Global Information Risk
Management Recruitment
Telephone: +44(0)20 7987 3838 Email:

The tasks of a risk management professional

Filed under: Features — Mark on October 2, 2013

Hamlet, Prince of Denmark, may not be one of the greatest exemplars of risk management, but he did coin the striking phrase “the readiness is all”. This expression does rather encapsulate the role of the modern risk manager in a large company or organisation. This role is all about smoothly steering a company in to a position in which it is optimally prepared for the worst, whatever the worst might be.

A risk manager will identify weaknesses in an IT infrastructure, and make sure that any gaps are spotted, and that same manager will also have a Plan B at the ready for being able to keep operations running smoothly should “the worst” happen in the form of the corporate computer system being breached. A more general risk manager will be hyper-aware of a wider range of risks, be they financial or physical (pertaining to climate, crime, or terrorism).

Under this broad umbrella of super-readiness, today’s risk managers have four key tasks commonly pinned to their job descriptions.

Auditing awesomeness

The first such task is auditing. A risk manager cannot really do anything constructive without knowing the lie of the land for which they’ve been given assigned a good deal of responsibility. Consequently, an audit needs to be conducted of the relevant systems under the manager’s brief. In IT Risk management, this will mean taking a close look at the IT infrastructure; in particular the network holding the business together. The age and reliability of equipment will be noted, and records will be taken of any previous security breaches. When it comes to more general risk management, a health and safety audit of a building might be appropriate: In a factory, equipment might be checked, for instance, or in an office block, buildings could be inspected for asbestos.

Expert analysis

The next stage is one of analysis and, where necessary, interpretation. An effective risk manager will pore over the data produced by their audit, in an effort to extract impartially both strong and weak points. Problem areas (a leaking water pipe in the server room, for instance), faultlines (an IT system administrator with an irregular attendance record, bordering on the unreliable), weaknesses and any accidents waiting to happen will be noted and prioritised for attention.

The two Rs

The third task is that of reporting and recommendation. The risk manager will report their findings to relevant executives along with costed and prioritised recommendations for changes. The report will need to be written in a language everyone in the company can understand, from the CEO down.

Putting things into effect

The fourth and final key task will be the implementation of any recommendations, including the following:

– Writing new or revised procedures for staff to follow

– Authoring processes and workflows to plug loopholes in systems.

– Disaster planning and/or conducting simulations of emergencies (sometimes specific disaster planning experts are brought in for this work)

Finally, once all this work has been completed, it starts all over again from step one. Risk management is cyclical in nature; tasks and issues have to be revisited in order to ensure that a corporation stays up to date and on track, and perpetually in that desirable state of readiness.

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URL

Leave a comment


Please register and browse our jobs so we can help you start a new career!




Acumin © 2006-12