5 red flags 🚩when hiring a risk manager

One of the biggest issues in the risk management profession is that many, way too many, people who have the title of risk manager are not really qualified to do the job. Many don’t even have the minimum required education. Imagine a doctor who vaguely remembers doing biology in year 9 high school. Well that’s your average risk manager trying to remember how probability theory works.

This article is not really for risk managers, it’s for the people who hire risk managers. Here are some common pitfalls to avoid:

🚩 Irrelevant work-experience

Many risk managers come from auditing, insurance (not the actuaries) or big4 consulting. None of these experiences have any relevance to risk management and decision making and for many it is a huge challenge to forget everything they think they know about risk management to understand decision science. For most it is too much to bear and they are unlikely to ever be good at RM2.

What experience is relevant? Math, corporate finance, actuary, engineering is a good start. The perfect combination is someone who understand the business, how decisions are made, and has experience with probability theory. It is much easier to teach a quant risk management then to teach internal auditor quants.

🚩 Weak academic background

Unfortunately, a person with a risk management degree is probably the least qualified to do the job. I lost a bet to Elvis Hernandez – Perdomo few years ago when he proved to me that there are 3 or 4 university programs in risk that teach good foundation in math and decision science. But that’s about it. Out of 100+ programs globally. There is a very simple test – if your degree or masters program has classes dedicated to using qualitative risk analysis and heat maps – you will find it difficult to get a job in risk.

What competencies are relevant? Math. That’s pretty much the core competency for any kind of sensible risk analysis. Make sure you pick as many electives in stats as possible.

🚩 Focusing too much on risk management fads

The dead giveaways that someone is probably a bad risk manager is excessive use of various fads in the conversation. If the candidate is talking about risk appetite, ERM, GRC, IRM, vulnerability, velocity or some other nonsense, these are huge red flags. Good risk managers speak normal business language, they don’t need made up vocabulary.

Another giveaway is when someone is talking about managing risks, as if that was the end game. Ironically, risk management is not about managing risks per say, it’s about making better decisions with risks in mind.

What should you ask about instead? Ask the candidate to share examples for their work helped company make better decisions. And how sure they are that it wasn’t just a placebo effect. Ask them about back-testing of their models.

🚩 Dominant system 1 thinking

For me personally this is a killer weakness and I blacklisted quite a few people recently for that reason alone. Risk management is all about helping decision makers switch from system 1 to system 2 thinking using Kahneman’s terminology. So, a risk manager that falls into cognitive biases left, right and centre during the interview is a big no, no. The common giveaway is when a person hears some random word in my question and ignoring the overall message and the underlying meaning get’s fixated on that word

What’s my recommendation? Find out how much does the candidate know about research in risk perception and why it is fundamental to managing risks.

🚩 Doesn’t apply the trade to personal life

I always find it fascinating to see how risk managers apply their trade in personal lives. So as a bonus I am always interested in how the individual manages own financial, social and political risks. How the candidate makes investment, relocation, holiday, family decisions, etc. Those little conversations can tell a lot about person’s skills. And yes, I am a nerd, I had a monte-carlo budget with contingency reserve for our wedding.

For example, only a lazy risk manager hasn’t posted about COVID19 in the last few months. Interestingly, not many people write about what an amazing market opportunity the current situation is and how it’s once in a decade chance to sort out retirement planning for the family. I would be very suspicious of a professional who can’t make a lot of money during such rare turbulence.

Learn more at the upcoming online RAW2020 https://2020.riskawarenessweek.com/


RISK-ACADEMY guides and templates:

RISK-ACADEMY offers online courses


Informed Risk Taking

Learn 15 practical steps on integrating risk management into decision making, business processes, organizational culture and other activities!


ISO31000 Integrating Risk Management

Alex Sidorenko, known for his risk management blog http://www.riskacademy.blog, has created a 25-step program to integrate risk management into decision making, core business processes and the overall culture of the organization.


Advanced Risk Governance

This course gives guidance, motivation, critical information, and practical case studies to move beyond traditional risk governance, helping ensure risk management is not a stand-alone process but a change driver for business.


5 thoughts on “5 red flags 🚩when hiring a risk manager

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.