The real role of Risk Manager in a company

Risk management is how the business is identifying, mitigating and managing risks.

Risk Manager (RM) has to have an excellent understanding of the business, the organization structure and key players, how it delivers value to its stakeholders, and where the opportunities as well as the potential hazards lie. It is not enough to be a technical expert. The RM has to get out and be among those in the front lines if he is to understand how the company really works.

RM must be able to communicate and influence at all levels of the business. He must be fluent in the language of this business and not try to express himself using the techno-babble of risk management. The RM must not only be able to gain the attention of key decision-makers, but be able to engage them so that they listen, pay attention, and accept him as a valuable advisor.

RM must step out of the trap of quarterly risk reviews of the top ten or twenty risks, and seek to help the company understand and manage all the more significant risks to the success of the organization — including helping the people in the front lines make better decisions every day because they have and are considering risk information. The RM must help the organization manage the risks that matter at the speed of the business.

Note that there is a very clear relationship between internal control and risk management. Basically, internal controls provide reasonable assurance that risks to the achievement of organizational objectives are at acceptable levels. These two groups (i.e. risk managers and internal controllers) can form an effective collaboration and therefore it will be helpful to take a more in-depth look at their specific roles and responsibilities within the company.

