SlideShare a Scribd company logo

The Core Competencies of a Professional Risk Manager

Ian-Edward Stafrace
Ian-Edward Stafrace

This guidance issued by the Malta Association of Risk Management (MARM) is intended to describe a base level of competencies for a professional risk manager to function effectively in any sector. The document covers: ● Roles of the Risk Manager - describes the tasks associated with each role and common or likely requirements supporting the achievement of these tasks ● Required Competencies - outlines the competencies required of a risk manager to effectively carry out the roles the Roles of a Risk Manager ● Demonstrating Competence - outlines ways in which these competencies can be demonstrated to third parties by risk managers

Business
1 of 10
Download to read offline
The Core Competencies of a Professional Risk Manager Malta Association of Risk Management (MARM) NOVEMBER 2017
Contents 1. Scope & Purpose of this Document ................................................................................................3 2. Key Definitions................................................................................................................................4 3. The Role of the Risk Manager.........................................................................................................4 3.1. Define Risk Architecture .............................................................................................................5 3.2. Risk Assessment...........................................................................................................................6 3.3. Risk Response..............................................................................................................................6 3.4. Risk Monitoring & Reporting .....................................................................................................7 3.5. Managing Risk Culture................................................................................................................7 4. Required Competencies ..................................................................................................................8 5. Demonstrating Competence............................................................................................................9 6. Document Revision History ............................................................................................................9 7. Sources & Further Reading.............................................................................................................9
1. Scope & Purpose of this Document The notion behind risk management is as old as mankind whilst risk management as a discipline has been practiced in public and private bodies for many decades. The recognition of risk management as a profession however, involves general acceptance of risk management as a standalone occupation as well as acknowledging the importance of promoting the integrity and competence of those practicing it. We believe that creating the right conditions for the professional recognition of risk management and risk managers in Malta is of paramount importance and this document entitled ‘The Core Competencies of the Professional Risk Manager’ is our contribution to this process. Defining these core competencies of the professional risk manager is not an easy task and in order to set the scene, there are several challenges worth highlighting. First of all, almost any position or role within any organisation involves the application of risk management to some extent. For example, an experienced general manager will usually have wide range of risk management experience. A second challenge is that the roles bearing the ‘risk manager’ title are diverse and some require specific technical skills (for example mathematical modelling). We have responded to these challenges as follows. To address the first challenge, in line with the position taken by the Federation of European Risk Management Associations (hereafter referred to as FERMA) in recent official publications1 , we support fully the ‘three lines of defence’ model. Whilst the primary responsibility for risk management in this model resides within the first line of defence, the risk manager forms part of the second line of defence and retains a degree of independence from frontline functions. In response to the second challenge, whilst acknowledging that stakeholders expect risk managers to possess sector-specific skills which are compatible to the needs, nature and complexity of the organisation, we do not set out to prescribe these technical requirements and instead recognise that these shall remain a function of the candidate assessment and recruitment practices of the enterprise. Nonetheless, this guidance is intended to describe a base level of competencies for a professional risk manager to function effectively in any sector. Should sector specific competencies also be required of a risk manager, the requirements set out in this document should be supplemented by other requirements relevant to that sector. Our focus therefore is on the competencies required of a professional risk manager to deliver/oversee end-to-end enterprise risk management. The remainder of this document, shall describe these core attributes in more detail as follows :  Section 3 – The Role of the Risk Manager describes the tasks associated with each role and common or likely requirements supporting the achievement of these tasks;  Section 4 – Required Competencies outlines the competencies required of a risk manager to effectively carry out the roles described in Section 3 - The Roles of a Risk Manager; and  Section 5 – Demonstrating Competence describes ways in which these competencies can be demonstrated to third parties by risk managers. 1 E.g. Guidance on the 8th EU Company Law Directive or FERMA/ECIIA Audit & Risk Committee Best Practices, available at http://www.ferma.eu/about/publications/eciia-ferma-guidance/
We have consciously excluded competencies associated with certain specialist activities often forming part of the risk manager’s role, such as hedging, insurance purchasing and claims management. 2. Key Definitions Whilst the word risk derives from the ancient Arabic “rizq”, which like the Maltese word “risq” refers to gains and blessings, today risk is often understood to mean the possibility of adverse consequences. ISO 31000 defines risk as the ‘effect of uncertainty on objectives’. This is a working definition which we prefer, as it ties risk to an enterprise’s aims and is neutral between the upsides and downsides of potential outcomes. In many cases the optimal arrangements for a risk function will comprise more than one individual. This team may even include individuals from outside the enterprise. We have not taken a view on what type of arrangements are best. For the purposes of this document we have used the term risk manager even where in practical terms a risk function may be used interchangeably. For the sake of consistency, for the rest of the document we have used the term ‘enterprise’ to describe any public or private body or organisation. 3. The Role of the Risk Manager ISO 31000 describes the constituent elements of the process of risk management (sometimes referred to as the 7 “Rs”) as follows: 1. Recognition or Identification of Risk 2. Ranking or Evaluation of Risk 3. Responding to Significant Risks 4. Resourcing Controls 5. Reaction Planning 6. Reporting & Monitoring Risk Performance 7. Reviewing the Risk Framework We have mapped the above process elements to risk manager ‘roles’ as follows. Risk Manager Role Reference To The 7 ‘Rs’ Listed Above Define Risk Architecture 7 Risk Assessment 1 & 2 Risk Response 3 – 5 Monitoring & Reporting 6 In addition to the above, we consider ‘Managing Risk Culture’ to be a central role of the risk manager. Below we have described the tasks and requirements associated with each of these five roles in more detail.
3.1. Define Risk Architecture Defining or redefining the enterprise’s risk architecture follows on from an understanding of its strategic objectives and the threats and opportunities surrounding the execution of this strategy. In order to design an effective risk architecture, a risk manager must understand the enterprise’s internal processes and activities so as to be able to develop a well-defined enterprise risk framework supported by a methodology and suitable tools which complement the nature, scale and complexity of the enterprise as well as the maturity of its risk culture. A risk management policy which takes full consideration of the enterprise’s risk appetite is likely to be an important component of the overall risk architecture. Having expertise in the strategic aspects of risk, it is likely that the risk manager will take on a leading role in supporting the Board and/or senior management in establishing and maintaining a suitable risk architecture. This does not only involve developing a sound risk framework and common risk taxonomy across the organisation but also ensuring an appropriate organisation within the first, second and third lines of defence where objectives are aligned to the overall risk strategy of the organisation. Securing an effective risk architecture requires risk awareness at all levels of the organisation particularly at the level of the Board of Directors and Senior Management and appropriate steering and oversight from the enterprise’s governing bodies. Likely requirements supporting the achievement of these tasks:  Build an understanding of the enterprise including its culture, history, the environment in which it operates (e.g. competition, technological development) and the objectives and constraints of the enterprise and its segments;  Define the objectives of the risk manager within this context;  Define the objectives and the scope of the risk management policy;  Select a suitable risk management framework and develop a supporting implementation plan;  Develop strategies in relation to risk assessment, risk response, (including the principles guiding alternative risk response strategies for the enterprise - termination, tolerance, treatment, transfer) risk monitoring and risk reporting;  Identify the roles and responsibilities of the company’s employees in the context of risk management;  Identify required resources;  Secure approval for the risk management framework from the enterprise's governing bodies / senior management and for required resources;  Communicate risk management policy and supporting architecture to stakeholders;  Implement the risk management framework;  Provide ongoing awareness training to participants in the risk governance organisation and to top management;  Provide methodological approaches in the identification and evaluation of risks linked to new strategic orientations;  Adapt plans/arrangements resulting from changes within the enterprise and its environment.
