Risk managers have a choice: stick with compliance or step up to the board

Risk management is at a turning point. Aspiring senior risk professional can either step up as a strategic adviser to the board, or accept that their responsibilities go no further than compliance. But what are the key traits of an effective strategic risk manager? And what do they need to do their jobs properly?

Influence at the top

In the wake of enhanced board, regulatory and shareholder attention, the industry is witnessing an increased demand for risk management professionals in the boardroom. This is driven by an urgent need for informed and accurate risk advice to senior management. In order to do this, risk managers need to be able to convey messages succinctly and effectively.

Risk managers who are uncomfortable in this role may end up sidelined or ignored. Many financial firms are taking senior executives with the business knowledge and training them in risk management. When this happens, career risk managers could lose out.

Skill acquisition

Lack of capability and experience at a strategic level can hold risk managers back. Smart risk managers should look at ways of acquiring sufficient commercial acumen, business knowledge, and strategic vision. If they do not they are in danger of losing relevance.

Clear lines of reporting

In order to operate as a check and balance, risk managers require a clear reporting line to the chief executive. But they should also have a trusted relationship with the audit committee. At the same time non-executive directors need to be prepared to listen to the advice of their risk managers and, in some cases, they may need to become more risk-aware themselves.

Business enabling

Equally, risk management needs to support the business to achieve its commercial objectives. It is no good if risk managers are seen as a stumbling block to revenue and growth. For this reason risk management should not be too conservative or purely focused on reducing threats. By working through scenarios, risk managers may find ways of tightening up processes that make them more agile and effective.

Risk culture

Risk managers can only embed a strong risk management culture within the business if they are seen to be credible and have influence over other people’s behaviour.

The emphasis remains on risk professionals themselves to make sure they earn a reputation as credible and influential departments.

Information systems

Finally, risk managers need to have the right information in order to make a convincing case to the board. Technical solutions can help give risk managers some of that assurance.

If the risk manger is raised to a strategic level, and they become embedded into business thinking, then organisations should be able to take certain risks, safe in the knowledge that they have the processes to deal with the consequences. The only question that remains is whether the risk community itself is brave enough to step up?


Key points

  • Risk managers need influence at the top, but in order to get this they require business knowledge and trust
  • Lack of capability at a strategic level sometimes holds risk managers back. It is their responsibility to acquire the right skills
  • Risk managers should have a good relationship with the audit committee and executive management should not exert unfair influence over them
  • If they are seen to be an obstacle, risk managers will be sidelined. They should make sure their work is business enabling, not a hindrance
  • Risk departments may need smarter resources in order to present timely, accurate and convincing data to the board