​​Qualifying a Director as a Risk Expert

Comments Views

​Boards have generally identified experience and insight into risk management as an area where they need to improve. As risk management is integral to any organization’s success, helping it to identify and address risks to the achievement of its objectives, regulators and others expect boards to beef up their ability to provide effective oversight.

I congratulate the Directors and Chief Risk Officers group and The Governance Fund who have published Qualified Risk Director Guidelines (PDF). The team involved in developing the guidelines includes notable risk and governance experts, a number of whom I know and respect.

This is an excellent basis for discussion by the board and its advisors in management about how it will assess whether the directors they add to strengthen risk oversight have sufficient experience, training, and ability.

I like that these guidelines are divided into groupings of attributes:

  • Risk management acumen.
  • Personal attributes.
  • Business acumen.
  • Education.

The guidelines suggest how a director may obtain the required majority of these attributes.

I only have a few quibbles:

  • I believe it is essential for a qualified risk director to understand the relationships between strategy, risk, and performance — and that the consideration of risk is an integral part of every-day decision-making.
  • The risk director should understand the need for every decision-maker within the organization to understand what the right risks are to take. It is insufficient to have broad risk management policies and standards that cannot be translated into guidance for everyday decision-making.
  • The qualified risk director should also have an appreciation for the need to manage risk at the speed of the business (or, as a commenter on one of my blogs said, run the business at the speed of risk).
  • An excellent source of qualified risk directors is experienced (including retired) chief internal audit directors.

I welcome your comments.

​The opinions expressed by Internal Auditor's bloggers may differ from policies and official statements of The Institute of Internal Auditors and its committees and from opinions endorsed by the bloggers' employers or the editors of Internal Auditor. The magazine is pleased to provide you an opportunity to share your thoughts about these blog posts. Some comments may be reprinted elsewhere, online or offline.



Comment on this article

comments powered by Disqus
  • TeamMate_May2015
  • Ideagen_Pentana_May2015
  • IIA-GRC_May2015