3.2. Risk Assessment Risk assessment comprises the identification, analysis and evaluation of risks pertaining to the enterprise. It involves the use of suitable tools to facilitate a process of anticipating relevant opportunities and risks at all levels within the enterprise. It includes a process of analysis to classify and evaluate risks, so as to ensure suitable prioritisation and validated of initial risk evaluations by relevant stakeholders. Likely requirements supporting the achievement of these tasks:  Define the risk universe for the enterprise;  Define and make use of a common risk taxonomy so as to achieve a shared understanding of risks and how to assess them. For example ensure that the difference between inherent and residual risks is defined and understood;  Identify the tools and techniques to be used to identify both opportunities and threats.  Facilitate risk identification exercises;  Create a specific scale against which probability and impact of risks can be measured feeding into a risk register and determine the tools and techniques to be used to estimate probability and impacts or identified risks;  Determine when expert assistance is required;  Evaluate inherent and residual risks. Identify root causes of these risks;  Communicate to relevant stakeholders how the risk assessment exercise has been carried out and relevant findings; and  Provide strategic insights to the enterprise based on the work carried out and obtain feedback. 3.3. Risk Response Risk response involves dealing with significant identified risks. The acceptability or otherwise of identified risks can be determined by comparing assessed risks with the enterprise’s defined risk appetite. Risk response then involves the risk manager providing assistance to the enterprise in the implementation of suitable risk mitigation strategies bearing in mind the root cause of the risk and the costs associated with the available risk response strategies. Risk treatment measures can include implementing control measures to reduce the likelihood of the realisation of a risk event or measures to reduce the impact should the risk occur. Part of the risk manager’s role is to ensure that planned risk response measures are put in place. Likely requirements supporting the achievement of these tasks:  Ensure that there is named ownership for all significant risks;  Develop an arsenal of potential risk mitigation strategies. Suggest suitable risk treatment solutions to address specific risks;
 Assist with the evaluation of the effectiveness and efficiency of specific risk mitigation plans, (e.g. helping with budgeting and drawing in expert resources as required);  Define jointly, with each risk owner, a timetable for the implementation of action plans;  Participate in drawing up risk prevention plans;  Participate in drawing up business continuity plans;  Support the implementation of risk treatment measures (e.g. carry out risk awareness training); and  Present consolidated action plans to stakeholders. 3.4. Risk Monitoring & Reporting Monitoring should be a planned part of the risk management process and involve regular checks on recognised risks. Effective monitoring ensures that risk management activities are delivering expected results and supports continuous improvements in overall risk management. Similarly, reporting should support the overall risk management framework providing timely communication to relevant stakeholders, which is well understood so as to support sensible decision- making. Likely requirements supporting the achievement of these tasks:  Define and apply risk monitoring indicators which are relevant to measuring the implementation and effectiveness of risk management measures;  Establish suitable tools (e.g. risk monitoring dashboards) to communicate results of risk monitoring indicators, risk scoring and changes in the overall risk profile of the organisation resulting from developments in business strategy or external events;  Define the role and operating procedures of Risk Committees or similar bodies receiving risk reporting;  Establish an appropriate risk reporting agenda which enables risk governance forums to receive and discuss risk-relevant information and which encourages effective risk based decision making;  Communicate risk reporting to relevant stakeholders. 3.5. Managing Risk Culture Risk culture represents the values, beliefs, knowledge and understanding about risk shared by a group of people. Risk culture is influenced and/or reinforced by attitudes, incentives and behaviours within that group where those in leadership roles usually being particularly influential. It is within the role of the risk manager to help an enterprise or segments within it to understand the current risk culture, define what a healthy risk culture would look like and champion efforts to achieve this.
Likely requirements supporting the achievement of these tasks:  Understand the features of a healthy risk culture and symptoms of a sub-optimal risk culture;  Improve awareness of issues related to risk culture (particularly at senior levels within the enterprise);  Design and implement co-ordinated actions to achieve/maintain a healthy risk culture;  Encourage open lines of communication so as to share best practices;  Analyse risk events or near misses to identify where cultural lessons can be learnt; and  Communicate internally examples of good and bad practices. 4. Required Competencies The tasks and requirements of a risk manager, as set out above in Section 3 – The Role of a Risk Manager, require a mixture of hard and soft skills. In terms of hard skills, a risk manager should have a strong understanding of risk management and related concepts. This includes the following broad areas:  Business basics  Essentials of risk management  Risk assessment  Risk treatment  Risk monitoring and reporting The ‘Body of Knowledge’ for FERMA’s rimap® certified risk management professional qualification provides more detail and is referenced in Section 7 – Key Sources & Further Reading. In terms of the following soft skills, we have identified the following competencies.  Communication Skills – in addition to credible written and verbal communications skills which the risk manager can adapt to the situation and audience, the individual is capable of making a persuasive case.  Creativity & Adaptability – the ability to approach a problem from numerous perspectives. Flexibility to propose solutions that fit the organisation.  Cultural Awareness – understands the enterprise and the individuals working in it. Cultivates an extensive network. Appreciates potential cultural barriers to positive change. Receptive to information from diverse sources.  Inquisitiveness – displays a suitable level of professional scepticism. Seeks corroborative evidence before accepting the validity of presented information. Prepared to challenge accepted practice or encourage alternative views in order to uncover the truth.  Management – demonstrates strong leadership skills. Able to identify the wider implications of decisions, including the resourcing and budgetary implications.
 Integrity – displays objectivity and independence in their work and sound ethical, moral and professional conduct/judgement. As an individual of good repute, puts the interests of the profession before all other considerations and operates at all times within the parameters of what is legally and professionally acceptable.  Organisation – shows ability to prioritise effectively and organise tasks effectively. Daily tasks are congruent with stated strategic objectives. 5. Demonstrating Competence Competence can be demonstrated through a combination of experience and knowledge. The rimap® certified risk management professional qualification is one channel through which competence can be evaluated and maintained. We also consider the following qualifications as equivalent:  International Diploma in Risk Management (IRM - Institute of Risk Management)  Financial Risk Manager (GARP - Global Association of Risk Professionals) We consider the following to be of value in demonstrating competence, but insufficient in of themselves to be considered of equivalent value to the rimap® qualification in demonstrating an individual’s competence as a risk manager:  Professional insurance qualifications  Professional accountancy qualifications In addition to, or in lieu of the qualifications and professional certifications cited above, a risk manager’s experience in industry, where this covers principally all elements cited in Section 3 – The Role of a Risk Manager, is also considered of value in demonstrating the desired level of competence. 6. Document Revision History This document was first created by the MARM’s Educational Sub-Committee in August 2017. It was formally approved by the MARM council on 29 November 2017. 7. Sources & Further Reading In preparing this document ‘The Risk Manager Framework – a professional reference tool’ authored by AMRAE (Association pour le Management des Risques et des Assurances de l’Entreprise) which is available at http://www.amrae.fr/sites/default/files/fichiers_upload/RiskManagerFramework_AMRAE_2013_0.pdf was a key source of reference. Both the content and logical format of this document was used as a template to develop this document .
AMRAE is a French national risk management association and is a chapter of FERMA. As referred to above in Section 4 – Required Competencies, the technical knowledge to be expected of a professional risk manager is summarised in the ‘Body of Knowledge’ for the rimap® certified risk management professional qualification (FERMA) – an online resource available at - http://rimap- certified.org/wp-content/uploads/2016/05/Rimap-Body-of-knowledge.pdf A risk manager should be familiar with ISO 31000 and COSO Enterprise Risk Management frameworks. We also recommend IRM briefings and guidance on online resource available at https://www.theirm.org/knowledge-and-resources/guides-aned-briefings.aspx. These are updated regularly and the following are especially relevant:  Risk Culture under the Microscope – Guidance for Boards – an online resource available at https://www.theirm.org/media/885907/Risk_Culture_A5_WEB15_Oct_2012.pdf  A structured approach to Enterprise Risk Management (ERM) and the requirements of ISO 31000 available at https://www.theirm.org/media/886062/ISO3100_doc.pdf

Recommended

Operational Risk Management & Strategic Planning
Operational Risk Management & Strategic PlanningOperational Risk Management & Strategic Planning
Operational Risk Management & Strategic Planning
Eneni Oduwole
 
Calculate the Risk
Calculate the RiskCalculate the Risk
Calculate the Risk
Salih Islam
 
Risk-management
Risk-management Risk-management
Risk-management
Umesh Gupta
 
Business Continuity Planning Presentation
Business Continuity Planning PresentationBusiness Continuity Planning Presentation
Business Continuity Planning Presentation
The Chamber For a Greater Chapel Hill-Carrboro
 
Risk Identification PowerPoint Presentation Slide
Risk Identification PowerPoint Presentation SlideRisk Identification PowerPoint Presentation Slide
Risk Identification PowerPoint Presentation Slide
SlideTeam
 
Crisis And Risk
Crisis And RiskCrisis And Risk
Crisis And Riskkktv
 
Operational risk & business continuity management
Operational risk & business continuity managementOperational risk & business continuity management
Operational risk & business continuity managementUjjwal 'Shanu'
 
Business Impact Analysis - Clause 4 Of BS25999 In Practice
Business Impact Analysis - Clause 4 Of BS25999 In PracticeBusiness Impact Analysis - Clause 4 Of BS25999 In Practice
Business Impact Analysis - Clause 4 Of BS25999 In Practice
Dipankar Ghosh
 

Recommended

Operational Risk Management & Strategic Planning
Operational Risk Management & Strategic PlanningOperational Risk Management & Strategic Planning
Operational Risk Management & Strategic Planning
Eneni Oduwole
 
Calculate the Risk
Calculate the RiskCalculate the Risk
Calculate the Risk
Salih Islam
 
Risk-management
Risk-management Risk-management
Risk-management
Umesh Gupta
 
Business Continuity Planning Presentation
Business Continuity Planning PresentationBusiness Continuity Planning Presentation
Business Continuity Planning Presentation
The Chamber For a Greater Chapel Hill-Carrboro
 
Risk Identification PowerPoint Presentation Slide
Risk Identification PowerPoint Presentation SlideRisk Identification PowerPoint Presentation Slide
Risk Identification PowerPoint Presentation Slide
SlideTeam
 
Crisis And Risk
Crisis And RiskCrisis And Risk
Crisis And Riskkktv
 
Operational risk & business continuity management
Operational risk & business continuity managementOperational risk & business continuity management
Operational risk & business continuity managementUjjwal 'Shanu'
 
Business Impact Analysis - Clause 4 Of BS25999 In Practice
Business Impact Analysis - Clause 4 Of BS25999 In PracticeBusiness Impact Analysis - Clause 4 Of BS25999 In Practice
Business Impact Analysis - Clause 4 Of BS25999 In Practice
Dipankar Ghosh
 
R is for Risk 2 Risk Management using R
R is for Risk 2 Risk Management using RR is for Risk 2 Risk Management using R
R is for Risk 2 Risk Management using R
Hernan Huwyler, MBA CPA
 
CYBER RISK MANAGEMENT
CYBER RISK MANAGEMENTCYBER RISK MANAGEMENT
CYBER RISK MANAGEMENT
Pratham Sharma
 
Risk assessment and management
Risk assessment and managementRisk assessment and management
Risk assessment and management
TaekHyeun Kim
 
KRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITKRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & IT
Max Neira Schliemann
 
Cyber+incident+response+ +generic+ransomware+playbook+v2.3
Cyber+incident+response+ +generic+ransomware+playbook+v2.3Cyber+incident+response+ +generic+ransomware+playbook+v2.3
Cyber+incident+response+ +generic+ransomware+playbook+v2.3
UnioGeek
 
Crisis management and The Art of Problem Solving
Crisis management and The Art of Problem SolvingCrisis management and The Art of Problem Solving
Crisis management and The Art of Problem Solving
TANKO AHMED fwc
 
Risk management
Risk managementRisk management
Risk management
badar214118
 
Incident Response Swimlanes
Incident Response SwimlanesIncident Response Swimlanes
Incident Response Swimlanes
Daniel P Wallace
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk Management
Croydon Consulting, LLC
 
B Part 4 Risk Assessment & Study Example By J Mc Cann
B Part 4 Risk Assessment & Study Example By J Mc CannB Part 4 Risk Assessment & Study Example By J Mc Cann
B Part 4 Risk Assessment & Study Example By J Mc Cann
James McCann
 
Business Continuity Plan Powerpoint Presentation Slides
Business Continuity Plan Powerpoint Presentation SlidesBusiness Continuity Plan Powerpoint Presentation Slides
Business Continuity Plan Powerpoint Presentation Slides
SlideTeam
 
Fundamentals of-risk-management
Fundamentals of-risk-managementFundamentals of-risk-management
Fundamentals of-risk-managementMajd Ghanem,MBA
 
Building an invisible framework for risk management
Building an invisible framework for risk managementBuilding an invisible framework for risk management
Building an invisible framework for risk management
hallowedblasphe76
 
Prudential Practice Guide CPG 220 - Risk Management
Prudential Practice Guide CPG 220 - Risk ManagementPrudential Practice Guide CPG 220 - Risk Management
Prudential Practice Guide CPG 220 - Risk Management
Turlough Guerin GAICD FGIA
 
Deloitte risk committee guidance
Deloitte risk committee guidanceDeloitte risk committee guidance
Deloitte risk committee guidance
Lutangu Lutangu
 
Implementing an Enterprise Risk Management program (2022 updates).pdf
Implementing an Enterprise Risk Management program (2022 updates).pdfImplementing an Enterprise Risk Management program (2022 updates).pdf
Implementing an Enterprise Risk Management program (2022 updates).pdf
Robert Serena, FSA, CFA, CPCU
 
