Do you see risk management as a professional discipline?

The tentative of the Chartered Insurance Institute....
In 2013, the Chartered Insurance Institute, a UK-based professional organisation for those working in the insurance and financial services industries, had its application for Chartered Risk Manager turned down by the Privy Council, the body responsible for awarding professional status in the UK. Not discouraged, the Chartered Insurance Institute (CII) re-apply and has now received provisional approval for a Chartered Insurance Risk Manager status that it hopes to launch this year.

A limited survey

In the ISO 31000 LinkedIn group, a popular discussion forum on the ISO 31000 risk management standard, a pool was launched in 2014 asking “Is risk management a profession?”. It attracted 76 comments and 108 votes (before LinkedIn deleted all pools) of which 76% declaring that YES, risk management is a profession. This is a nice wish!

Risk management = a profession?

Do I think that Risk Management is a Profession? Having spent 20 years in risk management after earning an MBA and a Master in Risk Management, my reply is: absolutely not, Risk Management is NOT a Profession because it lacks the fundamentals of a profession?
Although the UK Privy Council does not make its decisions public, the following reasons are probably behind their decision to refuse the Chartered Risk Manager status:
1.      Wide application of the title risk manager (different roles, different responsibility, no harmonized curriculum, etc.)
2.      lack of definition of risk manager
3.      wide gap between insurance managers and enterprise risk managers or chief risk officers

Leading the risk profession, really?

Of course, UK-based Institute of Risk Management (IRM) created in 1986 with the mission to “lead the risk profession”, would self-claim that yes, risk management is a profession. Interestingly, back in 2004, the IRM was invited to join as an organization with observing status, the international ISO Technical Committee in charge of developing the first international ISO risk management standard, they preferred to decline or ignore the invitation. During 5 years needed to develop the ISO 31000, the IRM did not reconsider. When in November 2009, the ISO 31000 standard was (finally) published the IRM stubbornly continued to ignore it. Today, they realize that it would be a huge effort to align all their education materials with the principles, framework and process proposed in the ISO 31000 risk management standard. Quite sad, in fact, for an association pretending to “lead the risk management profession” to ignore any initiative, not created by them.

Let's certify people as risk managers!!

Since the Privy Council refuses in 2013 to recognize risk manager as a profession in the UK, Airmic, the association for risk and insurance management professionals is supporting the initiative of the UK-based Institute of Risk Management (IRM) andFerma, the European Federation of National Risk Management Associations whose members are mainly risk and insurance-buyers professionals, to create their own certification plans for “risk managers”. After working 2 years together, they finally broke up their discussion and decided to go on their separate ways: The IRM created Certified Risk Managers in 2015 and FERMA created “Certification for European Risk Managers” in October 2015. Both referring to the ISO 31000 standard with limited understanding. In parallel, a new entity called PECB, a non-professional body with no knowledge or experience in risk management enters the playing ground and proposes a certificate called “ISO 31000 Risk Manager” to anyone to those paying a three-day course. Since then, risk manager is largely losing whatever meaning it had…Is there still anybody “leading the profession”, if yes…leading to where?

Linking risk management to decision-making

While the chaos related to the title of “risk manager” is growing, risk management discipline is progressing without the so-called professional bodies. In relation to the ISO 31000 risk management standard, G31000, the Global Institute for risk management standard, an international non-profit organization created in December 2011 in collaboration with members of the ISO TC 262 and national mirror committees, believes that risk management is linked to decision-making, performance management and uncertainty management. In consequence, risk management is at best a management tool helping managers to make better, structured, risk-balanced decisions in an uncertain environment, helping to allocate efficiently and effectively resources in order to achieve the organization’s objectives. According to ISO 31000, the architecture of risk management is based on three pillars -principles, framework and process.

Holding the C31000 certification

Can you certify your organization on ISO 31000? No (see discussion) as clearly stated in the ISO 31000:2009 version. However, you can teach, examine and verify the knowledge acquired by individuals. The Global Institute G31000 has so far conducted 54 courses in 6 languages (English, Spanish, Portuguese, French, Italian, Russian) in 26 countries, delivering 656 certificates with a strong emphasis on train-the-trainers courses. While some professional bodies are active in "protecting" the risk management "profession" barely referring to ISO 31000, the Global Institute G31000 is making efforts to advance risk management teaching on the content of ISO 31000. It does not give the title of a “risk manager” since the international C31000 certification stated that the certificate holder is granted the title ofCertified ISO 31000 risk management professional – C31000 having demonstrated knowledge and comprehension of the content of ISO 31000 – Principles, framework, process.
The growing risk management community referring to ISO 31000
The progress of risk management discipline is growing, with many risk professionals contributing, sharing ideas and spreading knowledge in the ISO 31000 LinkedIn discussion forum founded in March 2009. So far, about 1,500 discussions and 21,000 associated comments have been made in 7 years. A simple discussion forum has now 55,000 members and growing by 1,000 new members per month. Ignoring ISO 31000 would be a major mistake for those involved in risk management.

Since its publication in November 2009, about 63 countries have adopted the international ISO 31000 risk management standard as their national standard – See article.

When and where to get your ISO 31000 certification training?

For those interested to expand or validate their knowledge in risk management standardization, feel free to share with us when and where you would be interested to take the next G31000 course & international C31000 certification on ISO 31000 risk management standard. Here is a quick survey to complete and share with your contacts:
Two weeks ago, G31000 was validating a new trainer conducting his first ISO 31000 course to become Certified ISO 31000 Lead Trainer. Our procedure to become Certified ISO 31000 Trainer is quite strict. We have now over 30 validated CT31000 Trainers, 115 Approved ISO 31000 Trainers and 656 certified ISO 31000 Risk Professionals, worldwide, and growing...
Do you agree with the conclusions of the UK Privy Council when they say that risk manager is not a profession?
Do you think that the profession of “risk manager” could be recognized in your own country by an independent authority?
If not, what would be the alternatives to advance risk management? My answer to this last question is “educate professionals on the content of ISO 31000”., what is yours?

By: Alex Dali, MBA, ARM
G31000 - The Global Institute for Risk Management Standards