Top 12 risk management skills and why you need them

What is risk management?

Risk management means being informed and mindful of potential risks and what could go wrong -- the expected and the unexpected. Risk managers are aware of all forms of risk to their area of responsibility -- and beyond, if possible. They know how those risks would affect the business and what steps to take, or what contingency plans should be in place to avoid the problem.

Is risk management a soft skill?

Risk management is a very complex and comprehensive skill. It is not a soft skill. There are many types of risk, including compliance, security, operational and financial. Compliance is a key factor, because there can be few greater risks than falling afoul of government regulatory agencies. They can do far more damage than a hacker or out-of-date software.

Risk managers need to constantly study, learn, adapt and implement new regulations as they come -- and they keep coming. Proactivity is the hallmark of risk management. A reactive approach means addressing the problem after it becomes a problem. Risk managers need to stay ahead of the curve.

How do you become a good risk manager?

Good risk managers need several skills. Here are some of those skills.

1. Analytical skills

Risk managers need analytical skills to collect data and make important decisions using that data. They also need to spot holes and weaknesses that others may have missed in the systems, infrastructure and other areas.

2. Problem-solving skills

Risk managers also need to be able to solve problems. While some risks may require passing the news on to someone above their pay grade, some will fall to the manager to solve. So they need to like getting their hands dirty.

3. People management and leadership skills

All the problem-solving skills in the world are useless if managers can't rouse the troops. Risk managers need good people and leadership skills to inspire and lead staff. Risk management may require upsetting the apple cart, and managers need the respect of their team through challenges.

4. Relationship-building skills

This goes hand in hand with the previous skill. Risk managers need to be able to build relationships -- and not just with their immediate subordinates. They should be able to build relationships with other departments and superiors.

5. Financial knowledge

Risk managers need to know the average cost of network outages and security breaches. Financial risk is what will get everyone's attention. Managers need to know the costs in lost productivity, lost income and financial penalties -- the latter of which can be crippling.

6. Regulation knowledge

If there is one thing the government does well it is regulate. Regulation is constant and changing. Risk managers must invest their time to stay up to date on all changes and understand those updates.

7. Business understanding

To identify and estimate risks to a company, risk managers need to understand how the entire business works. They can't say finance doesn't matter because they are in IT, or vice versa. Business understanding is a must -- especially if the risk manager has aspirations for the C-suite.

8. Ability to quantify risks

After assembling a list of potential risks, risk managers need to be able to rank, on a scale of their choosing, the likelihood and severity of each risk. They should have a complete list that notes the most to least likely risk, and the most severe to least severe risk. This will determine the risk manager's focus.

9. Ability to choose mitigation strategy

There are four main types of mitigation action or strategy, according to the site Skills You Need:

• Acceptance. This means accepting the risk and taking no action to mitigate it. This is for risks that will only have a small effect or are unlikely to happen.
• Avoidance. This means making every effort to avoid the risk. This is for catastrophic risks that are almost certain to happen.
• Limitation. This is the most common mitigation strategy, which aims to limit either the likelihood or the effect of the risk.
• Transference. This is the transfer of risk to someone else who is prepared to accept it. This is used in areas outside of a risk manager's core competency.

10. Strategic thinking

No sports team ever wins by only playing defense -- and that applies here, too. If a risk manager looks at how things affect the business as a whole, they might come up with a better way to operate. Their job is to see the big picture, and they might see something others miss.

11. Adaptability

Risk management requires constant education and keeping up with the news. Ten years ago, no one heard of ransomware. Now it's one of the greatest threats that companies face. News sites and industry journals should be regular reading material.

12. Mathematics

Risk management involves a lot of numbers and analysis. This requires comfort with numbers and calculations. There are many analytical tools available -- including Microsoft Excel -- that can help with cost estimates.