The Institute of Risk Management (IRM) talks to Claudia Craia (Cruceru) IRMCert Group Governance and Risk Manager International Personal Finance Plc on what working in risk is really like and what advice they would share with people looking for a career in the industry.
How did you get your job in risk?
I worked in several internal audit roles for about nine years in the same company, when the governance and risk management role at the Group level became available. I had had previous connections with the risk management process as part of my internal audit roles, but only as a facilitator of risk assessments in the specific business unit I was working for. This risk management role was, however, significantly different, as it involved, as turned out later, to be very technical from risk management methodology aspects.
What’s a typical day like as a Group Governance and Risk Manager?
The risk management process in the organisation I work for is in the hands of many people and, in many ways, my responsibility is to coordinate the risk assessment process across a significant number of people and across multiple business units and the Group. When I’m not having discussions with the risk owners on their risks and actions to address these risks, I am consolidating risk information into reports that reach senior management, risk management committees or even the board. Our process follows a generic PIML (plan-implement-measure-learn) approach and an extensive part of my time is dedicated to identifying opportunities to improve the risk management methodologies, influence the changes to methodologies and then actually embedding them across the Group.
What do you enjoy most about your job?
I love working with numerous people, of different expertise and seniority. Although I am the only individual with the title of risk manager in the company, there are many people in our business who understand and apply good risk management principles and practices. I have learnt a lot across the last three years about different aspects of risk management as for example: strategic thinking and ability to anticipate the future, operational risk management, compliance or more specialised arms of risk management like health and safety, business continuity and project risk management. When I was an internal auditor, I thought that I had the opportunity to know and get connected with the entire business, but I was not even close to the exposure to the business that I have in my current role. This is the second part of my role that I enjoy the most.
What are the challenges?
I think there were some things that set me back at the beginning, three years ago, when I started this role. Probably the most challenging part was the period when I effectively learnt to do my job, to understand what risk management is and what is trying to achieve or how the organisation can benefit from it. I was less confident due to the limited technical knowledge and I was probably regarding it as an obstacle. Three years later, I barely remember those days and I feel like I was born and educated myself to do this type of role and I can’t really identify any challenge at the moment.
What made you decide to study the International Certificate in Financial Services Risk Management?
As I said before, I had to learn how to do my role. I was having some ideas about what risk management is, from my role as internal auditor, but when you have to coordinate a process that eventually results in output to the board on the risks across the organisation; you start to think that you have to be a bit more educated in this discipline.
Additionally, in our business, there are individuals who have significant expertise in this discipline, I wanted them to have a reliable partner to support their initiatives and basically help them, rather than hinder them.
What has it taught you that you can immediately put into practice?
From technical perspective, everything. When we were approaching the end of the year and I was due to design and implement the risk appetite framework, I had to rely on my studies to find the best solution. When you have to study for both the Certificate and the Diploma, but specifically for the Diploma, you are encouraged to read a lot, you are guided on what to read and to use critical thinking. This has helped me to understand the concepts, to understand that there is no “magic formula” which can be applied for all organisations and to find solutions which I was confident were good practice. I was mentioning previously that we have many very good people and I had so many “aha” moments in my interactions with them. Many times I understood what they wanted from me, only after my studies for the Certificate and Diploma.
I had learnt a lot about other, non-technical, aspects of managing a business also. I think my logic improved a lot; I got better at understanding people behaviour, and many other areas. I am joking sometimes with my colleagues that now I would be the best auditor they have seen, just because I understand better the business world.
What would you say to other people considering studying the qualification?
I would encourage them to define very well what they want to achieve by studying for a qualification in risk management. From my experience, it helps you improve many aspects of yourself, but it also requires commitment (i.e., time, money) and determination.
I believe that a risk professional has a very demanding, but exciting role. It requires a good foundation, and this means to understand the risk management principles in particular and corporate governance in general. The qualification in my opinion, covers this. It requires good soft skills in general: communication, influencing skills, negotiation. These come with experience, but I was so positively surprised to find a lot of guidance studying for my Diploma. I simply love how Hillson describes and guides on how to deal with: the irritant, saboteur or the sleeping giant in his ATOM Methodology. Last, I would work on the more technical skills like: accounting principles, statistics, and finance.