Risk management is a growing industry with increasing opportunities for graduates who have the skills and abilities to make important business decisions
Risk managers advise organisations on any potential risks to the profitability or existence of the company. They identify and assess threats, put plans in place for if things go wrong and decide how to avoid, reduce or transfer risks.
As a risk manager you'll be responsible for managing the risk to the organisation, its employees, customers, reputation, assets and interests of stakeholders. You may work in a variety of sectors and specialise in a number of areas including:
- business continuity;
- corporate governance;
- enterprise risk;
- information and security risk;
- market and credit risk;
- regulatory and operational risk;
- technology risk.
Your activities will likely include:
- planning, designing and implementing an overall risk management process for the organisation;
- risk assessment, which involves analysing risks as well as identifying, describing and estimating the risks affecting the business;
- risk evaluation, which involves comparing estimated risks with criteria established by the organisation such as costs, legal requirements and environmental factors, and evaluating the organisation's previous handling of risks;
- establishing and quantifying the organisation's 'risk appetite', i.e. the level of risk they are prepared to accept;
- risk reporting in an appropriate way for different audiences, for example, to the board of directors so they understand the most significant risks, to business heads to ensure they are aware of risks relevant to their parts of the business and to individuals to understand their accountability for individual risks;
- corporate governance involving external risk reporting to stakeholders;
- carrying out processes such as purchasing insurance, implementing health and safety measures and making business continuity plans to limit risks and prepare for if things go wrong;
- conducting audits of policy and compliance to standards, including liaison with internal and external auditors;
- providing support, education and training to staff to build risk awareness within the organisation.
Specific tasks will depend on the industry in which you're working, how specialised your role is and the level at which you're working.
- Risk management is not an entry-level role. Typical starting salaries for those starting in a risk technician role are around £21,250.
- Risk analysts with between one and six years' experience can earn from £29,000 to £44,000.
- With several years' experience at risk manager level, salaries can range from £46,500 to £74,000. With substantial experience at director level it's possible to earn £70,000 or more.
Salaries vary widely depending on the sector, level of responsibility and location. The highest salaries are found in financial sectors and in London-based positions.
Income data from Discover Risk. Figures are intended as a guide only.
Working hours are typically 9am to 5pm, Monday to Friday. You can expect to work additional hours at more senior levels.
Part-time work and career breaks are possible and are more likely in larger organisations.
What to expect
- Work is primarily office based but often includes visits to other offices to see clients (if you're working in consultancy) or to sites (if you're working in sectors such as construction or energy). At a more senior level, you may spend time away from the office at conferences.
- There are opportunities for self-employment for experienced risk managers who want to set up their own consultancy. There may also be opportunities to work abroad as demand for risk managers is growing, particularly in new fast-developing economies.
- Work in risk management can carry personal liability, in particular with relation to the health and safety elements of risk work.
- Travel within the working day is common, but this depends on the size of the organisation and your level of responsibility. Risk management jobs are available across the UK.
- Overseas travel may be required if you are working for a company that operates internationally.
Although this area of work is open to all graduates, a degree in one of the following subjects may increase your chances:
- finance or economics;
- management or business studies;
- risk management;
Graduates of risk management courses and courses with risk management content are sought after and targeted by recruiters of risk managers.
Students on risk management degree and postgraduate courses are able to apply for free student membership of the Institute of Risk Management (IRM), which can help with job prospects. See the IRM website for details of the different levels of membership available.
Postgraduate qualifications are not essential but can be advantageous. A Masters in risk management is available at a number of universities and may be particularly relevant if you have not completed a risk management-related degree.
Search for postgraduate courses in risk management.
Entry without a degree is possible, but you will usually start in an administrative role before working your way up to a risk assistant position and then progressing on to a risk manager role. Employers expect A-levels or equivalent qualifications for entry through this route.
Graduates of less relevant subjects can also take the IRM's International Certificate in Enterprise Risk Management to give them an introduction to risk management and increase their chances of gaining an entry-level position.
You will need to have:
- technical acumen;
- problem-solving and decision-making abilities;
- analytical skills and a good eye for detail;
- the ability to cope under pressure;
- planning and organisation skills;
- negotiation skills and the ability to influence people;
- good communication and presentation skills;
- commercial awareness;
- numerical skills and the ability to evaluate costs;
- the ability to understand broad business issues.
At the higher levels, employers look for experience or knowledge of risk management so it may be useful to seek work placements during the holidays if they are not part of your course. This could set you up with risk and insurance contacts, which could help with future job prospects.
Experience in a particular industry could also be helpful if it relates to the sector in which you wish to specialise your risk management role.
Risk management is a fast-growing profession with large graduate employers increasingly offering opportunities to train and specialise in this function at graduate-entry level. This is especially true in the banking and capital market sectors, which are employing more people in their risk teams.
Risk managers are employed in the public sector and in private organisations. Some small organisations carry out risk management duties in the finance or operations departments.
Employers of risk managers include:
- charities and commercial businesses;
- energy and utilities companies;
- engineering and construction companies;
- insurance companies;
- NHS trusts;
- local authorities.
Look for job vacancies at:
- ALARM - vacancies in the public sector.
- The Association of Insurance and Risk Managers (AIRMIC) - has job listings in its members' section.
- Institute of Risk Management (IRM)
- Jobs In Risk
Individual companies may advertise opportunities on their websites.
There are specialist recruitment agencies which have details of risk management vacancies. These include:
- Adam Appointments - agency for risk management recruitment in Scotland;
- IPS Group - recruitment of risk managers in a variety of sectors and locations.
For those new to the career, the IRM provides the International Certificate in Enterprise Risk Management, an introductory distance-learning qualification, which takes six to nine months to complete.
The IRM also offers an International Diploma in Enterprise Risk Management, which is a postgraduate qualification for risk management professionals. The diploma usually takes around three years to complete and is undertaken by distance learning. IRM Certificate and Diploma students have the option to join the IRM as student members during their studies. Some risk management undergraduate and postgraduate courses offer exemptions from IRM professional qualifications.
Other professional bodies which offer sector- or occupation-specific training include:
- CFA Institute
- Chartered Insurance Institute (CII)
- Global Association of Risk Professionals (GARP)
- National Examination Board in Occupational Safety and Health (NEBOSH)
You can study postgraduate courses in risk management, sometimes on a distance-learning basis. These courses can be a way to develop your career and may be supported by your employer.
Continuing professional development (CPD) is also important and the IRM has a range of courses and training events running throughout the year, to help risk managers keep up to date with developments in the area and refresh their skills.
You are likely to start in the risk management profession through a graduate training programme or enter at a risk assistant/associate level. With experience, your career can develop to the level of risk manager, with progression to chief risk officer (CRO) after ten or more years' experience.
Opportunities for career development are increasing as organisations are often recognising the need to appoint CROs as board members. Departments are also restructuring and making risk a key part of their strategy.
Risk management roles and experience can be transferred across a range of sectors, and risk managers enjoy great flexibility in the transferability of their expertise and skills. Transferring across sectors can often open up opportunities to gain higher salaries, better prospects and sponsorship of further qualifications.
Self-employment is also possible and risk managers may progress to open their own consultancy.