Some thoughts as you start out in risk management
I received an email a while back from someone just making their start in risk management asking if I had any thoughts or advice. The response quickly became several pages long and I thought it was worth turning it into a blog piece that others might benefit from. There are around nine specific thoughts to share and I will add one or two to the list below each week.
Getting started in any career or specialist field can be daunting and risk management is no different. There are many challenges out there and some will continue to crop up as long as you are practicing risk management. Here, in no particular order, are a few things to think about as you embark on your career as a risk manager.
1. Identify the differences between theory and practice
Most people have some kind of theoretical training before they get their start in risk management. Even someone who has been a practitioner should formalize their knowledge and skills before taking on a role with a formal risk management responsibility. (This is the approach I took and I found that I gained a great deal from some formal study.) However, there are big differences between theory and practice so one of the first things you have to do is figure these out.
How theory is interpreted
There will always be some differences between risk theory / regulatory structures and what things looks like in reality, even in highly regulated industries, This could be as simple as using different terminology for a group (e.g. is the risk committee called something else?) or is a different methodology used for assessing risks.
These changes are necessary to ensure that the theory or regulation can be applied effectively within the organization. Most standards and guidance documents will include words to the effect that organizations can adapt the standard to meet their needs as long as they adhere to some central tenets.
This will usually result in some kind of risk management policy and procedure explaining how risk management is conducted in the specific organization. These translate the theory into practical steps and will act as your day-to-day guidance for what you need to do.
Think of this as how is the theory is interpreted.
How theory is applied
However, even if the theory or standard has been adopted without alteration, you need understand what this looks like in practice. How is a risk assessment conducted, how does the risk committee meet, what is the format for the risk register? These are all things that you need to understand.
Sometimes there will be differences in procedures within the organization and some departments may apply the guidelines differently. This isn’t necessarily wrong but it can make it difficult to get a clear picture of how risk management is actually practiced. Nevertheless, you need to understand what the day-to-day system looks like.
Think of this as how the theory is applied.
Mind the gap(s)
Once you understand how the theory is interpreted and applied, you will be better able to operate within the organization risk management system. You can also put your theoretical knowledge to better use because you can now relate this to the practical, day-to-day risk activities in your organization.
However, do keep the theoretical in mind. Sometimes things are adapted or interpreted in such as way that things diverge from the intent of the theory or regulation. As someone who has recently undergone formal training, you are in a good position to spot any space between theory and practice.
Remember that things change
Remember, theories are amended and regulations get updated so keep educating yourself. Refer back to what you learned and stay up to date on developments in the field and particularly your sector. This will help you maintain a good sense of the theory as a touchstone you can always refer to.
I hope you found this useful but let me know – add your thoughts in the comments below.