Top 12 risk management skills and why you need them

What is risk management?

Risk management is the process of identifying, assessing and managing potential issues that could have a negative impact on an organization's business operations and financial performance. It involves being mindful of potential risks and what could go wrong -- both the expected and the unexpected. Risk managers must be aware of all forms of risk in their area of responsibility -- and beyond, if possible. They should know how those risks would affect the business and what steps to take or what contingency plans to activate to reduce risks and avoid business problems.

Is risk management a soft skill?

Risk management is a complex and comprehensive process. It's definitely not a soft skill -- or, at least, not just one. There are many types of risk, including compliance, security, operational, financial and reputational risks. Risk managers require a combination of both hard and soft skills to successfully address all the various risks.

For example, compliance is a key risk factor. There are few greater risks than running afoul of government regulatory agencies -- compliance issues often can do far more damage to an organization than a hacker or out-of-date software. Risk managers need to constantly study, evaluate and implement new regulations as they come -- and they do keep coming.

In addition, proactivity is the hallmark of effective risk management. A reactive approach means addressing problems after they become problems, which can result in flawed risk management initiatives. Risk managers need to stay ahead of the risk curve.

How do you become a good risk manager?

Good risk managers need a variety of skills. The following are 12 important ones they should possess.

1. Analytical skills

Risk managers need analytical skills to collect data, analyze risks and make sound decisions based on the results. They also need to be able to spot holes and weaknesses that others may have missed in IT systems and infrastructure, business processes, financial practices and other areas.

2. Problem-solving skills

Risk managers also need to be able to solve problems. While some risks might require passing the issue on to someone above a risk manager's pay grade, others often will be left to the risk manager to solve. As a result, they need to like getting their hands dirty from a problem-solving standpoint.

3. People management and leadership skills

All the problem-solving skills in the world are useless if managers can't rouse the troops. Risk managers need good people management and leadership skills to inspire and incentivize staff members. In some cases, risk management might require upsetting the apple cart, and managers need the respect of their team through the inevitable challenges.

4. Relationship-building skills

This goes hand in hand with the leadership skills. Risk managers must be able to build relationships -- and not just with their immediate subordinates. They should also be able to do so with their superiors, as well as other corporate executives and department heads.

5. Financial knowledge

Risk managers need to know the potential cost of network outages and security breaches, as well as the likely financial impact of other business risks. Ultimately, financial risk will get everyone's attention in the C-suite and individual departments. The costs of lost productivity, lost income and financial penalties can be crippling to a business if risks aren't managed properly.

6. Regulatory knowledge

If there's one thing governments do well, it's regulating things. Regulations are constantly being added and updated. Risk managers must invest some of their time to stay up to date on all the changes and understand new and evolving regulatory requirements.

7. Business understanding

To identify and estimate risks to a company, risk managers need to understand how the business works. They can't say finance doesn't matter because they're in IT, or vice versa. Business understanding is a must -- especially if the risk manager aspires to join the C-suite in the future.

8. Ability to quantify risks

After assembling a list of potential business risks, risk managers need to be able to do a risk assessment and then rank the likelihood and severity of each risk. They should create and regularly update a list that notes the most likely to least likely risks, as well as the most severe to least severe ones. This helps determine the risk management program's focus on an ongoing basis.

9. Ability to plan risk management approaches

After preparing the ranked list of risks, a risk manager then needs to lead the process of planning how to manage them. That could include accepting risks that are deemed reasonable based on an organization's agreed-upon risk appetite and risk tolerance or adopting strategies to mitigate risks so they pose less of a business threat. In other cases, the organization might transfer risks to a third party or seek to eliminate them through risk avoidance measures.

10. Strategic thinking

No sports team ever wins by only playing defense -- and that applies here, too. If risk managers look at how things affect the business as a whole, they might come up with a better way for their organization to operate. Part of a risk manager's job is to see the big picture -- and maybe notice something others have missed.

11. Adaptability

Risk management requires constant education and keeping up with relevant news, trends and issues. Not so long ago, no one had heard of ransomware. Now, it's one of the greatest cybersecurity threats that companies face. News sites and industry journals should be regular reading material for risk managers.

12. Mathematics skills

Because risk management involves a lot of data analysis, risk managers must be comfortable with numbers and calculations. There are many analytics tools available -- from Microsoft Excel to business intelligence software -- that can help with cost estimates and other math work. But solid math skills are a prerequisite for using such tools effectively.