There is little to be gained from attending to a graze on the knee of an injured person when they have blood gushing from a wound on their head. Risk management tends to attract individuals who are precise and although a risk manager needs to ensure that the framework is applied accurately and completely, they always need to bear in mind both priority and materiality.
The ability to recognise and focus on priority and materiality within a business or function is essential for an operational risk manager. They will analyse all potential scenarios of a process to identify the risks. It keeps us honest, makes us work harder.”Ī good operational risk manager will instinctively question everything and want to find out more, from what they read about the industry, or what change is happening in the 1 st Line, or how a process works, and what went wrong when the process didn’t. (…) And having you in this building has made this workplace better. Going back to the quote from Obama “You’re not supposed to be sycophants you’re supposed to be sceptical. If there was no need to validate, there would be no need for the 3 Lines of Defence. A good risk manager will maintain objectivity with the business, not jump to conclusions, but should naturally seek to validate answers they are given, before coming to a decision. Scepticism should not be confused with pessimism. The business and functions do not have to personally like the operational risk manager, but they do have to respect their position and opinion.Ī good operational risk manager will be able to nurture and maintain a good relationship with the business which can withstand a ‘healthy tension’ to ensure the right level of debate and challenge. Credibility does not imply the need for ‘greyed hair gravitas’, however you do need to have knowledge of the business, products and processes, of what good risk management looks like, and to be able to ask those tough questions. There have been many examples throughout history where the boss, or those in authority, have not been challenged appropriately, even though the error had been noted, with disastrous consequences.Ĭredibility is key to relationship management with the business. They will be comfortable challenging within any of the 3 Lines of Defence and at any level of the organisation regarding the operation and application of the risk framework.
Highly effective operational risk management requires a specialised skill set and a strong personality, with the analytical, technical and relationship management skills required to tread a delicate balance with colleagues and senior management daily. Organisations are waking up to the benefits of an operational risk management department resourced with experienced, highly effective individuals.
In reality, the operational risk manager role is crucial for the effective running of your firm and compliance to regulatory obligations, thereby minimising losses within your processes – not least taking account of the reputational impact of breaching a regulatory requirement. In the past, operational risk tasks were sometimes viewed as compliance or administrative rubber stamps and were handed to someone as a ‘side of the desk’ task, or given to someone junior or inexperienced. Having worked in financial services risk management and recruited for countless risk managers during the past 20 years, we have seen many operational risk candidates and worked with countless operational risk managers. This may be a quote from Obama addressing the White House press corp for the final time whilst in office however, don’t these words also absolutely ring true for operational risk managers? It keeps us honest, makes us work harder.” “You’re not supposed to be sycophants you’re supposed to be sceptical.