Featured Strategy

How are risk leaders tackling their first year in role?

Lindsay Ojutiku
by Lindsay Ojutiku
13 min read
Sep 2, 2025

Choosing which initiatives to prioritise in the first months of your new job is crucial. There's so much to think about while you also need to make a good impression and reassure senior leadership that you were the right choice for the job. 

Of course, each new CRO/Head of Risk role is unique. You may have been brought in with a mandate from the board or executive committee: to build ERM from scratch; to get the business ready for an IPO; to improve a specific area; or head a new consolidated team. 

While our membership is diverse, a significant number of our members are new into role. It's a time when peer collaboration couldn't be more vital and makes a significant difference to those challenging first months in role.

Here's a list of key areas that the majority of risk leaders in our network have focused on when new into role, and some practical tips they've shared.

 

Key challenges for all risk leaders new in role:

1. Building relationships with key stakeholders

Probably one of the most time-consuming parts of your new role is getting to know key stakeholders. Building relationships takes time, and you want to showcase Risk in the best possible light.

To support risk leaders in this position, we facilitate targeted collaboration with practising CROs/heads of risk who have extensive experience and can help you understand: how have other risk leaders successfully built relationships in a new company?

Phone icon
Get ideas and approaches from risk leaders who have built strong relationships in a new company
Speak to a member of our team about the targeted peer collaboration we can organise for you through membership.
Book an exploratory call


There may not be any shortcuts, but learning from the successes — and mistakes — of peers could save you valuable time in those first months.

3 key tips for strengthening partnerships, suggested by members:

  • Speak about risks in such a way that they come a "strategic imperative" for the business. By discussing your material risks in terms of innovation, disruption etc., you can better communicate their strategic relevance to executives.

  • Schedule 1-to-1 meetings with the chief strategy officer to focus on aligning principal risks with the business' strategic pillars.

  • Ensure the risk management function is involved in planning for both the short- and long-term horizon of the business. Participate in proactive strategic discussions, as opposed to just responding to what the board/executive ask for.

 

2. Setting up or improving your GRC tool

When starting a new role, most risk leaders will review their current GRC tool (if there is one) and put together a plan for optimised risk data collection, monitoring and distilling, to elevate how risk data and insights are being used by the business and leadership.

Questions you might be asking:

  • Is the current set-up fit for purpose?
  • Where do I start with choosing and implementing a new tool?
  • What are my best options?
  • Is the grass always greener?


Of course, a lot depends on the budget you're able to secure for a GRC system.

If you have budget
(Skip to the next section if you won't have budget)

It will become clear relatively quickly if your organisation has budget for investing in a new GRC tool or building a tool in-house.

Whichever path you choose, the process may seem pretty daunting. And while no step is quick, we have been helping risk leaders speed up the process through collaboration in our network.

(i) Choosing and implementing a new GRC tool

Key steps:

a) Putting together a business case
We've created a peer-contributed business requirements template for Risk-related systems to help speed up this part of the process for risk leaders in our network.

b) Create and narrow down a shortlist
How do you choose a final supplier without having to sit through endless sales pitches? We've helped our members speed up this process by facilitating a series of 1-to-1 candid discussions with other risk leaders who have experience of the systems on the member's shortlist, free from vendor bias.

c) Implementing and optimising your new tool
You'll need to get the new tool working effectively in your new organisation. We've helped our members to avoid early implementation pitfalls by facilitating 1-to-1 calls with peers who have already embedded the chosen system in their organisation.

(ii) Implementing an in-house solution

Of course, you may decide that you'd be better off spending your budget on creating an in-house solution.

Risk leaders in our network are collaborating and sharing approaches to save time creating their own system, and to create the optimum system for their organisation. 

Spend money icon
Spend your GRC budget with conviction
Explore how membership can support you in all stages of overhauling your GRC system.
Book an exploratory call

 

If you won't have budget

Many risk leaders begin a new role with big plans to overhaul the organisation's GRC tool, but discover that there is no appetite or budget for such plans.

