View | Becoming a Certified Fellow in ERM (CFIRM): My story from a student to qualified CRO

After completing my PGDBA in Finance, I secured a job at a Non-Banking Finance Company (NBFC). My learning journey continued as I had the opportunity to work in various areas of the financial services sector. Moreover, I was asked to prepare for a Joint Venture with a leading Insurance Firm worldwide as a Steering Committee member.

While serving as a Steering Committee member for the Insurance JV, I enrolled in and completed the Insurance Exams conducted by the Insurance Institute of India and the IRM. This helped me fulfil my responsibilities more effectively. I also briefly worked at a bank leading the Bancassurance initiative and started taking exams from the Indian Institute of Bankers.

I got my first big break in ERM when I joined the world's leading insurance broking firm as a consultant providing risk services. If it weren't for all the studies I had done in the past, the qualifications I had gained, and in particular the IRM certification, I would never have been able to get the job or deliver on risk consulting services. While working in the risk management consulting area with a Big Four firm, I gained exposure to different forms of risk management services, including enterprise-wide risk solutions, physical risk management, insurable risk analysis, contractual risk analysis, project risk, business continuity planning (BCP), and disaster recovery planning (DRP).

My risk management skills improved significantly when I transitioned from a consultant facilitating risk management to a hands-on risk manager as qualified Chief Risk Officer (CRO) in a corporate setting. I have held CRO positions in infrastructure, oil and gas and engineering design and project management consulting firms. As a CRO, I gained insight into both qualitative and quantitative aspects of risk management. This enabled me to assist management in making informed decisions across various areas, such as bids, projects, business continuity planning, financial decisions, contractual risks, etc.

When working on any risk assignment, I can bring diverse skills and knowledge, including engineering, financial analysis, insurance, banking, contractual expertise, economics, and more. This is due to the qualifications and experience I have gained in these domains, allowing me to tackle any challenge with confidence and efficiency.

I started my career in risk management as a consultant and without the IRM’s ERM qualifications, I would not have been in a position to start delivering on engagements from day one without any company training. While working with organisations in the infrastructure sector, I could resonate with and implement all the learnings from the IRM’s materials. This allowed me to create deliverables which speeded decision making by the respective Management. I could develop customised frameworks for Bid Risk, Project Risk, Qualitative and Quantitative risk management, Business Continuity Planning, Linkage to Strategy and more. The quality of my deliverables enhanced my positioning in the organisation. Today, I am a part of the Executive Management Committee which is an apex body of the organisation and I actively participate in areas of management decision making. Besides, my interaction with fellow risk managers from different companies also helps us benchmark our risk practices to bring an outside-in perspective to the organisation. We could bring the concept of ‘No Surprises’ to a larger set of employees as a part of the process of building risk culture in the organisation through customised training programs in our endeavour to ‘Make everyone a Risk Manager’.

The CRO should have the right mix of education and industry experience and the IRM’s pathway to Fellowship is the gold standard for ERM professionals.

The CRO should have 'skin in the game' on every engagement and be involved in every key decision referred to management. This will ensure the CRO has a 'seat at the table' as part of the management committee.

The CRO should be exposed to various risk management techniques, governance issues, diverse business/services, and risk regulations.

The CRO should work on building a risk culture across the organisation through Business/Function Risk Officers, thereby creating future leaders who think about breadth aspects in addition to their areas of expertise.

The CRO should be aware of global developments, industry updates, geopolitics, economic aspects, etc. Strong corporate connections, networking, and a broad reading spread are key.

The CRO should invest in creating qualified risk champions who are not risk experts but business experts taking risk-based decisions in various departments.

Over time, the IRM Certification has expanded with a well-structured track from Level 1 to Level 5 or Stage 1 to 5, which students and professionals can pursue to gain a comprehensive understanding of international frameworks (like ISO 31000 and COSO 2004 and 2017), risk identification techniques, scenario planning, horizon scanning, evaluation of emerging risks, risk appetite and tolerance, risk treatment, risk reporting and communication, business continuity planning, internal audit and assurance, and corporate governance. Since I had cleared the Associateship exam 25 years ago, I got an opportunity to apply for Fellowship through the Senior Executive Route (SER). My application was thoroughly reviewed based on my credentials, management-level experience, references, and other factors. I was awarded the Certified Fellow of the Institute of Risk Management (CFIRM) title, and I was also among the first to complete the IRM’s Digital Risk Management Certification exam in collaboration with Warwick University.

Through a formal training process conducted by experts from IRM, I have now become an Assessor for the SER route. It has been an amazing journey of learning, deploying, and sharing my knowledge. Now, I am giving back to my alumni as the Chair of the India Regional Group that manages member relations while the IRM India Affiliate continues to grow the IRM community in India. In my journey of overseeing the key governance pillar of ERM for the organisations I have worked with, I have gained immense benefits.

Acquire knowledge from all possible sources to be a successful Risk Manager – formal education from IRM, industry specific experience, different types of risk management and areas, reading about organisations (both success and failure stories), networking with peers from within the organisation and outside

Read about experts from various fields or reach out to them by participating in various forums and seeking inputs / guidance.

Read the Annual Reports of companies, specifically the Risk Management Disclosures section, that gives an idea of the company’s business, management processes and top risks.

Use platforms like LinkedIn to reach out to employers, collaborate with alumni, showcase your qualifications / certification / experience to potential recruiters.

Your passion for the subject should be infectious and it should influence the stakeholders you deal with.

As the world becomes increasingly complex, getting risk-intelligent irrespective of any career and having formal knowledge of ERM can help one anticipate, prepare for, and deal with uncertainties in scaling a business, climbing in a corporate job, or starting a new venture. Therefore, ERM as a field and career option is universally applicable and will continue to proliferate personally and professionally. My best wishes go out to all young business and risk enthusiasts who wish to become risk intelligent in any domain or sector and aspire to build their careers in one of the most promising areas in the times to come.