What’s it really like to work in the field of risk management? In conjunction with the Institute of Risk Management (IRM), Risk Xtra is beginning a new series of articles running under the banner ‘Tools of the Trade’ in which we ask practising professionals to offer their handy hints and tips on the matter for those looking to make the move into the industry. In this first instalment, Andrew Glenister (Certificate Member of the IRM and Senior Risk Partner at EE) answers the key questions involved.
Risk Xtra: How did you move into your current role?
Andrew Glenister: I initially joined EE back in September 2000 when the business was still known as One2One and worked in various change management and Best Practice roles around finance. In 2006, a new Assurance team was created including audit, controls and risk and it was at this point that I moved into the Internal Controls team to help implement the new Sarbanes-Oxley Internal Control Framework.
I had very little experience with risk management before this point, but always felt that it sounded like a fascinating area in which to work with the opportunity to become involved in, literally, every area of the business and add real value to the corporate governance and decision-making processes.
When a company restructure meant that there was an opportunity to take over the risk role in the team, I went for it.
Risk Xtra: What’s a typical day like as a senior risk partner?
Andrew Glenister: This really depends on where in the company’s ‘risk reporting cycle’ we happen to be. There are times during reporting cycles when we’re ‘all hands to the pump’ to make sure that reports on risk are updated and refreshed. Then there are periods where we can concentrate on embedding good risk practices and meeting with stakeholders, etc.
Risk Xtra: What do you enjoy most about your role?
Andrew Glenister: With this role, I’m involved with every single area of the company. Risks can arise in any area at any time. I need to be aware of what’s going on across the company commercially, strategically and operationally, as well as being aware of all compliance and reputational aspects.
I also enjoy working with many varied stakeholders who have myriad different expectations and requirements in order to roll out good risk and governance processes that, hopefully, provide benefits for their areas.
Risk Xtra: What are the main challenges involved?
Andrew Glenister: Aside from tight reporting deadlines, the main challenges are really around convincing stakeholders to adopt risk and governance practices that can be seen as ‘just administrative and compliance activities’. The reward is bringing sometimes difficult stakeholders along a journey to a point whereby they understand and appreciate the benefits of risk and governance.
Risk Xtra: In what way are your IRM qualifications relevant?
Andrew Glenister: My IRM qualifications have helped in a couple of ways. First, and most importantly, the process of attaining these qualifications has really helped me to learn and embed the principles of risk management. Knowledge of these principles has helped me every day, even when not performing tasks that are specifically related to risk management.
The second way in which the qualifications have helped is giving me the self-confidence and belief in the advice I’m giving to business areas and the respect and recognition from them that I’m an expert in my field.
Risk Xtra: What would you say to other professionals thinking about joining the IRM as a member?
Andrew Glenister: Do it. As simple as that. The networking, knowledge-sharing and educational benefits afforded by the IRM really are second-to-none.
Risk Xtra: How has your role developed and what are your career ambitions? Has being linked to the IRM helped in this regard?
Andrew Glenister: My role has developed in parallel to my personal development, to be honest. As I’ve learned more and gained more experience in risk management and governance, I’ve been able to take this into my role and develop the Enterprise Security Risk Management process within the business.
Everyone in every role every day works on risk. Be involved with your team management, look for opportunities to identify risks and threats in your area and, if appropriate, even start to work with reporting into your company’s central risk team.
I moved through Internal Controls into the risk field, but Internal Audit is also another closely related area. If there are no opportunities in risk itself, controls and audit offer the same benefits and always work closely with Enterprise Risk. If you’re already working in risk and don’t already have a qualification, I would strongly recommend the IRM Certificate and Diplomas. These are the ‘Gold Standard’ for risk and governance globally and really demonstrate a commitment to good practice.
*For more information about the training and career enhancement opportunities offered by the Institute of Risk Management access the organisation’s website