Risk management and leadership competence framework
The impact of COVID-19 has demonstrated that the world is more interconnected than ever before. A risk in one part of the world can have devastating consequences in another, with ripple effects of increased cyber events, severe weather and supply chain disruptions adding stress to already fragile organisations and the global economy.
The success of any organisation in part, is fuelled by the resilience of its people, who are willing and able to raise difficult issues and make tough decisions. But more importantly, leaders know when to delegate decision-making to those more skilled or experienced, regardless of authority.
Many leaders are good at identifying the risks they know. However, the pandemic has proven we must also be tackling previously unforeseen risks, those that we think are unimaginable, or so remote, they’re unlikely to happen. Furthermore, we can also no longer focus on just the probability and severity of an event occurring, we must also recognise their speed and interconnectedness.
Whether you are entering the health and safety profession, heading up a global risk management or specialist department, or a business professional requiring a greater understanding of how to effectively manage risk, IIRSM’s competency framework offers a benchmark in which to recruit, retain, and develop staff or yourself.
IIRSM’s framework supports the belief that risk management should be part of everyone’s responsibilities and it is a transferable skill from any sector, geographical location, organisation and job role.
The framework is a useful vehicle to:
1. Help embed risk management as a core skill into all job roles and responsibilities.
2. Provide a consistent approach across an organisation to managing its risks, in all their forms.
3. Demonstrate how risk management enables innovation, performance and resilience.
4. Enhance decision making through raising capabilities to identify, communicate and act on risk.
5. Support HR teams to embed risk management competence into existing and new job roles.
6. Understand risk management professional development needs.
7. Integrate risk management into existing organisational policies, procedures and cultures.
8. Enhance career opportunities, as risk management is a required competence for many decision-making roles.
The framework includes technical risk and business competences and leadership behaviours, as all three are required to be a competent person able to make sound, well-judged decisions to manage risks, in all its forms.
The competences and behaviours within the framework are presented in a generic way so they can be interpreted and applied to different areas of practice, specialism and geographical locations. It is important that the user understands and applies them within the context in which they work.
The competences and behaviours are set at three levels of attainment linked to career progression and IIRSM membership grades.
- OPERATIONAL - Knowledge and understanding, with some application.
- MANAGERIAL – Clear application and knowledge.
- STRATEGIC – Reasoned advice and depth of complexity.
The required level of competence will depend on an individual’s role, seniority, responsibilities, experience and area of practice.
The following provides an overview of risk and business competences and leadership behaviours. Download the full framework for details of the specific knowledge and skills required for each area and level - Operational, Managerial and Strategic.
Organisational context
Understands the evolving relationship between the organisation and external forces that shapes the way in which it responds to risk.
The role of risk management
Applies risk management across the organisation and educates stakeholders to identify and act on risk.
Strategy, objectives, policy and procedures
Develops and implements an organisation’s approach and attitude to the way in which it manages risk.
Project/change management
Enables organisations to create significant opportunities and recognises associated risks.
Stakeholder engagement
Ensures risks are efficiently addressed through understanding stakeholders and their motivations.
Data management
Ensures data is appropriately managed and decisions are founded on reliable information.
Risk and organisation reporting
Defines performance measures and provides the right information in required formats in a timely manner to the appropriate decision-makers.
Influencing
Works with stakeholders in a manner that encourages and persuades others to contribute effectively.
Emotional intelligence
Demonstrates an open attitude to all, irrespective of circumstances, recognising and valuing different stakeholders’ perspectives and input.
Collaborative
Builds consensus, trust and respect by sharing information, ideas and resources in a manner that increases contribution from others.
Communicative
Communicates clearly and concisely, recognising audience capabilities, and listening to stakeholders in an open and courteous way.
Innovative
Identifies uncertainties as potential opportunities and challenges the status quo. Takes calculated risks whilst respecting objectives and values.
Ethical
Demonstrates trust, fairness and openness and remains true to values irrespective of pressures.
Determined
Pursues objectives through to the end, demonstrating resilience, courage, adaptability and energy to achieve goals.
Systematic
Works logically, considers options and sets clear and measurable targets which balance competing priorities.
Governance and culture
Works with relevant stakeholders to implement effective governance.
Financial integrity
Ensures any risks to financial integrity are understood by stakeholders.
Supports society
Fosters relationships with local community and wider society.
Compliance and legal responsibility
Appreciate the legal and regulatory obligations of the organisation to stakeholders.
Supplier and partner management
Considers the impact of others on the organisation and communicates it effectively.