve local plans as well.
Leading the risk management culture
Every organization has an approach to how they want to do risk that is appropriate for their industry, business, maturity levels with risk management and more. That’s the risk culture. The risk manager’s role is to ensure the risk culture is appropriate for the organization, and that it is maintained.
That could involve designing a program of risk management training for new starters, working on corporate policies, communication, ongoing health checks and audits, and planning a roadmap for maturing the risk management culture for business benefit.
Essentially, the risk manager’s role is to define the risk culture and then embed it, while spearheading the effort to deepen and improve the way the organization manages risk over time.
Many risk managers enjoy the range of opportunities this role has to offer, because it is so diverse. You could be advising the CEO on risk tolerance across the portfolio one day, and then helping a team leader prepare business continuity plans the next. There’s a broad mix of strategic consultation and detailed record-keeping.
As you can see, the risk manager’s role has a lot of components, and in a large organization it could be too much for one individual. It’s certainly not good risk management or business continuity practice to have all the risk knowledge in a single person’s head. Best practice for your organization could be to have a team of risk experts, or to spread the risk management responsibilities across multiple teams. Many organizations also call in risk management consultants to help prepare development plans or carry out maturity assessments to assist the team with working out their next steps.
Risk management is a fascinating field that attracts top quality candidates and can make a real difference to a company’s success. A good risk management team, with a clear roadmap for risk maturity, can enhance a company’s performance for the long term when they work in partnership with the rest of the business.