In that case, you'll need to work out how to make the most of your existing resources. Whether that's optimising the company's existing GRC system, creating a make-shift tool using spreadsheets, or leveraging free/cheap software such as Power BI, you can still make a huge impact. By collaborating with peers in our network, we can fast-track your route to success.

meeting icon
Would you like to hear from a risk leader who has been in this position and implemented something successful?
As a member, we can facilitate this kind of collaboration for you. Take tried and tested, budget-friendly approaches back to your company.
Book an exploratory call

3. Benchmark emerging risk in your sector

You've just started in your role. You're probably snowed under dealing with stakeholder engagement, and getting to grips with a new board and senior leadership dynamic. You might have an engaged board who value risk management and are keen to hear from you — or one of your biggest challenges might be to just get your board to even just engage with principal risks. You'll also likely want to improve the horizon scanning capabilities at the business and monitor its emerging risks.

You may well be able to bring some knowledge and techniques from your last role, but when will you have the time to properly make sure that you're on top of all the risks on the horizon for your company, and that you haven't missed any blind spots?

We offers our members two low-effort ways to stay on top of emerging risks. 

(i) Benchmark emerging risks in your sector
We create bespoke benchmarks, on-request for members who want a better understanding of the emerging risks their sector peers are prioritising. 

Example page:

Emerging risk and opportunities

Recently we've created bespoke benchmarks on emerging risk for members in the following sectors:

  • Retail and consumer goods
  • Digital/SaaS sector
  • Renewable energy
  • Telecommunications

As a member, you simply ask for the benchmark (and request any specific insight you want to get out of it). We find the right sector peers to participate, and produce a report with the results.

benchmarks icon
Are you interested in benchmarking your operating model, risk assessment criteria, or something else?
Arrange a short call to explore how we can help you with bespoke benchmarking as part of Risk Leadership Network membership.
Book an exploratory call


(ii) Save time collecting and analysing trends from external emerging risks data

To support a risk leader who wanted to reduce the time their team spent collating external data on emerging risks, we created the Emerging Risk Reporting Comparison Tool. This interactive platform highlights trends in the emerging risks that others are reporting on in company annual reports and external reports (e.g. consultancy reports, WEF, reports from insurers/reinsurers etc).

Now available for all our members, our Emerging Risk Reporting Comparison Tool gives you instant access to trends in external emerging risk data.
 
HST blog (1)
Risk Leadership Network's Horizon Scanning Tool
Request a demo today.
Request a demo


We're also developing a second AI-supported emerging risk solution. This is being built with members and designed to help ERM teams detect weak signals and leading indicators around key emerging risks. The aim is to help members track emerging risks more dynamically. This could help enhance your emerging risk framework making it more actionable and forward-looking. Book an exploratory call to find out more.


4. Validate your plans before implementation

When you start at a new company, sometimes it can be hard to find people to bat ideas against. Risk is isolated in general. And as the new starter, you really want to be confident in what you're presenting, and what you're trying to get the business to engage with.

But, with Risk Leadership Network membership, we can put you in front of people who have done that already. How useful would it be to talk to someone who's 6 months — or a year —ahead of you? 

By facilitating bespoke collaborations with the right practitioners, you can validate your proposed approaches before presenting them internally.

How this works in practice

You could give us your new risk matrix, risk taxonomy, KRIs or intended strategy to a particular initiative (anonymised) and we can get peers to review it, suggesting areas for improvement that have worked in their organisations. If you'd rather present something directly to a peer yourself, we can make this happen too.


We've also introduced a buddy/mentor system so that you can have a risk leader outside of your business validating your plans. Perhaps you'd benefit most from buddying with another risk leader who was recently new into role, or maybe you'd prefer a really experienced practitioner who has been the newcomer a number of times throughout their career.

