Strategic thinking

Risk management is a complex and comprehensive process. It’s definitely not a soft skill — or, at least, not just one. There are many types of risk, including compliance, security, operational, financial and reputational risks. Risk managers require a combination of both hard and soft skills to successfully address all the various risks. For example, compliance is a…

If there’s one thing governments do well, it’s regulating things. Regulations are constantly being added and updated. Risk managers must invest some of their time to stay up to date on all the changes and understand new and evolving regulatory requirements.

After assembling a list of potential business risks, risk managers need to be able to do a risk assessment and then rank the likelihood and severity of each risk. They should create and regularly update a list that notes the most likely to least likely risks, as well as the most severe to least severe ones. This…

Risk managers need to know the potential cost of network outages and security breaches, as well as the likely financial impact of other business risks. Ultimately, financial risk will get everyone’s attention in the C-suite and individual departments. The costs of lost productivity, lost income and financial penalties can be crippling to a business if…

Risk managers need analytical skills to collect data, analyze risks and make sound decisions based on the results. They also need to be able to spot holes and weaknesses that others may have missed in IT systems and infrastructure, business processes, financial practices and other areas.

After preparing the ranked list of risks, a risk manager then needs to lead the process of planning how to manage them. That could include accepting risks that are deemed reasonable based on an organization’s agreed-upon risk appetite and risk tolerance or adopting strategies to mitigate risks so they pose less of a business threat. In other…