Syllabus-Financial Risk Management.docx
Syllabus-Financial Risk Management.docxSyllabus-Financial Risk Management.docx
Syllabus-Financial Risk Management.docx
Yoyo Sudaryo
 
Sun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdf
Sun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdfSun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdf
Sun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdf
abdo badr
 
Bank Risk Management and Risk Culture
Bank Risk Management and Risk CultureBank Risk Management and Risk Culture
Bank Risk Management and Risk Culture
SyedMohqiqHussain
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk ManagementAnu Damodaran
 
FERMA: Captives in a post-BEPS World
FERMA: Captives in a post-BEPS WorldFERMA: Captives in a post-BEPS World
FERMA: Captives in a post-BEPS World
FERMA
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk managementAnu Damodaran
 

More Related Content

What's hot

R is for Risk 2 Risk Management using R
R is for Risk 2 Risk Management using RR is for Risk 2 Risk Management using R
R is for Risk 2 Risk Management using R
Hernan Huwyler, MBA CPA
 
CYBER RISK MANAGEMENT
CYBER RISK MANAGEMENTCYBER RISK MANAGEMENT
CYBER RISK MANAGEMENT
Pratham Sharma
 
Risk assessment and management
Risk assessment and managementRisk assessment and management
Risk assessment and management
TaekHyeun Kim
 
KRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITKRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & IT
Max Neira Schliemann
 
Cyber+incident+response+ +generic+ransomware+playbook+v2.3
Cyber+incident+response+ +generic+ransomware+playbook+v2.3Cyber+incident+response+ +generic+ransomware+playbook+v2.3
Cyber+incident+response+ +generic+ransomware+playbook+v2.3
UnioGeek
 
Crisis management and The Art of Problem Solving
Crisis management and The Art of Problem SolvingCrisis management and The Art of Problem Solving
Crisis management and The Art of Problem Solving
TANKO AHMED fwc
 
Risk management
Risk managementRisk management
Risk management
badar214118
 
Incident Response Swimlanes
Incident Response SwimlanesIncident Response Swimlanes
Incident Response Swimlanes
Daniel P Wallace
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk Management
Croydon Consulting, LLC
 
B Part 4 Risk Assessment & Study Example By J Mc Cann
B Part 4 Risk Assessment & Study Example By J Mc CannB Part 4 Risk Assessment & Study Example By J Mc Cann
B Part 4 Risk Assessment & Study Example By J Mc Cann
James McCann
 
Business Continuity Plan Powerpoint Presentation Slides
Business Continuity Plan Powerpoint Presentation SlidesBusiness Continuity Plan Powerpoint Presentation Slides
Business Continuity Plan Powerpoint Presentation Slides
SlideTeam
 

What's hot (11)

R is for Risk 2 Risk Management using R
R is for Risk 2 Risk Management using RR is for Risk 2 Risk Management using R
R is for Risk 2 Risk Management using R
 
CYBER RISK MANAGEMENT
CYBER RISK MANAGEMENTCYBER RISK MANAGEMENT
CYBER RISK MANAGEMENT
 
Risk assessment and management
Risk assessment and managementRisk assessment and management
Risk assessment and management
 
KRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITKRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & IT
 
Cyber+incident+response+ +generic+ransomware+playbook+v2.3
Cyber+incident+response+ +generic+ransomware+playbook+v2.3Cyber+incident+response+ +generic+ransomware+playbook+v2.3
Cyber+incident+response+ +generic+ransomware+playbook+v2.3
 
Crisis management and The Art of Problem Solving
Crisis management and The Art of Problem SolvingCrisis management and The Art of Problem Solving
Crisis management and The Art of Problem Solving
 
Risk management
Risk managementRisk management
Risk management
 
Incident Response Swimlanes
Incident Response SwimlanesIncident Response Swimlanes
Incident Response Swimlanes
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk Management
 
B Part 4 Risk Assessment & Study Example By J Mc Cann
B Part 4 Risk Assessment & Study Example By J Mc CannB Part 4 Risk Assessment & Study Example By J Mc Cann
B Part 4 Risk Assessment & Study Example By J Mc Cann
 
Business Continuity Plan Powerpoint Presentation Slides
Business Continuity Plan Powerpoint Presentation SlidesBusiness Continuity Plan Powerpoint Presentation Slides
Business Continuity Plan Powerpoint Presentation Slides
 

Similar to The Core Competencies of a Professional Risk Manager

Fundamentals of-risk-management
Fundamentals of-risk-managementFundamentals of-risk-management
Fundamentals of-risk-managementMajd Ghanem,MBA
 
Building an invisible framework for risk management
Building an invisible framework for risk managementBuilding an invisible framework for risk management
Building an invisible framework for risk management
hallowedblasphe76
 
Prudential Practice Guide CPG 220 - Risk Management
Prudential Practice Guide CPG 220 - Risk ManagementPrudential Practice Guide CPG 220 - Risk Management
Prudential Practice Guide CPG 220 - Risk Management
Turlough Guerin GAICD FGIA
 
Deloitte risk committee guidance
Deloitte risk committee guidanceDeloitte risk committee guidance
Deloitte risk committee guidance
Lutangu Lutangu
 
Implementing an Enterprise Risk Management program (2022 updates).pdf
Implementing an Enterprise Risk Management program (2022 updates).pdfImplementing an Enterprise Risk Management program (2022 updates).pdf
Implementing an Enterprise Risk Management program (2022 updates).pdf
Robert Serena, FSA, CFA, CPCU
 
Syllabus-Financial Risk Management.docx
Syllabus-Financial Risk Management.docxSyllabus-Financial Risk Management.docx
Syllabus-Financial Risk Management.docx
Yoyo Sudaryo
 
Sun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdf
Sun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdfSun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdf
Sun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdf
abdo badr
 
Bank Risk Management and Risk Culture
Bank Risk Management and Risk CultureBank Risk Management and Risk Culture
Bank Risk Management and Risk Culture
SyedMohqiqHussain
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk ManagementAnu Damodaran
 
FERMA: Captives in a post-BEPS World
FERMA: Captives in a post-BEPS WorldFERMA: Captives in a post-BEPS World
FERMA: Captives in a post-BEPS World
FERMA
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk managementAnu Damodaran
 
FERMA information paper to OECD in order to propose captive (re)insurance gui...
FERMA information paper to OECD in order to propose captive (re)insurance gui...FERMA information paper to OECD in order to propose captive (re)insurance gui...
FERMA information paper to OECD in order to propose captive (re)insurance gui...
FERMA
 
Pp the three lines of defense in effective risk management and control
Pp the three lines of defense in effective risk management and controlPp the three lines of defense in effective risk management and control
Pp the three lines of defense in effective risk management and controlErwin Morales
 
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2Tim Leech
 
IIA Position Paper THE THREE LINES OF DEFENSE IN EFFECT.docx
IIA Position Paper THE THREE LINES OF DEFENSE IN EFFECT.docxIIA Position Paper THE THREE LINES OF DEFENSE IN EFFECT.docx
IIA Position Paper THE THREE LINES OF DEFENSE IN EFFECT.docx
wilcockiris
 
Risk and Control Self Assessment - IRM India Affiliate
Risk and Control Self Assessment - IRM India AffiliateRisk and Control Self Assessment - IRM India Affiliate
Risk and Control Self Assessment - IRM India Affiliate
IRM India Affiliate
 
