Top 10 Skills for Succeeding in Enterprise Risk Management

Many have the impression that risk managers just focus on the technical aspects of risk. While the technical is important, it is just one of the aspects in Enterprise Risk Management (ERM). There are many skills needed to succeed in ERM but it is not just about number crunching, ‘challenging’ others, validating internal controls, any form of internal or external auditing, or EHS specialism. ERM is not all about identifying risk either. During our Tea Talk on 16 October, Mr. Ramesh Pillai, IERP® Chairman of the Board of Governors, spoke on the importance of EQ and soft skills in ERM. EQ and soft skills, while often vastly underrated, are what will differentiate the experienced, effective risk managers from the average ones.


These are the top 10 EQ and soft skills a Risk Manager or Risk Practitioner needs in order to succeed in Risk Management:

1. Problem-Solving

Risk management is a strategic business. At the higher levels, you may be designing risk management solutions and processes for an entire organisation. You’ll need to be both thorough and creative in your approach. Thus, during any task, job, or discussion, don’t be afraid to ask questions for clarification or elaboration; information is crucial to implementing ERM.

2. Analytical Skills

The cornerstone of risk management is analysing risks, evaluating their potential effects and balancing them against the company’s overall risk appetite. Many risk managers will make the mistake of including a lot of data in their reports without proper analysis. As a result, readers of these reports will only be confused and overwhelmed by the information. Risk managers should place focus on the analysis, with the referenced data added to the appendix. Insightful and valuable analyses do not necessarily have to include numbers.

3. Communication Skills

Part of risk management is making sure everyone understands any significant risks and the company’s risk management strategy. This means communicating with all different audiences, from the board of directors to individual employees. Language skills are also important in risk management as they can be used to communicate with all types of people.

4. Business understanding

To identify and estimate the risks to a company, you have to understand how the business works and all the different internal and external factors that can affect its performance. Statistically, there has been an increase in the number of CROs that become CEOs. It is because CEO is the ultimate risk-reward decision-maker. Risk managers also need to know how business works and its effect on risk management; they are like a counsellor that provides advice on whether a certain activity will be beneficial to the company or not.

5. Negotiations & Diplomacy

It’s never as simple as just creating a risk management policy. You have to negotiate with other departments to decide what’s possible, convince staff to be risk-aware, liaise with auditors and justify yourself to your bosses. Part of your job is to be convincing. Be polite and friendly to everyone you meet, including reception staff and assistants. Part of diplomacy is coming across as calm, trustworthy and cool in a crisis. If you’re nervous, smile and fake it till you make it.

6. Numeracy

Risk analysis involves a lot of numbers – costs, estimated risks, probabilities and so on – and while you don’t need to be a mathematician, you do need to be comfortable and confident with calculations. If you’re faced with a numerical question, take a deep breath and think through how to approach it before you dive in.

7. Working under Pressure

Risks can change in an instant when something unexpected occurs and you need to be able to update your strategies and react at a moment’s notice. If things go wrong, your business continuity/backup plans need to save the day.

Obviously, stay as calm as you can and don’t get flustered by unexpected questions. You’re allowed to stop and think before you give your answer. Part of working well under pressure is knowing how to avoid extra pressure. find the hobby to ease the pressure. Or try to do something that will slow down your brain activity before go to sleep like listening to music or watching a movie. If you get your work in well before the deadline, you’re demonstrating that you can keep your cool during a stressful work process and not let things spiral out of control.

8. Collaborative skills

One of the major roles of a risk manager is to be the person that knows everything in the company: access to information is part of effective risk management. Teamwork over individual gain is beneficial for the greater good of the company. Sometimes, risk managers also need to learn to sacrifice their short-term needs for the company. Defeat your own ego and pride so that you can easily work together with team or other department. Risk managers also need to be anti-silo in order to facilitate collaboration as well as sharing between teams and team members.

9. Technical competency

A successful risk manager has to possess competency in technical skills. A good pathway towards competency is to get a certificate in risk management; continuous professional education is important in order to keep learning and improve. To keep updated on risk management best practices, risk managers always need to do research, reading and also a lot of networking.

10. Character

Last but not least: character. Risk managers have to have independence and integrity, integrity, integrity. A good risk manager must simply know what is right and what is wrong. A good risk manager also needs to stand firm on their decisions and will not be easily persuaded by other people with their own agenda. No matter how good you are in other things, if you do not have a good character, everything else will fall apart.

During the Q&A, a participant asked: “How do you get the top management of your company to understand ERM?” Mr. Ramesh suggested to get those senior enough to discuss with top management on the implementation of ERM. Get the chairman of the Board of Risk Management or Chief Risk Officer to discuss with top management to make sure they understand ERM. Try to simplify ERM and assure them that ERM is not about compliance, it is about making money for the company. Alternatively, risk managers can bring someone influential in ERM knowledge to discuss with top management so that the implementation of ERM can done smoothly.

All in all, in order to successfully facilitate successful ERM practices, the risk practitioner needs to have both the technical skills as well as the EQ and soft skills. With the top ten skills mentioned above, you will be able to foster trust with your team members, other departments, staff, senior management, and the board — all of whom are critical to your job effectiveness.

Top