Is building a stronger risk team simply a matter of hiring more risk professionals, or is there another way to develop the capability of your risk function? Once you have found a way to expand your capability, how do you build a compelling business case for this?
Even once you’ve made your business case, actually finding the right talent can be a minefield. How do you market “risk” as a career? And when do you know you’ve spotted the right skill set in a candidate?
Over the course of several one-to-ones and member meetings, practising risk managers across different industries and geographies have shared with each other their tried-and-tested methods that have secured them better internal business cases and better risk resource.
These insights have been captured in a discussion paper that is now available to read on our Intelligence platform. Here we share just four of the key tips members have discussed in depth:
1) Identify the necessary skills for your risk team
Whether you’re recruiting internally or externally, or just trying to identify the gaps that exist in your risk team, an important first step is to come up with a list of key skills and attributes that risk professionals joining your company should have.
These skills may be related to the position of group risk within the business or what is required of them – for example, if Risk is expected to focus a significant amount of attention on compliance issues, you may want to consider hiring people with a legal background.
More generally, members agreed a good skill to have for any risk manager is the ability to engage with senior leaders and people around the business in their day-to-day business language, while open-mindedness – allowing someone to look at potential scenarios from different perspectives – is a valuable characteristic.
Several members admitted that a strong theoretical knowledge of risk or risk qualifications are not actually the most important requirements they look for when recruiting; instead, favouring demonstrable practical, real-life experiences of helping businesses manage risks.
2) Leverage graduate programmes
One way to bring people into the risk team, and cultivate the necessary skills, is to use graduate schemes, showing young people entering the business why Risk is an advantageous path for them to follow.
Some companies have programmes in place that allow graduates to spend a few months in a series of group-level functions, before deciding what part of the business they want to work in.
Even if an employee doesn’t want to continue working in Risk long-term, spending time with the risk function is a great foundation for learning about the business and prepares future employees to be better risk managers in their day jobs.
3) Align functions for increased efficiency
Besides recruiting new Risk FTEs, there are other ways to enhance the risk function.
Although this won’t necessarily work for every business, there is a case to be made for aligning different functions – for example, the risk and audit teams.
While bringing the risk and audit teams together under one umbrella does raise potential issues – it’s not always easy to delineate the separate roles played by risk and audit teams, and aligning functions could blur the lines more – this may enable the risk function to enhance their advisory capability and provide more relevant risk information to first line business units.
4) Focus on capability, not headcount
Having more hands on deck may seem like the obvious solution with regard to risk resourcing, but risk teams should consider whether they can offer the same amount of capability without a bigger team – this could mean bringing in an external consultant to work with the business for a short period of time.
The money you end up saving on someone’s salary could be used to bring in an external resource that will focus on levelling up a certain aspect of the risk management framework. They impart knowledge and new skills to existing risk team members and improve the team’s capabilities long-term.
An alternative option, if the business doesn’t have one already, is to think about implementing a GRC system. Although this would require a significant investment, it would allow the risk team to repurpose some of their resources to perform different – more value-adding – tasks, such as data analytics instead of simply data reporting. A risk system also tends to save a team time and money in the long term.
Discover how Risk Leadership Network members are building their risk teams
To read the full discussion paper on risk resourcing and find out more about how members are building their risk teams, as well as how you can participate in discussions on this topic, enquire about membership here.