WHAT DOES AN ENTERPRISE RISK MANAGER DO?

Published: Feb 05, 2025 - The Enterprise Risk Manager supports end-to-end risk management, including regulatory reporting, risk identification, and governance analytics. This position ensures effective implementation and maintenance of the Enterprise Risk Management Framework while providing oversight and challenge to enhance risk processes. This role leads a team of Risk Analysts, collaborates with key stakeholders, and contributes to risk strategy development.

A Review of Professional Skills and Functions for Enterprise Risk Manager

1. Enterprise Risk Manager Duties

  • Process Management: Ensuring appropriate processes, controls, and systems and where appropriate making suggestions for improvements and helping to embed change positively to ensure we are operating at maximum performance and effectiveness.
  • Risk Management Framework: Assisting in the design and implementation of best practice enterprise risk management framework/strategies that are effective in delivering valuable insight and reducing risk.
  • Risk Awareness Culture: Promoting a ‘Risk-aware' culture and raising the standards of risk management practices across RateSetter to help drive value-add outputs and business adherence to the enterprise risk management framework.
  • Risk Event Management: Leading the management of risk events, ensuring events are reported and escalated by the business appropriately, remediation actions are in place, including effective root cause analysis and monitoring through to completion.
  • Risk Assessment Reviews: Conducting periodic reviews of the risk and control self-assessments (RCSAs), and top-down risk assessments (TDRAs), ensuring these remain accurate and relevant to help the business identify, manage, and communicate relevant risks.
  • Enterprise Risk Training: Ongoing development and delivery of enterprise risk training to increase awareness within RateSetter, and ensure all staff understand enterprise risk and control environments.
  • Audit Liaison: Liaising with internal audit on open audit actions, proactively engaging with action owners to ensure timely completion of actions.
  • Commercial Acumen: Demonstrating commercial acumen through sound input into departmental budgets/forecasts/team targets, ensuring they are SMART and align with wider business objectives.
  • Enterprise Risk Reporting: Regularly updating accurate records of enterprise risk communications and data in relevant tools and systems in line with company procedures and providing any relevant data/reports for management relating to enterprise risk activity.
  • Relationship Management: Building and managing effective key relationships internally to ensure the smooth delivery of business objectives and operational efficiencies.
  • Risk Management Advisory: Delivering expert advice, support, and coaching on risk management standards, strategies, practices, and procedures to protect and support the organization in addressing the risks associated with business operations.
  • Divisional Risk Projects: Leading and managing critical Divisional risk projects and assisting with investigations on major issues across, detecting fraud and corrupt activities, and improving the effectiveness of the governance arrangements.
  • Control Self-Assessment Models: Working with stakeholders to develop appropriate control self-assessment models and risk management frameworks that balance the agency's commitments to mitigate risk with operational requirements.
  • Strategic Risk Input: Providing recommendations and input into the strategic direction of the allocated Division to ensure effective risk mitigation strategies are in place to support the operational businesses.
  • Business Partnerships: Building and maintaining effective business partnerships and strategic alliances with the allocated Division/s senior managers and key stakeholders to promote good governance and improved risk management practices.

2. Enterprise Risk Manager Details

  • Risk & Opportunity Management: Provide Subject Matter Expertise (SME) on Project Risk & Opportunity Management along with the coordination of Risk Reviews and the Maintenance of the Project Risk & Opportunity Register for the enterprise.
  • Risk Process Deployment: Establish and assist with the deployment of risk and opportunity process assets that support the enterprise.
  • Risk Monitoring and Reporting: Assist with the monitoring, reporting, and auditing of project risk and opportunity for the enterprise.
  • Specialist Risk Advice: Be responsible for the provision of specialist advice to assist project implementation of risk and opportunity activities.
  • Risk Interventions: Assist with risk and opportunity interventions to improve risk and opportunity management.
  • Risk Communication: Communicate and influence to effectively promote the management of risk and opportunity.
  • Risk Repository Alignment: Assist the Project Management Function in the alignment of Defence consolidation and standardization of risk and opportunity repositories.
  • Framework Design: Conceptualize and design frameworks, procedures, and controls that are consistent with each FMI’s risk tolerance, capacity, and approach to risk management and aligned with the corporate enterprise risk management (“ERM”) program.
  • Risk Implementation: Oversee timely and smooth operational implementation of new practices/improvement of existing approaches, both aligned with industry best practices - e.g., Top and emerging risks, Risk objective register, Risks related to new initiatives, Third-party risk management, Incident and Business Resiliency management, Risks and controls self-assessment, Risk and performance monitoring, etc.
  • Risk Model Development: Lead and provide expertise and knowledge to the ERM team’s development and usage of enterprise and operational risk models, systems, and risk measurement tools.
  • Risk Management Culture: Promote a positive risk management culture through training, communication, and promotion of best practices.
  • Post Trade Risk Reference: Act as the Post Trade reference point for any question related to enterprise or operational risk management.