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterSTRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterDion K Hamilton
 
Risk management erm
Risk management ermRisk management erm
Risk management erm
Alberto Garcia Romera
 
Erm whitepaper (2)
Erm whitepaper (2)Erm whitepaper (2)
Erm whitepaper (2)
MayankGarg200
 
The importance of risk analysis and management, and corporate governance
The importance of risk analysis and management, and corporate governanceThe importance of risk analysis and management, and corporate governance
The importance of risk analysis and management, and corporate governanceAtul
 

Similar to The Core Competencies of a Professional Risk Manager (20)

Fundamentals of-risk-management
Fundamentals of-risk-managementFundamentals of-risk-management
Fundamentals of-risk-management
 
Building an invisible framework for risk management
Building an invisible framework for risk managementBuilding an invisible framework for risk management
Building an invisible framework for risk management
 
Prudential Practice Guide CPG 220 - Risk Management
Prudential Practice Guide CPG 220 - Risk ManagementPrudential Practice Guide CPG 220 - Risk Management
Prudential Practice Guide CPG 220 - Risk Management
 
Deloitte risk committee guidance
Deloitte risk committee guidanceDeloitte risk committee guidance
Deloitte risk committee guidance
 
Implementing an Enterprise Risk Management program (2022 updates).pdf
Implementing an Enterprise Risk Management program (2022 updates).pdfImplementing an Enterprise Risk Management program (2022 updates).pdf
Implementing an Enterprise Risk Management program (2022 updates).pdf
 
Syllabus-Financial Risk Management.docx
Syllabus-Financial Risk Management.docxSyllabus-Financial Risk Management.docx
Syllabus-Financial Risk Management.docx
 
Sun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdf
Sun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdfSun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdf
Sun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdf
 
Bank Risk Management and Risk Culture
Bank Risk Management and Risk CultureBank Risk Management and Risk Culture
Bank Risk Management and Risk Culture
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk Management
 
FERMA: Captives in a post-BEPS World
FERMA: Captives in a post-BEPS WorldFERMA: Captives in a post-BEPS World
FERMA: Captives in a post-BEPS World
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk management
 
FERMA information paper to OECD in order to propose captive (re)insurance gui...
FERMA information paper to OECD in order to propose captive (re)insurance gui...FERMA information paper to OECD in order to propose captive (re)insurance gui...
FERMA information paper to OECD in order to propose captive (re)insurance gui...
 
Pp the three lines of defense in effective risk management and control
Pp the three lines of defense in effective risk management and controlPp the three lines of defense in effective risk management and control
Pp the three lines of defense in effective risk management and control
 
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
 
IIA Position Paper THE THREE LINES OF DEFENSE IN EFFECT.docx
IIA Position Paper THE THREE LINES OF DEFENSE IN EFFECT.docxIIA Position Paper THE THREE LINES OF DEFENSE IN EFFECT.docx
IIA Position Paper THE THREE LINES OF DEFENSE IN EFFECT.docx
 
Risk and Control Self Assessment - IRM India Affiliate
Risk and Control Self Assessment - IRM India AffiliateRisk and Control Self Assessment - IRM India Affiliate
Risk and Control Self Assessment - IRM India Affiliate
 
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterSTRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
 
Risk management erm
Risk management ermRisk management erm
Risk management erm
 
Erm whitepaper (2)
Erm whitepaper (2)Erm whitepaper (2)
Erm whitepaper (2)
 
The importance of risk analysis and management, and corporate governance
The importance of risk analysis and management, and corporate governanceThe importance of risk analysis and management, and corporate governance
The importance of risk analysis and management, and corporate governance
 

More from Ian-Edward Stafrace

Reasons to attend FERMA Risk Magament Forum 2017
Reasons to attend FERMA Risk Magament Forum 2017Reasons to attend FERMA Risk Magament Forum 2017
Reasons to attend FERMA Risk Magament Forum 2017
Ian-Edward Stafrace
 
Improving risk-return and resilience through Enterprise Risk Management — Jul...
Improving risk-return and resilience through Enterprise Risk Management — Jul...Improving risk-return and resilience through Enterprise Risk Management — Jul...
Improving risk-return and resilience through Enterprise Risk Management — Jul...
Ian-Edward Stafrace
 
15 March 2017 Half Day Seminar - Obtaining More Value From Risk & Actuarial F...
15 March 2017 Half Day Seminar - Obtaining More Value From Risk & Actuarial F...15 March 2017 Half Day Seminar - Obtaining More Value From Risk & Actuarial F...
15 March 2017 Half Day Seminar - Obtaining More Value From Risk & Actuarial F...
Ian-Edward Stafrace
 
Risk and Internal Audit Synergies
Risk and Internal Audit SynergiesRisk and Internal Audit Synergies
Risk and Internal Audit Synergies
Ian-Edward Stafrace
 
FERMA Risk Management Benchmarking Survey 2014
FERMA Risk Management Benchmarking Survey 2014FERMA Risk Management Benchmarking Survey 2014
FERMA Risk Management Benchmarking Survey 2014
Ian-Edward Stafrace
 
EU Insurance Protected Cells - Captives on a Budget
EU Insurance Protected Cells - Captives on a BudgetEU Insurance Protected Cells - Captives on a Budget
EU Insurance Protected Cells - Captives on a Budget
Ian-Edward Stafrace
 
EU Onshore Insurance Protected Cells - Captives on a Budget
EU Onshore Insurance Protected Cells - Captives on a BudgetEU Onshore Insurance Protected Cells - Captives on a Budget
EU Onshore Insurance Protected Cells - Captives on a Budget
Ian-Edward Stafrace
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
Ian-Edward Stafrace
 
Behavioural Economics and Finance
Behavioural Economics and FinanceBehavioural Economics and Finance
Behavioural Economics and Finance
Ian-Edward Stafrace
 
Risk Culture
Risk CultureRisk Culture
Risk Culture
Ian-Edward Stafrace
 
Behavioural Economics Overview
Behavioural Economics OverviewBehavioural Economics Overview
Behavioural Economics Overview
Ian-Edward Stafrace
 

More from Ian-Edward Stafrace (11)

Reasons to attend FERMA Risk Magament Forum 2017
Reasons to attend FERMA Risk Magament Forum 2017Reasons to attend FERMA Risk Magament Forum 2017
Reasons to attend FERMA Risk Magament Forum 2017
 
Improving risk-return and resilience through Enterprise Risk Management — Jul...
Improving risk-return and resilience through Enterprise Risk Management — Jul...Improving risk-return and resilience through Enterprise Risk Management — Jul...
Improving risk-return and resilience through Enterprise Risk Management — Jul...
 
15 March 2017 Half Day Seminar - Obtaining More Value From Risk & Actuarial F...
15 March 2017 Half Day Seminar - Obtaining More Value From Risk & Actuarial F...15 March 2017 Half Day Seminar - Obtaining More Value From Risk & Actuarial F...
15 March 2017 Half Day Seminar - Obtaining More Value From Risk & Actuarial F...
 
