Latest Products

The Ideal Risk Manager

Friday 22 September 2017

nterview with Anu Kukar,  Director of Risk Innovation at KPMG, on the Ideal Risk Manager

You have an extensive background in risk management. Can you list some of the universal challenges faced by risk managers? Also any new challenges on the horizon for risk managers? 
Having spent the last 14 years as a 2nd-Line Risk Advisor in both industry and risk consulting, the five key challenges that have remained consistent throughout different industries are:

1.     Perception of risk managers not being a value-add to the business;
2.     Changed expectations of the risk manager role and its purpose;
3.     Increased costs and time to undertake risk management processes; 
4.     Engaging and influencing stakeholders; and
5.     Staying resilient. 

The new and future challenges risk professionals will face are driven from five major global trends, impacting industries in various forms: innovation & disruption, technology & digital movements, regulatory changes, cost pressures and social ethics expectations. These trends will no doubt see:

1. New and different types of risk exposures for organisations of which risk professionals will need to be aware and on which they will be able to advise their businesses.

2. Chief Transformation Officers (CTOs), Chief Financial Officers (CFOs) and Chief Risk Officers (CROs) exploring how to integrate risk management processes into the business process leveraging digital solutions, which will seek to reduce cost and time of undertaking risk management processes. This will come in response to the face that risk management processes have long been built as stand-alone, manual processes.

As a risk professional, key actions will involve developing new capabilities to drive change and to innovate, to advise on emerging risk types and to be part of changing the way risk management is undertaken. It is about moving away from technical skills to a stronger focus on behavioural skills.

What are some of the common mistakes risk managers make? Any tips on the best ways to avoid these mistakes?
From personal experience, I know I was super-keen to help my business. In doing so, I thought if I “managed risks for them", I would be helping. I soon learnt that is not the role of a risk manager, and there is no way I could manage all the business risks. I didn't have the knowledge, nor were there enough hours in the day, and I couldn't make commercial decisions regarding what levels of risks to take. I was my own worst enemy. 
Having spent time as a 3rd-Line, then 2nd-Line and now as a 1st-Line leader, my tip to any risk professional would be to consider the below:

  • Managing risk vs Advising on Risk: Understand your organisation's risk model—for example, its maturity level, what has been agreed as it stands, and what you are working towards. This will help you understand the purpose and tasks of your role.
  • Risk vs Commercial: We have a tendency towards a mindset of, "No, that's a risk," and "No, we cannot do that". Developing an understanding of the business commercial drivers and building an open mindset to the risk trade-off will help.
  • Simplicity vs Complexity: We tend to create complex, time-consuming and manual risk processes. Learn and think about how to integrate risk processes into existing business processes in a simpler way.
  • Learning outside of risk: Sometimes, we can think we have learnt the ERM, GRC methodology or the ISO31000 framework, and so we are set for life as risk professionals. But the best thing we can do is stay up-to-date on the industry trends and issues, as well as to learn and be aware of global technology developments e.g. Blockchain, automation, data analytics and cybersecurity.
Why is it difficult or challenging to get that buy-in from the business and the board? What are some methods risk managers can use to get the buy-in they need?
I used to think this was the hardest issue, and often struggled with it. As a risk manager, I would have all my facts laid out in a logical order, or detailed in a PowerPoint presentation, and often felt confused when approvals/decisions were not made. 
A mentor of mine gave me some good advice:

  1. Bring more of yourself into the conversation and let the business stakeholders get to know you.
  2. Turn your communication and engagement approach to something unexpected.
What followed was a catch-up with the head of the business. I remember being slightly nervous, but I shared the challenge I was having and also how I would approach it and asked for their advice and support. The engagement approach I subsequently used to get buy-in involved lots of Bollywood movies, colours and sports analogies, as part of every conversation or presentation pack. These pictures and analogies not only shared more about me, but also conveyed the key message in a fun, colourful and easy way.
Reflecting back, there are three things that stand out as ways to engage, get buy-in and influence stakeholders:

  • Sharing your challenge. Seeking that advice/support from the top cannot be underestimated. ‘Tone from the top’ rings true in all forms and aspects.
  • Communicating and presenting things in a way you would want, if you were making the decision. Try using more diagrams and talking to key stakeholders before the actual meeting about the factors they expect or need to know.
  • Using technology to your advantage for buy-in and influencing. It doesn't always have to be a face-to-face catch-up. I have and still use phone calls, SMS, LinkedIn and WhatsApp for stakeholders and clients. 

Getting buy-in and stakeholder management will remain a key skill, not just for risk professionals but all professionals in any industry. 


What are some of the tips and tricks risk leaders/risk professionals can use to build a capable risk team?
There are a couple of things I do for myself, as a risk professional, and also things we have developed and helped CROs/Risk Leaders implement for their risk teams:

Understanding and wanting to change. With all the global trends and industry/business changes, there is growing recognition of the importance of up-skilling and adapting approaches to risk management. Others are focussing on what changes are needed and how to make those changes real for themselves and their teams. As a risk leader or risk professional, do have that conversation in your team regarding the impact of global trends on your business, and open conversations—and minds!—to exploring and understanding how those impacts/changes affect risk management.

Working towards new future risk capabilities. Identify the capabilities your risk people will need to deal with the business in future and also the risk changes your organisation will face. Risk teams need to be able to leverage technology in order to successfully deliver in the future work environment—this includes ensuring they perform their roles efficiently and effectively. Understanding the interconnectedness of risks is increasingly important in a complex world. Examples of key future risk skills include influencing, appreciation of strategic/big picture, accepting and driving change.

Bringing to life risk capabilities. In addition to identifying the capabilities your risk team will need to enhance their toolkit, risk leaders must plan for team members to develop these skills ‘on-the-job’ and also through learning from others, as well as formal training opportunities, which need not be limited to the traditional classroom. As the risk and business environment changes, risk leaders need to ensure their current teams are ready to embrace change and can hone the capabilities they require. The last thing a risk leader wants to do when building a capable risk team is to have to let staff go and hire new staff to replace them!

What advice would you give to up and coming risk managers?
  • Develop your people-skills and your ability to influence.
  • Get experience in the actual business.
  • Ensure you have an ongoing learning plan that includes developing new mindsets and capabilities; don't stop after a risk certification.
  • Embrace technological change and grow your understanding in this space, e.g. data analytics, blockchain and robotics. 
  • Ask for help when you need it. Build a network and seek out experienced professionals for advice and support. They have learnt the lessons (sometimes the hard way), so learn from them and their experiences. It doesn't have to be a lengthy 1:1 catch-up--try to meet up via WhatsApp, LinkedIn Career Advice, a "walk and talk" meeting or LinkedIn Messenger.


Anu Kukar, Director of Risk Innovation at KPMG

Anu brings 17 years of experience across Risk & Compliance management, Governance, Regulatory, Internal Audit, Management Consulting and Tax. She has worked across many industries: insurance, banking, government, manufacturing, energy and telecommunications. She is a Director at KPMG.
Anu has assisted clients and worked hands-on in industry to identify risks and build solutions to manage them across all types of financial and non-financial risks. The work Anu and her team did around advanced risk management was awarded an Australian Bank CEO Employee of the year award. Currently, Anu is focussed on Risk Innovation, assisting businesses through designing and developing new business risk & compliance solutions to support their future business needs.
Anu is a graduate from the Australian Institute of Company Directors (AICD), a Chartered Accountant (ICAANZ) and holds a Bachelor of Commerce in Accounting and Information Systems (UNSW).