‘Tools of the Trade’: Hints and Tips for Working in Risk Management

Andrew Glenister

Andrew Glenister

What’s it really like to work in the field of risk management? In conjunction with the Institute of Risk Management (IRM), Risk Xtra is beginning a new series of articles running under the banner ‘Tools of the Trade’ in which we ask practising professionals to offer their handy hints and tips on the matter for those looking to make the move into the industry. In this first instalment, Andrew Glenister (Certificate Member of the IRM and Senior Risk Partner at EE) answers the key questions involved.

Risk Xtra: How did you move into your current role?

Andrew Glenister: I initially joined EE back in September 2000 when the business was still known as One2One and worked in various change management and Best Practice roles around finance. In 2006, a new Assurance team was created including audit, controls and risk and it was at this point that I moved into the Internal Controls team to help implement the new Sarbanes-Oxley Internal Control Framework.

I had very little experience with risk management before this point, but always felt that it sounded like a fascinating area in which to work with the opportunity to become involved in, literally, every area of the business and add real value to the corporate governance and decision-making processes.

When a company restructure meant that there was an opportunity to take over the risk role in the team, I went for it.

Risk Xtra: What’s a typical day like as a senior risk partner?

Andrew Glenister: This really depends on where in the company’s ‘risk reporting cycle’ we happen to be. There are times during reporting cycles when we’re ‘all hands to the pump’ to make sure that reports on risk are updated and refreshed. Then there are periods where we can concentrate on embedding good risk practices and meeting with stakeholders, etc.

Risk Xtra: What do you enjoy most about your role?

Andrew Glenister: With this role, I’m involved with every single area of the company. Risks can arise in any area at any time. I need to be aware of what’s going on across the company commercially, strategically and operationally, as well as being aware of all compliance and reputational aspects.

I also enjoy working with many varied stakeholders who have myriad different expectations and requirements in order to roll out good risk and governance processes that, hopefully, provide benefits for their areas.

Risk Xtra: What are the main challenges involved? 

Andrew Glenister: Aside from tight reporting deadlines, the main challenges are really around convincing stakeholders to adopt risk and governance practices that can be seen as ‘just administrative and compliance activities’. The reward is bringing sometimes difficult stakeholders along a journey to a point whereby they understand and appreciate the benefits of risk and governance. 

Risk Xtra: In what way are your IRM qualifications relevant?

Andrew Glenister: My IRM qualifications have helped in a couple of ways. First, and most importantly, the process of attaining these qualifications has really helped me to learn and embed the principles of risk management. Knowledge of these principles has helped me every day, even when not performing tasks that are specifically related to risk management.

The second way in which the qualifications have helped is giving me the self-confidence and belief in the advice I’m giving to business areas and the respect and recognition from them that I’m an expert in my field.

Risk Xtra: What would you say to other professionals thinking about joining the IRM as a member?

Andrew Glenister: Do it. As simple as that. The networking, knowledge-sharing and educational benefits afforded by the IRM really are second-to-none.

Risk Xtra: How has your role developed and what are your career ambitions? Has being linked to the IRM helped in this regard? 

Andrew Glenister: My role has developed in parallel to my personal development, to be honest. As I’ve learned more and gained more experience in risk management and governance, I’ve been able to take this into my role and develop the Enterprise Security Risk Management process within the business.

Top Tips

Everyone in every role every day works on risk. Be involved with your team management, look for opportunities to identify risks and threats in your area and, if appropriate, even start to work with reporting into your company’s central risk team.

I moved through Internal Controls into the risk field, but Internal Audit is also another closely related area. If there are no opportunities in risk itself, controls and audit offer the same benefits and always work closely with Enterprise Risk. If you’re already working in risk and don’t already have a qualification, I would strongly recommend the IRM Certificate and Diplomas. These are the ‘Gold Standard’ for risk and governance globally and really demonstrate a commitment to good practice.

*For more information about the training and career enhancement opportunities offered by the Institute of Risk Management access the organisation’s website

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts