Get connected

You are here:

You are here

Risk management and leadership competence framework

The impact of COVID-19 has demonstrated that the world is more interconnected than ever before. A risk in one part of the world can have devastating consequences in another, with ripple effects of increased cyber events, severe weather and supply chain disruptions adding stress to already fragile organisations and the global economy.

The success of any organisation in part, is fuelled by the resilience of its people, who are willing and able to raise difficult issues and make tough decisions. But more importantly, leaders know when to delegate decision-making to those more skilled or experienced, regardless of authority.

Many leaders are good at identifying the risks they know. However, the pandemic has proven we must also be tackling previously unforeseen risks, those that we think are unimaginable, or so remote, they’re unlikely to happen. Furthermore, we can also no longer focus on just the probability and severity of an event occurring, we must also recognise their speed and interconnectedness.

Whether you are entering the health and safety profession, heading up a global risk management or specialist department, or a business professional requiring a greater understanding of how to effectively manage risk, IIRSM’s competency framework offers a benchmark in which to recruit, retain, and develop staff or yourself. 

Framework overview

IIRSM’s framework supports the belief that risk management should be part of everyone’s responsibilities and it is a transferable skill from any sector, geographical location, organisation and job role.

The framework is a useful vehicle to:

1. Help embed risk management as a core skill into all job roles and responsibilities.

2. Provide a consistent approach across an organisation to managing its risks, in all their forms. 

3. Demonstrate how risk management enables innovation, performance and resilience. 

4. Enhance decision making through raising capabilities to identify, communicate and act on risk. 

5. Support HR teams to embed risk management competence into existing and new job roles. 

6. Understand risk management professional development needs. 

7. Integrate risk management into existing organisational policies, procedures and cultures. 

8. Enhance career opportunities, as risk management is a required competence for many decision-making roles.  


Framework structure

The framework includes technical risk and business competences and leadership behaviours, as all three are required to be a competent person able to make sound, well-judged decisions to manage risks, in all its forms.

The competences and behaviours within the framework are presented in a generic way so they can be interpreted and applied to different areas of practice, specialism and geographical locations. It is important that the user understands and applies them within the context in which they work.

The competences and behaviours are set at three levels of attainment linked to career progression and IIRSM membership grades.

  • OPERATIONAL - Knowledge and understanding, with some application.
  • MANAGERIAL – Clear application and knowledge.
  • STRATEGIC – Reasoned advice and depth of complexity.

The required level of competence will depend on an individual’s role, seniority, responsibilities, experience and area of practice.

Competences and behaviours

The following provides an overview of risk and business competences and leadership behaviours. Download the full framework for details of the specific knowledge and skills required for each area and level - Operational, Managerial and Strategic.

Technical risk competences

Organisational context

Understands the evolving relationship between the organisation and external forces that shapes the way in which it responds to risk.

The role of risk management

Applies risk management across the organisation and educates stakeholders to identify and act on risk.

Strategy, objectives, policy and procedures

Develops and implements an organisation’s approach and attitude to the way in which it manages risk.

Project/change management

Enables organisations to create significant opportunities and recognises associated risks.

Stakeholder engagement

Ensures risks are efficiently addressed through understanding stakeholders and their motivations.

Data management

Ensures data is appropriately managed and decisions are founded on reliable information.

Risk and organisation reporting

Defines performance measures and provides the right information in required formats in a timely manner to the appropriate decision-makers.

Leadership behaviours


Works with stakeholders in a manner that encourages and persuades others to contribute effectively.

Emotional intelligence

Demonstrates an open attitude to all, irrespective of circumstances, recognising and valuing different stakeholders’ perspectives and input.


Builds consensus, trust and respect by sharing information, ideas and resources in a manner that increases contribution from others.


Communicates clearly and concisely, recognising audience capabilities, and listening to stakeholders in an open and courteous way.


Identifies uncertainties as potential opportunities and challenges the status quo. Takes calculated risks whilst respecting objectives and values.


Demonstrates trust, fairness and openness and remains true to values irrespective of pressures.


Pursues objectives through to the end, demonstrating resilience, courage, adaptability and energy to achieve goals.


Works logically, considers options and sets clear and measurable targets which balance competing priorities. 

Business competences

Governance and culture

Works with relevant stakeholders to implement effective governance.

Financial integrity

Ensures any risks to financial integrity are understood by stakeholders.

Supports society

Fosters relationships with local community and wider society.

Compliance and legal responsibility

Appreciate the legal and regulatory obligations of the organisation to stakeholders.

Supplier and partner management

Considers the impact of others on the organisation and communicates it effectively.