Risk and Internal Audit Synergies
Risk and Internal Audit SynergiesRisk and Internal Audit Synergies
Risk and Internal Audit Synergies
 
FERMA Risk Management Benchmarking Survey 2014
FERMA Risk Management Benchmarking Survey 2014FERMA Risk Management Benchmarking Survey 2014
FERMA Risk Management Benchmarking Survey 2014
 
EU Insurance Protected Cells - Captives on a Budget
EU Insurance Protected Cells - Captives on a BudgetEU Insurance Protected Cells - Captives on a Budget
EU Insurance Protected Cells - Captives on a Budget
 
EU Onshore Insurance Protected Cells - Captives on a Budget
EU Onshore Insurance Protected Cells - Captives on a BudgetEU Onshore Insurance Protected Cells - Captives on a Budget
EU Onshore Insurance Protected Cells - Captives on a Budget
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
 
Behavioural Economics and Finance
Behavioural Economics and FinanceBehavioural Economics and Finance
Behavioural Economics and Finance
 
Risk Culture
Risk CultureRisk Culture
Risk Culture
 
Behavioural Economics Overview
Behavioural Economics OverviewBehavioural Economics Overview
Behavioural Economics Overview
 

Recently uploaded

RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...
BBPMedia1
 
The Parable of the Pipeline a book every new businessman or business student ...
The Parable of the Pipeline a book every new businessman or business student ...The Parable of the Pipeline a book every new businessman or business student ...
The Parable of the Pipeline a book every new businessman or business student ...
awaisafdar
 
Buy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star ReviewsBuy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star Reviews
usawebmarket
 
Lookback Analysis
Lookback AnalysisLookback Analysis
Lookback Analysis
Safe PaaS
 
Filing Your Delaware Franchise Tax A Detailed Guide
Filing Your Delaware Franchise Tax A Detailed GuideFiling Your Delaware Franchise Tax A Detailed Guide
Filing Your Delaware Franchise Tax A Detailed Guide
YourLegal Accounting
 
India Orthopedic Devices Market: Unlocking Growth Secrets, Trends and Develop...
India Orthopedic Devices Market: Unlocking Growth Secrets, Trends and Develop...India Orthopedic Devices Market: Unlocking Growth Secrets, Trends and Develop...
India Orthopedic Devices Market: Unlocking Growth Secrets, Trends and Develop...
Kumar Satyam
 
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
taqyed
 
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdfSearch Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Arihant Webtech Pvt. Ltd
 
Global Interconnection Group Joint Venture[960] (1).pdf
Global Interconnection Group Joint Venture[960] (1).pdfGlobal Interconnection Group Joint Venture[960] (1).pdf
Global Interconnection Group Joint Venture[960] (1).pdf
Henry Tapper
 
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdfMeas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
dylandmeas
 
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Lviv Startup Club
 
Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111
zoyaansari11365
 
Affordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n PrintAffordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n Print
Navpack & Print
 
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
BBPMedia1
 
Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...
dylandmeas
 
chapter 10 - excise tax of transfer and business taxation
chapter 10 - excise tax of transfer and business taxationchapter 10 - excise tax of transfer and business taxation
chapter 10 - excise tax of transfer and business taxation
AUDIJEAngelo
 
Unveiling the Secrets How Does Generative AI Work.pdf
Unveiling the Secrets How Does Generative AI Work.pdfUnveiling the Secrets How Does Generative AI Work.pdf
Unveiling the Secrets How Does Generative AI Work.pdf
Sam H
 
Cracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptxCracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptx
Workforce Group
 
Premium MEAN Stack Development Solutions for Modern Businesses
Premium MEAN Stack Development Solutions for Modern BusinessesPremium MEAN Stack Development Solutions for Modern Businesses
Premium MEAN Stack Development Solutions for Modern Businesses
SynapseIndia
 
Skye Residences | Extended Stay Residences Near Toronto Airport
Skye Residences | Extended Stay Residences Near Toronto AirportSkye Residences | Extended Stay Residences Near Toronto Airport
Skye Residences | Extended Stay Residences Near Toronto Airport
marketingjdass
 

Recently uploaded (20)

RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...
 
The Parable of the Pipeline a book every new businessman or business student ...
The Parable of the Pipeline a book every new businessman or business student ...The Parable of the Pipeline a book every new businessman or business student ...
The Parable of the Pipeline a book every new businessman or business student ...
 
Buy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star ReviewsBuy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star Reviews
 
Lookback Analysis
Lookback AnalysisLookback Analysis
Lookback Analysis
 
Filing Your Delaware Franchise Tax A Detailed Guide
Filing Your Delaware Franchise Tax A Detailed GuideFiling Your Delaware Franchise Tax A Detailed Guide
Filing Your Delaware Franchise Tax A Detailed Guide
 
India Orthopedic Devices Market: Unlocking Growth Secrets, Trends and Develop...
India Orthopedic Devices Market: Unlocking Growth Secrets, Trends and Develop...India Orthopedic Devices Market: Unlocking Growth Secrets, Trends and Develop...
India Orthopedic Devices Market: Unlocking Growth Secrets, Trends and Develop...
 
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
 
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdfSearch Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdf
 
Global Interconnection Group Joint Venture[960] (1).pdf
Global Interconnection Group Joint Venture[960] (1).pdfGlobal Interconnection Group Joint Venture[960] (1).pdf
Global Interconnection Group Joint Venture[960] (1).pdf
 
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdfMeas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
 
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)
 
Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111
 
Affordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n PrintAffordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n Print
 
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
 
Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...
 
chapter 10 - excise tax of transfer and business taxation
chapter 10 - excise tax of transfer and business taxationchapter 10 - excise tax of transfer and business taxation
chapter 10 - excise tax of transfer and business taxation
 
Unveiling the Secrets How Does Generative AI Work.pdf
Unveiling the Secrets How Does Generative AI Work.pdfUnveiling the Secrets How Does Generative AI Work.pdf
Unveiling the Secrets How Does Generative AI Work.pdf
 
Cracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptxCracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptx
 
Premium MEAN Stack Development Solutions for Modern Businesses
Premium MEAN Stack Development Solutions for Modern BusinessesPremium MEAN Stack Development Solutions for Modern Businesses
Premium MEAN Stack Development Solutions for Modern Businesses
 
Skye Residences | Extended Stay Residences Near Toronto Airport
Skye Residences | Extended Stay Residences Near Toronto AirportSkye Residences | Extended Stay Residences Near Toronto Airport
Skye Residences | Extended Stay Residences Near Toronto Airport
 

