Almost every industry is in the grips of a seismic shift driven by technology. This is creating challenges and opportunities in equal measure for all organisations – big or small, old or new. New business models, emerging new players, speed and ease of change, need for greater agility and flexibility, increasingly sophisticated and more pervasive threats, changing skillsets and unprecedented levels of disruption are now the ‘new normal’.

A critical capability required in helping organisations deal with this fast changing and increasingly complex world, is effective risk management. It is universally recognised that risk management capabilities need to evolve to stay in touch with the changing environment – it could even be argued that they should be pushing to get ahead of the curve to provide a robust framework to help the business manage risk properly through the change.

This is a huge challenge at a time when the headwinds around managing cost in many of these organisations are blowing their hardest. This means improvements to frameworks, processes and methodologies, it means better tools being used more effectively, it means better trained people with deeper skills and expertise, it means better use of the data and information available inside and outside the business but, more than anything, it means smart, empathetic, consistent and effective risk management leadership – across all three lines of defence and at all levels of the business – to make things happen.

In talking to current and aspiring risk leaders, as well as those who have a vested interest in their success such as other executives/senior management and Non-Executive Directors, it is clear that risk leaders face some very unique demands, as well as having had such a focus in the past on technical skills and experience. Getting a handle on how we prepare our future leaders in the risk arena warrants some focused attention.

In doing that a number of important questions need to be considered:

  • What does it take to be a successful risk leader in terms of competencies, behaviours, personal qualities and critical learning experiences?
  • How does this profile differ from other leaders in an organisation?
  • Will the success profile change in shape or emphasis over the next 3-5 years?
  • How does the current crop of risk leaders stack up against the profile? Where are these skills gaps, if any?
  • How good is the support given to help with their development?

A review of existing research in this area highlights a lack of data driven insights, as well as a lack of focus on the softer side of leading in a modern day organisation. Whilst largely anecdotal, it is widely recognised that of all the Executive Officer roles, the one that turns over the most frequently is the Chief Risk Officer – why is this?

We all have our theories but rather than continuing to just talk about it, we decided to look into this in more detail and to carry out some original research. We teamed up with the Institute of Operational Risk and OR Talent – a global leadership assessment consultancy – to carry out a programme of research activity.

This report is the result of that research – a combination of in-depth interviews with a range of current leaders and senior stakeholders, a survey completed by over 200 risk practitioners and the practical insights of the leaders in our organisations representing almost 80 years of knowledge in this area. We are viewing this report as something that stimulates debate around this topic and hopefully results in some specific actions being taken at an individual, organisational, industry or wider professional level. Follow this link to read the report – what makes a successful risk leader.

We hope you find it interesting and thought provoking.

Dougie McAndrew, November 2018