3. Enterprise Risk Manager Responsibilities

  • Risk Management Program: Manages the Credit Union's enterprise risk management program.
  • Risk Assessment: Performs risk assessments of all Credit Union products and services to identify and quantify potential risks.
  • Internal Controls: Develop appropriate internal controls to mitigate and manage those risks.
  • Information Security & Continuity: Maintains the Credit Union's information security, disaster recovery, and business continuity programs.
  • Vendor Management: Manages the Credit Union's vendor management program.
  • Third-Party Due Diligence: Performs required due diligence of all third-party relationships to mitigate vendor risk and ensure continuity of service and confidentiality of information.
  • Fraud Prevention: Manages the Credit Union's risk loss and fraud prevention program.
  • Fraud and Security Breach Response: Coordinates fraud and security breach investigations and responses to protect the Credit Union from losses due to fraud, theft, data breaches, and similar incidents.
  • Insurance Management: Maintains the Credit Union's surety bond and all necessary insurance coverages.
  • Risk Reporting: Prepares periodic risk management reports to Senior Managers and the Board of Directors.
  • Training Collaboration: Works in conjunction with the Training Department in implementing new risk management and loss prevention procedures that impact operations.
  • Regulatory Compliance: Develops, maintains, and demonstrates current knowledge of risk management practices and applicable laws, rules, and regulations to ensure the Credit Union has adequate internal controls to effectively manage risk and minimize potential losses.
  • Policy Communication: Ensures departments and staff are informed of new or revised risk management policies or procedures affecting areas of responsibility within the required time frame as set down by management.
  • Risk Resources: Develops and maintains a library of risk management resources to enable employees to educate themselves in relevant areas.
  • Report Preparation: Prepares and delivers assigned reports in a timely, accurate manner.

4. Enterprise Risk Manager Job Summary

  • Risk Management Reporting: Support end-to-end management of Risk Management Committee reporting and regulatory requirements.
  • Risk Identification: Continuously contribute to risk identification including providing views on new and emerging risks.
  • Risk Analytics: Provide ad-hoc analytics related to risk governance to support senior risk management as appropriate.
  • Defensive Collaboration: Work closely with all lines of defense.
  • Risk Appetite Analysis: Assist Senior ERM staff by providing research and analysis into the risk appetite refresh process, including analysis to support the setting of risk appetite statements and thresholds.
  • Risk Strategy Development: Support the Head of Risk in the development of the risk strategy and Enterprise Risk Framework.
  • Risk Framework Implementation: Responsible for the implementation, promotion, and maintenance of the Enterprise Risk Management Framework across all business areas and key stakeholders.
  • Risk Oversight: Provide risk second-line support, oversight, and challenge to the first line to improve risk process.
  • Stakeholder Representation: Act as the primary representative for the Risk Function and face off to board members, senior stakeholders, and executives.
  • Policy Maintenance: Assist the maintenance of risk policies and procedures.
  • Team Leadership: Lead and manage a team of Risk Analysts.
  • Operational Awareness: Keep management informed of key operating issues affecting the credit union or any department.
  • Inquiry Resolution: Troubleshoot and resolve member and internal inquiries in a timely, accurate manner.
  • Member Service: Provide informed, professional, and accurate service and support to all members and associates.

5. Enterprise Risk Manager Accountabilities

  • Risk Business Partnership: Risk Business partner to selected business areas/teams, including Cybersecurity, InfoSec, and Operational resilience.
  • Risk Management Planning: Planning risk management activities to support the further development and embedding of the Enterprise Risk Management Framework.
  • Risk Tools and Technology: Supporting Risk Projects, especially with regards to the implementation of Risk Management Tools & Technology.
  • Risk Mitigation: Ensure that all potential risks are appropriately mitigated.
  • Operational Risk Management: Ongoing identification, capture, assessment, mitigation, monitoring, and reporting of operational risk.
  • Risk Training and Communication: Developing, planning, and delivering Risk training and communication programs.
  • Risk Champion Coordination: Scheduling and preparing materials for ongoing Risk Champion forums.
  • Assurance Planning: Leading the process of coordinating and producing the firm-wide annual coordinated assurance plan covering the activity across the 2nd and 3rd lines of defense.
  • Risk Data Analysis: Analyzing risk data and extracting trends and themes.
  • External Risk Monitoring: Performing external risk monitoring to identify adverse trends that may impact the Group (direct/indirect).
  • Stakeholder Presentations: Preparing regular and ad-hoc presentations for Board, Regulators, Investors, and other stakeholders.
  • Policy and Process Maintenance: Maintain and where necessary update Risk Policies/processes to maintain an up-to-date Risk perimeter that is in line with best practice.
  • ERM Team Development: Develop and mentor an ERM team to perform risk assessments to quantify and produce reporting on the risk profile across credit, operational, reputational, compliance, and finance risk among others.
  • Risk Appetite and Strategy: Establish risk appetite and strategy as well as define risk indicators to ensure controls are properly monitored.
  • Control Testing and Monitoring: Assist with control testing and monitoring, performing 2nd line of defense oversight.
  • Regulator Interface: Interface with government regulators (OCC) on examinations.
Relevant Information
What Does An Enterprise Account Executive Do?
What Does An Enterprise Data Architect Do?