The Core Competencies of a Professional Risk Manager

  • 1. The Core Competencies of a Professional Risk Manager Malta Association of Risk Management (MARM) NOVEMBER 2017
  • 2. Contents 1. Scope & Purpose of this Document ................................................................................................3 2. Key Definitions................................................................................................................................4 3. The Role of the Risk Manager.........................................................................................................4 3.1. Define Risk Architecture .............................................................................................................5 3.2. Risk Assessment...........................................................................................................................6 3.3. Risk Response..............................................................................................................................6 3.4. Risk Monitoring & Reporting .....................................................................................................7 3.5. Managing Risk Culture................................................................................................................7 4. Required Competencies ..................................................................................................................8 5. Demonstrating Competence............................................................................................................9 6. Document Revision History ............................................................................................................9 7. Sources & Further Reading.............................................................................................................9
  • 3. 1. Scope & Purpose of this Document The notion behind risk management is as old as mankind whilst risk management as a discipline has been practiced in public and private bodies for many decades. The recognition of risk management as a profession however, involves general acceptance of risk management as a standalone occupation as well as acknowledging the importance of promoting the integrity and competence of those practicing it. We believe that creating the right conditions for the professional recognition of risk management and risk managers in Malta is of paramount importance and this document entitled ‘The Core Competencies of the Professional Risk Manager’ is our contribution to this process. Defining these core competencies of the professional risk manager is not an easy task and in order to set the scene, there are several challenges worth highlighting. First of all, almost any position or role within any organisation involves the application of risk management to some extent. For example, an experienced general manager will usually have wide range of risk management experience. A second challenge is that the roles bearing the ‘risk manager’ title are diverse and some require specific technical skills (for example mathematical modelling). We have responded to these challenges as follows. To address the first challenge, in line with the position taken by the Federation of European Risk Management Associations (hereafter referred to as FERMA) in recent official publications1 , we support fully the ‘three lines of defence’ model. Whilst the primary responsibility for risk management in this model resides within the first line of defence, the risk manager forms part of the second line of defence and retains a degree of independence from frontline functions. In response to the second challenge, whilst acknowledging that stakeholders expect risk managers to possess sector-specific skills which are compatible to the needs, nature and complexity of the organisation, we do not set out to prescribe these technical requirements and instead recognise that these shall remain a function of the candidate assessment and recruitment practices of the enterprise. Nonetheless, this guidance is intended to describe a base level of competencies for a professional risk manager to function effectively in any sector. Should sector specific competencies also be required of a risk manager, the requirements set out in this document should be supplemented by other requirements relevant to that sector. Our focus therefore is on the competencies required of a professional risk manager to deliver/oversee end-to-end enterprise risk management. The remainder of this document, shall describe these core attributes in more detail as follows :  Section 3 – The Role of the Risk Manager describes the tasks associated with each role and common or likely requirements supporting the achievement of these tasks;  Section 4 – Required Competencies outlines the competencies required of a risk manager to effectively carry out the roles described in Section 3 - The Roles of a Risk Manager; and  Section 5 – Demonstrating Competence describes ways in which these competencies can be demonstrated to third parties by risk managers. 1 E.g. Guidance on the 8th EU Company Law Directive or FERMA/ECIIA Audit & Risk Committee Best Practices, available at http://www.ferma.eu/about/publications/eciia-ferma-guidance/
  • 4. We have consciously excluded competencies associated with certain specialist activities often forming part of the risk manager’s role, such as hedging, insurance purchasing and claims management. 2. Key Definitions Whilst the word risk derives from the ancient Arabic “rizq”, which like the Maltese word “risq” refers to gains and blessings, today risk is often understood to mean the possibility of adverse consequences. ISO 31000 defines risk as the ‘effect of uncertainty on objectives’. This is a working definition which we prefer, as it ties risk to an enterprise’s aims and is neutral between the upsides and downsides of potential outcomes. In many cases the optimal arrangements for a risk function will comprise more than one individual. This team may even include individuals from outside the enterprise. We have not taken a view on what type of arrangements are best. For the purposes of this document we have used the term risk manager even where in practical terms a risk function may be used interchangeably. For the sake of consistency, for the rest of the document we have used the term ‘enterprise’ to describe any public or private body or organisation. 3. The Role of the Risk Manager ISO 31000 describes the constituent elements of the process of risk management (sometimes referred to as the 7 “Rs”) as follows: 1. Recognition or Identification of Risk 2. Ranking or Evaluation of Risk 3. Responding to Significant Risks 4. Resourcing Controls 5. Reaction Planning 6. Reporting & Monitoring Risk Performance 7. Reviewing the Risk Framework We have mapped the above process elements to risk manager ‘roles’ as follows. Risk Manager Role Reference To The 7 ‘Rs’ Listed Above Define Risk Architecture 7 Risk Assessment 1 & 2 Risk Response 3 – 5 Monitoring & Reporting 6 In addition to the above, we consider ‘Managing Risk Culture’ to be a central role of the risk manager. Below we have described the tasks and requirements associated with each of these five roles in more detail.
  • 5. 3.1. Define Risk Architecture Defining or redefining the enterprise’s risk architecture follows on from an understanding of its strategic objectives and the threats and opportunities surrounding the execution of this strategy. In order to design an effective risk architecture, a risk manager must understand the enterprise’s internal processes and activities so as to be able to develop a well-defined enterprise risk framework supported by a methodology and suitable tools which complement the nature, scale and complexity of the enterprise as well as the maturity of its risk culture. A risk management policy which takes full consideration of the enterprise’s risk appetite is likely to be an important component of the overall risk architecture. Having expertise in the strategic aspects of risk, it is likely that the risk manager will take on a leading role in supporting the Board and/or senior management in establishing and maintaining a suitable risk architecture. This does not only involve developing a sound risk framework and common risk taxonomy across the organisation but also ensuring an appropriate organisation within the first, second and third lines of defence where objectives are aligned to the overall risk strategy of the organisation. Securing an effective risk architecture requires risk awareness at all levels of the organisation particularly at the level of the Board of Directors and Senior Management and appropriate steering and oversight from the enterprise’s governing bodies. Likely requirements supporting the achievement of these tasks:  Build an understanding of the enterprise including its culture, history, the environment in which it operates (e.g. competition, technological development) and the objectives and constraints of the enterprise and its segments;  Define the objectives of the risk manager within this context;  Define the objectives and the scope of the risk management policy;  Select a suitable risk management framework and develop a supporting implementation plan;  Develop strategies in relation to risk assessment, risk response, (including the principles guiding alternative risk response strategies for the enterprise - termination, tolerance, treatment, transfer) risk monitoring and risk reporting;  Identify the roles and responsibilities of the company’s employees in the context of risk management;  Identify required resources;  Secure approval for the risk management framework from the enterprise's governing bodies / senior management and for required resources;  Communicate risk management policy and supporting architecture to stakeholders;  Implement the risk management framework;  Provide ongoing awareness training to participants in the risk governance organisation and to top management;  Provide methodological approaches in the identification and evaluation of risks linked to new strategic orientations;  Adapt plans/arrangements resulting from changes within the enterprise and its environment.