Untitled design (40)
There's no need to be alone
Get external validation of your plans from some of the most experienced risk leaders currently in practice through Risk Leadership Network membership.
Book an exploratory call

 

5. Ensuring a risk lens to decision-making

You won't have been at your new company for long before risk appetite — or something similar — becomes a big topic of conversation. How are you going to embed risk into business decision-making.

Operationalising risk appetite is a common area of focus for many global organisations within the network — others also consider control effectiveness, target risk states and other methods to embed risk management in the companies.

Regardless of your organisation's current maturity, we regularly facilitate collaboration and knowledge-sharing among peers to support members with their specific priorities. Here are some examples of outputs from recent collaborations:

4 risk appetite statement templates
How do risk leaders at multinational organisations present their risk appetite statements?

5 templates for setting risk appetite
How do practising risk leaders at large non-financial organisations set risk appetite?

11 visual risk reporting  templates
How do leading CROs use visual risk reports to catch the eye of their senior leadership team?

Risk appetite statement flowchart
In order to help risk leaders navigate the journey of developing risk appetite statements, from their creation to their review and endorsement, we present the results of a recent benchmark in an easy-to-navigate flowchart.

How to build an effective suite of key risk indicators
During a series of virtual collaborative meetings, risk leaders shared how they address the challenge of raising and setting KRIs and linking them to appetite.

5 ways to boost executive engagement with risk
How have experienced risk leaders successfully engaged their executive committee?

4 steps to refresh risk appetite
Here are the key steps risk leaders are following to refresh risk appetite in their organisations.

How to drive greater risk awareness by strengthening partnerships with strategyWhat are members doing to get Risk a seat at the strategy table?

Using risk appetite to support decision making: three case studies
How is risk appetite being used as a tool to support decision-making at three multinational organisations?

Five ways to partner with the business to develop KRIs
Practitioners highlight a range of approaches they are taking to work with the business on the development of KRIs.

How can risk appetite add value throughout the whole organisation?
Explore key trends from a recent benchmark we produced for a member to understand how risk appetite is used by peers at FTSE, ASX, and large privately-owned organisations.

If you're starting in an established risk function:

Skip to creating a risk function from scratch

  1. Assess your organisation's current risk maturity

Many risk leaders tell us that assessing their organisation's current maturity is top priority when they begin their role.

Often, you'll think you've got a good idea about the organisation's risk maturity through the interview process. Then you start the role. And you realise you hadn't quite got the full picture.

From your own experience, you'll quickly identify some areas for improvement, but you'll also want to externally validate your assessment to ensure it's fair and that you've covered all grounds. 

Some risk leaders get external consultants in to perform a maturity assessment but we've developed a maturity model and cohort benchmark that members are using as an alternative. Download a sample here.

Phone icon
Find out more about our membership model and cohort benchmark
Talk to a member of our team
Book an exploratory call

 

2. Revise your organisation's risk taxonomy

You come into a new role and one of the first things you'll review is your organisation's risk taxonomy. You'll quickly make your own judgment and identify areas for improvement.

It won't be long before you begin revising the organisation's taxonomy and will be looking to present a new version to your board/ARC.

But how do you ensure that your original assessment of the organisation's taxonomy was objective? Have you selected the right categories and risks for the new taxonomy? And will your revised taxonomy definitely be an improvement on the last?

You know that if you don't get it right, it's hard to get other elements of your risk management framework to stick. So what do you do?

For Risk Leadership Network members in this position, we've facilitated a peer review of the revised taxonomy. The member presents their revised taxonomy to sector peers, and participants will provide feedback and suggestions, based on what's working in their organisations.

Phone icon
Talk to us about how our network can help you review your taxonomy
A peer review is a quick way to move forward with confidence.
Book an exploratory call

 

3. Leading a risk transformation/evolution programme

You've got big plans for Risk in your new organisation. Wouldn't it be useful if, at every stage of this journey, you could share ideas and validate your approach with experienced risk leaders who had been in your position?
 

