Mark Clegg SIRM is director of safety, risk and resilience at NG Bailey, one of the leading independent engineering and services businesses in the UK. The company is a national business offering a local presence. Its project portfolio includes nuclear new build, fast-paced manufacturing facilities, state-of-the-art schools, universities and hospitals, cutting-edge office spaces and retail venues, railway stations, sports stadiums and iconic city landmarks. Here, Mark outlines what it’s like to direct safety, risk and resilience for such a high-profile organisation and also pinpoints why it’s so important for today’s practising professionals to involve themselves with the work of the Institute of Risk Management.
Risk Xtra: How did you access the job in which you now find yourself?
Mark Clegg: I was fortunate to join NG Bailey following a career which started with almost 23 years in the British military. That most enjoyable period involved me being engaged in risk management at varying levels and in some fascinating environments. Following my military career, I worked as a consultant for the EPC, delivering risk and resilience services to a range of public and private sector organisations here in the UK and overseas.
Over the years, I’ve completed a number of professional courses in risk management, cyber security, business continuity and crisis management.
In my other guise, I’m also a non-executive director on the Institute of Risk Management’s (IRM) Board. Having benefited from being a member of the organisation for some time now, I was keen to ‘give something back’ and increase my involvement with the IRM. I joined its Education Committee a few years ago, which was thoroughly enjoyable, and was delighted to join the Board last year.
Risk Xtra: What’s a typical day like as the director of safety, risk and resilience for NG Bailey?
Mark Clegg: I’m very privileged to work with a team of extremely talented specialists in each of the fields for which I’m responsible. Consequently, a typical day involves working with them to ensure we have the right measures in place to anticipate, prepare for, respond to and recover from a range of scenarios.
Some of this work is driven by long-term and pre-determined development programmes while other elements are initiated by shorter-term changes in situation. In either instance, though, this work requires engaging with staff from departments and business units across the Group.
Risk Xtra: What do you enjoy most about your job?
Mark Clegg: The risk landscape seems to be ever-changing as it has so many different inputs. This makes my role fascinating as it requires constant horizon scanning, lessons learning and identifying where potential weaknesses lie so that they can be addressed. This requirement to constantly learn and evolve brings plenty of variety which makes working in the risk realm a thoroughly enjoyable career choice.
Risk Xtra: What would you say to others thinking about joining the IRM as a member?
Mark Clegg: I would definitely encourage those people involved or interested in risk management to consider joining the IRM as a member. I have found it extremely useful as a source of learning, providing access to the most up-to-date thinking in the profession and, most useful of all, increasing networking opportunities with risk experts.
Risk Xtra: Do you have any top tips on how to become involved in the sphere of risk management
Mark Clegg: First of all, you need to think strategy. There are a plethora of books and articles written which tell us that strategy and risk management must go hand in hand. Without effective risk management, strategies will not be achieved and so on. This is perhaps our most important principle as risk professionals.
However, for this to actually happen in practice, risk professionals simply must ensure that their activities are wholly aligned to the strategies of their organisations. Too often, new articles are published which remind us of this truism as if it were actually more complicated than it is.
Second, choose your language carefully. Given that risk professionals exist to enable business strategies (and not vice-versa), we need to translate our work into language which the business understands. An overuse of the technical risk management jargon which is familiar to us only dilutes our key messages and, longer-term, undermines our involvement in top management discussions.
Third, learn to learn. Risk professionals are inundated with information regarding the risk landscape. We cannot simply ignore it, but equally so we cannot realistically digest all of it either. Indeed, much of it is repetition so, in my experience, there’s some information which is of more value.
However, we need to identify our own learning paths by choosing where we have the greatest needs, largest gaps in knowledge and, in some instances, simply the most interest. Such continual development is a vital skill for those risk professionals wishing to remain ahead of the curve.
Risk Xtra: Cyber security has obviously risen to prominence of late. What are your key messages in relation to this burgeoning and hugely important subject?
Mark Clegg: The IRM has previously conducted high-quality work in the field of cyber risk. The year 2018 saw a notable milestone in this area with the advent of the European Union’s General Data Protection Regulation and also witnessed a number of organisations having to contend with some high-profile cyber security incidents.
Predictions for 2019 look to be challenging. The increasingly common mantra appears to be ‘It’s not if, but when’ organisations will experience a cyber security incident. Given that this area continues to evolve and draws corresponding widespread attention, it’s fitting for the IRM to contribute to the various works and thinking by re-launching its Cyber Special Interest Group (SIG).
The core purpose of the Group will be to act as a forum for discussion and development of thinking in cyber risk management. Building upon previous work conducted by the IRM and its partners as well as wider developments, the Cyber SIG will explore different aspects of – and approaches towards – cyber risk. Its outputs will be focused on providing utility to those interested in – and affected by – the fast-moving nature of this form of risk.