  • 6. 3.2. Risk Assessment Risk assessment comprises the identification, analysis and evaluation of risks pertaining to the enterprise. It involves the use of suitable tools to facilitate a process of anticipating relevant opportunities and risks at all levels within the enterprise. It includes a process of analysis to classify and evaluate risks, so as to ensure suitable prioritisation and validated of initial risk evaluations by relevant stakeholders. Likely requirements supporting the achievement of these tasks:  Define the risk universe for the enterprise;  Define and make use of a common risk taxonomy so as to achieve a shared understanding of risks and how to assess them. For example ensure that the difference between inherent and residual risks is defined and understood;  Identify the tools and techniques to be used to identify both opportunities and threats.  Facilitate risk identification exercises;  Create a specific scale against which probability and impact of risks can be measured feeding into a risk register and determine the tools and techniques to be used to estimate probability and impacts or identified risks;  Determine when expert assistance is required;  Evaluate inherent and residual risks. Identify root causes of these risks;  Communicate to relevant stakeholders how the risk assessment exercise has been carried out and relevant findings; and  Provide strategic insights to the enterprise based on the work carried out and obtain feedback. 3.3. Risk Response Risk response involves dealing with significant identified risks. The acceptability or otherwise of identified risks can be determined by comparing assessed risks with the enterprise’s defined risk appetite. Risk response then involves the risk manager providing assistance to the enterprise in the implementation of suitable risk mitigation strategies bearing in mind the root cause of the risk and the costs associated with the available risk response strategies. Risk treatment measures can include implementing control measures to reduce the likelihood of the realisation of a risk event or measures to reduce the impact should the risk occur. Part of the risk manager’s role is to ensure that planned risk response measures are put in place. Likely requirements supporting the achievement of these tasks:  Ensure that there is named ownership for all significant risks;  Develop an arsenal of potential risk mitigation strategies. Suggest suitable risk treatment solutions to address specific risks;
  • 7.  Assist with the evaluation of the effectiveness and efficiency of specific risk mitigation plans, (e.g. helping with budgeting and drawing in expert resources as required);  Define jointly, with each risk owner, a timetable for the implementation of action plans;  Participate in drawing up risk prevention plans;  Participate in drawing up business continuity plans;  Support the implementation of risk treatment measures (e.g. carry out risk awareness training); and  Present consolidated action plans to stakeholders. 3.4. Risk Monitoring & Reporting Monitoring should be a planned part of the risk management process and involve regular checks on recognised risks. Effective monitoring ensures that risk management activities are delivering expected results and supports continuous improvements in overall risk management. Similarly, reporting should support the overall risk management framework providing timely communication to relevant stakeholders, which is well understood so as to support sensible decision- making. Likely requirements supporting the achievement of these tasks:  Define and apply risk monitoring indicators which are relevant to measuring the implementation and effectiveness of risk management measures;  Establish suitable tools (e.g. risk monitoring dashboards) to communicate results of risk monitoring indicators, risk scoring and changes in the overall risk profile of the organisation resulting from developments in business strategy or external events;  Define the role and operating procedures of Risk Committees or similar bodies receiving risk reporting;  Establish an appropriate risk reporting agenda which enables risk governance forums to receive and discuss risk-relevant information and which encourages effective risk based decision making;  Communicate risk reporting to relevant stakeholders. 3.5. Managing Risk Culture Risk culture represents the values, beliefs, knowledge and understanding about risk shared by a group of people. Risk culture is influenced and/or reinforced by attitudes, incentives and behaviours within that group where those in leadership roles usually being particularly influential. It is within the role of the risk manager to help an enterprise or segments within it to understand the current risk culture, define what a healthy risk culture would look like and champion efforts to achieve this.
  • 8. Likely requirements supporting the achievement of these tasks:  Understand the features of a healthy risk culture and symptoms of a sub-optimal risk culture;  Improve awareness of issues related to risk culture (particularly at senior levels within the enterprise);  Design and implement co-ordinated actions to achieve/maintain a healthy risk culture;  Encourage open lines of communication so as to share best practices;  Analyse risk events or near misses to identify where cultural lessons can be learnt; and  Communicate internally examples of good and bad practices. 4. Required Competencies The tasks and requirements of a risk manager, as set out above in Section 3 – The Role of a Risk Manager, require a mixture of hard and soft skills. In terms of hard skills, a risk manager should have a strong understanding of risk management and related concepts. This includes the following broad areas:  Business basics  Essentials of risk management  Risk assessment  Risk treatment  Risk monitoring and reporting The ‘Body of Knowledge’ for FERMA’s rimap® certified risk management professional qualification provides more detail and is referenced in Section 7 – Key Sources & Further Reading. In terms of the following soft skills, we have identified the following competencies.  Communication Skills – in addition to credible written and verbal communications skills which the risk manager can adapt to the situation and audience, the individual is capable of making a persuasive case.  Creativity & Adaptability – the ability to approach a problem from numerous perspectives. Flexibility to propose solutions that fit the organisation.  Cultural Awareness – understands the enterprise and the individuals working in it. Cultivates an extensive network. Appreciates potential cultural barriers to positive change. Receptive to information from diverse sources.  Inquisitiveness – displays a suitable level of professional scepticism. Seeks corroborative evidence before accepting the validity of presented information. Prepared to challenge accepted practice or encourage alternative views in order to uncover the truth.  Management – demonstrates strong leadership skills. Able to identify the wider implications of decisions, including the resourcing and budgetary implications.
  • 9.  Integrity – displays objectivity and independence in their work and sound ethical, moral and professional conduct/judgement. As an individual of good repute, puts the interests of the profession before all other considerations and operates at all times within the parameters of what is legally and professionally acceptable.  Organisation – shows ability to prioritise effectively and organise tasks effectively. Daily tasks are congruent with stated strategic objectives. 5. Demonstrating Competence Competence can be demonstrated through a combination of experience and knowledge. The rimap® certified risk management professional qualification is one channel through which competence can be evaluated and maintained. We also consider the following qualifications as equivalent:  International Diploma in Risk Management (IRM - Institute of Risk Management)  Financial Risk Manager (GARP - Global Association of Risk Professionals) We consider the following to be of value in demonstrating competence, but insufficient in of themselves to be considered of equivalent value to the rimap® qualification in demonstrating an individual’s competence as a risk manager:  Professional insurance qualifications  Professional accountancy qualifications In addition to, or in lieu of the qualifications and professional certifications cited above, a risk manager’s experience in industry, where this covers principally all elements cited in Section 3 – The Role of a Risk Manager, is also considered of value in demonstrating the desired level of competence. 6. Document Revision History This document was first created by the MARM’s Educational Sub-Committee in August 2017. It was formally approved by the MARM council on 29 November 2017. 7. Sources & Further Reading In preparing this document ‘The Risk Manager Framework – a professional reference tool’ authored by AMRAE (Association pour le Management des Risques et des Assurances de l’Entreprise) which is available at http://www.amrae.fr/sites/default/files/fichiers_upload/RiskManagerFramework_AMRAE_2013_0.pdf was a key source of reference. Both the content and logical format of this document was used as a template to develop this document .
  • 10. AMRAE is a French national risk management association and is a chapter of FERMA. As referred to above in Section 4 – Required Competencies, the technical knowledge to be expected of a professional risk manager is summarised in the ‘Body of Knowledge’ for the rimap® certified risk management professional qualification (FERMA) – an online resource available at - http://rimap- certified.org/wp-content/uploads/2016/05/Rimap-Body-of-knowledge.pdf A risk manager should be familiar with ISO 31000 and COSO Enterprise Risk Management frameworks. We also recommend IRM briefings and guidance on online resource available at https://www.theirm.org/knowledge-and-resources/guides-aned-briefings.aspx. These are updated regularly and the following are especially relevant:  Risk Culture under the Microscope – Guidance for Boards – an online resource available at https://www.theirm.org/media/885907/Risk_Culture_A5_WEB15_Oct_2012.pdf  A structured approach to Enterprise Risk Management (ERM) and the requirements of ISO 31000 available at https://www.theirm.org/media/886062/ISO3100_doc.pdf