MEMBER CASE STUDY
Getting buy-in for a risk transformation programme
Watch this video to see how we supported one member to get buy-in from the board and risk team during their risk transformation journey in a new role.


Whether you need bespoke benchmarks on specific areas of your plans or bespoke 1-to-1 calls, we'll facilitate the access to peers that you need to implement your plans, fast. Book an exploratory call to discuss how we can get this to work for you.

Phone icon
How can tailored peer-collaboration support your risk transformation programme?
Speak to our engagement team to find out more.
Book an exploratory call
 

5 starting questions for your risk transformation journey:

  • What is your risk management objective
  • Should you start by measuring maturity?
  • Are you conflating technology and cultural change?
  • Should you prioritise 'quick wins'?
  • Achieve a balance of leading and lagging KRIs

Read the full article, which summarises a range of ideas and considerations shared by senior risk leaders during a recent collaboration.

 

4. Beyond ERM - risk adjacent responsibilities under your remit

Have you taken on additional responsibilities beyond enterprise risk management? Or perhaps ERM has been brought under your remit which, until now, focused on other corporate disciplines?
 
Increasingly, we're finding that ERM is not being siloed in businesses. This means that lots of heads of risk have other responsibilities too, like assurance, audit, resilience, BCM. Avoiding duplications, leveraging existing workflows and frameworks, and truly embedding ERM in decision-making and business governance - these are all objectives of many of our members who have several areas of responsibility.
 
These members with diverse responsibilities all find value in the network, speaking with peers with similar cross-discipline remits as well as speaking to CROs/heads of risk who are solely dedicated to ERM.
 
Risk Leadership Network supports risk leaders on those supplementary areas of risk, providing you with direct access to leaders who specialise and have experience in these functions.
 
Membership
Speak to a member of our team
Discover who else in our network you could meet who has risk-adjacent responsibilities.
Book an exploratory call
 

If you're creating a risk function from scratch


1. Benchmark risk operating models in your sector

You want to establish your new risk function with the right structure and the right resources in place. But how do you know what operating model is the norm in your sector, especially if your new role is in a new sector?

Our members regularly ask us to create a benchmark of operating models among sector peers. Recently we've produced benchmarks for the following sectors:

  • Pharmaceuticals
  • Financial services
  • Manufacturers
  • Digital
  • Energy and utilities sectors
  • Retail
  • Logistics

And we've also produced a market benchmark, with operating model data from over 50 multinational organisations globally.

MEMBER CASE STUDY
New in role: benchmarking operating models and emerging risks in a new sector
Watch this video to see how we supported one member who was new into role and wanted to understand how to structure their risk function.

 

 

2. Building ERM that actually works for your business

If you're setting up your risk function from scratch, some risk leaders like to lift as many templates as they can to get the job done.

But if you really want it to work for your business — i.e. you really want the business to see value from risk — then your approach will be nuanced. Lifting templates won't cut it.

You'll want to speak with other risk leaders who have implemented the various elements of your new framework, to get new ideas and validate your approach before you begin to implement it. And there's no better way than joining Risk Leadership Network.

We know you've got your work cut out in the months ahead. We also know that, from member feedback, this a time when Risk Leadership Network membership can be of incredible value to you.

Explore membership and request more information on the specific ways Risk Leadership Network membership can support you in your new role. 

 

 
Previous post
← Case study: Risk maturity self-assessment and benchmark
How risk reporting is evolving: 4 key trends
Reporting and data

How risk reporting is evolving: 4 key trends

Jan 9, 2025 4 min read
4 steps to refresh risk appetite
Risk appetite

4 steps to refresh risk appetite

Jul 10, 2025 5 min read
How has risk appetite evolved in the past 3 years?
Risk appetite

How has risk appetite evolved in the past 3 years?

Jun 21, 2024 4 min read

Get new posts by email