What is a risk manager

What is a risk manager

What Is a Risk Manager?

Risk management is a universally relevant business concept, acknowledged by most as critical to the success of an organisation. Every business faces a wide variety of risks and threats, which in many cases can be brought under control to minimise the likelihood of their occurrence. Larger companies hire extensive risk management teams, others bring in third-party service providers and many small business owners take care of things manually.

But in terms of those who work in such capacities, what exactly do risk managers do?

The Risk Management Profession

Defined as simply as possible, a risk management specialist is an individual who takes responsibility for identifying, controlling and ultimately reducing the risks an organisation faces. Risk management plays a central and critical role in the overall management of the business, with wide-reaching implications. The actions of the risk manager have a direct impact on financial performance, efficiency, output, health & safety, competitiveness, stability and overall success.

As for their specific duties, risk management is a field of multiple responsibilities and inter-connected disciplines. They may work as part of a larger team, or be given full responsibility over risk management for the business.

Professional risk management strategies comprise five essential elements, which are as follows:

Risk Identification – First of all, the risk manager must carry out an extensive evaluation of the business from both an internal and external perspective. This allows them to identify each and every relevant risk, which to one extent or another poses a threat. Each risk must be considered in accordance with its severity and likelihood of occurrence, in order to be appropriately prioritised.

Ownership Allocation – Risk managers must then focus on risk ownership, meaning who has control over the risk or is responsible for its supervision. In addition, they must think carefully about the consequences of each risk and the action that must be taken in the event of its occurrence. This effectively means creating an action plan to deal with any and every threat the business faces.

Planning Control Measures – This is followed by comprehensive consideration of every threat identified, in order to determine the most suitable approach for controlling, reducing or eliminating it altogether. Some threats can be transferred to others, some minimised in likelihood of occurrence to near-zero and others simply have to be accepted as they are and carefully monitored

Strategy Implementation – Once the first three steps have been used to create an all-encompassing risk management strategy, the time comes to put it into action. This is a process that often means site-wide changes to operation procedures and the involvement of every member of the workforce. Risk managers work closely with senior management throughout the process.

Assessment and Enhancement – Effective risk management must be seen as an ongoing and dynamic process – not something of a one-off administrative box to be ticked. The assessment and evaluation process must continue indefinitely, allowing the risk manager to identify areas for improvement, critical holes in the current strategy and where it has proved to be most successful.

Where do Risk Manager Work?

Risk managers may work as full-time employees for larger businesses, or with consultancy firms that offer third-party service provision and temporary contracts. Their job often involves travelling to meet with stakeholders, visiting off-site premises to analyse external risks, organising conferences to present findings remain up to date with all relevant legal and legislative requirements.

Most risk managers will have experience in a wide variety of risk management types, though other specialise in one or more key areas – examples including:

  • Enterprise Risk
  • Corporate Governance
  • Regulatory and Operational Risk
  • Business Continuity
  • Information and Security Risk
  • Technology Risk
  • Market and Credit Risk
  • General Responsibilities

Exactly what the risk manager does on a day-to-day basis will be determined by the size, type and purpose of the organisation they work for. Generally speaking however, their primary responsibilities will include any combination of the following:

  • Developing company-wide risk management strategies in conjunction with senior management
  • Devising and implementation of policies and procedural standards to minimise and control risks
  • Identification, analysis and recording of all relevant risks and threat, to be retained as crucially importance evidence of risk management efforts
  • Ongoing evaluation of current risk strategies, in order to identify potentially weaknesses and areas for improvement
  • Liaising with management, stakeholders and members of the workforce to get an all-round view of the way the business operates and its most immediate risks
  • Working with project managers to help assess and gauge the risks attached to business projects at all levels, in order to measure their feasibility
  • Production of reports and essential business papers for managers, stakeholders and members of the workforce.
  • Direct supervision of health & safety standards in the workplace, in accordance with official legal and legislative requirements
  • Provision of training and coaching to employees across the business as a means by which to bolster a working culture of risk-awareness and avoidance.

An investment in quality risk management provides an organisation with an effective and invaluable secondary insurance policy.


© 2016 Organisation of Certified Risk Managers