Where are all of the qualified Enterprise Risk Manager candidates?

Risk Management recruiters frequently call me with the question, "Why are there so few candidates who understand Enterprise Risk Management, ERM?"

The vast majority of the pool of available Risk Management talent developed their experience at organizations where the practice of Risk Management has been far too silo-ed for a present day effective GRC. Risk Management is a new professional category but an age old practice. Risk management practices have developed and been employed over many years. These practices evolved in many areas of organizations for many purposes. As such, there are different standards of terms and best practices. Metrics of quantifiable and characterization descriptions for non quantifiable risks are not widely applied across silos. Even the definitions of what risks exist are not universally agreed upon at the enterprise level.

Financial service organizations have very different risk profiles than industrial organizations. The former are in the business of buying, selling and pricing financial risk. It is their business to understand their own risk appetite and match their value creation activities to their capital and/or their asset liability obligations. While this does not represent their entire risk profile, managers of financial firms understand the language of risk and have a cultural advantage when integrating risk management practices into the entire organization.

Non financial firms generate risk in their businesses too but in their case risks are one of many inputs to value creation. Very different metrics and tools are required by these types of organizations than required for financial service firms. Risk mature organizations are able to articulate their own risk tolerance. A new culture of risk awareness is important to transform a firm into one that uses risk as a strategic advantage. A firm has limited capacity to take on risk. The risk intelligent enterprise maximizes returns with the risk it willingly takes on without taking on or failing to avoid unnecessary risks. Techniques such as assigning Economic Capital EC to value creation activities in lieu of the more traditional Marginal Capital can help such firms maximize their risk adjusted return on capital RAROC.

A not for profit organization with the unwieldy name of Committee of Sponsoring Organizations of the Treadway Commission, COSO promotes Enterprise Risk Management ERM best practices. Its COSO Control Integrated Framework unifies best practices of Governance, Risk and Compliance GRC with a flexible road map organizations of any size and composition can follow.

While risk professional organizations including PRMIA, GARP and RIMS have fostered convergence of risk management practice, few available candidates hold designations such as the Professional Risk Manager (PRM), Financial Risk Manager (FRM) or RIMS Fellow (RF).

Richard Ellis, PMP PRM