What does a Risk and Internal controls manager do? Is it a good career option? How does one get into it? What are the traits of a good risk manager?
Venkatesh S heads the Head of the Risk Management and Internal Control department of a leading MNC.
He shares his journey from being a commerce graduate to leading the crucial function in one of the biggest companies in India.
Careers in Risk Management and Internal Control
by Venkatesh S
Risk and Internal Control? Are you crazy? Are you even aware of what it entails? Why have you been selected for this role?
These were some of the comments by several colleagues when they realized that I was selected to be the first employee in the newly formed Risk and Internal Control Department of my company – and that I had accepted it!
How I got into a Risk and Internal Control career
If I look back, very little in my career till then (of about 20 years) had suggested that I would be approached for such a role (frankly such a role never existed!). I graduated in commerce way back in 1989 (ancient by today’s standards!). I simultaneously completed my Graduation from the Institute of Cost and Works Accountants of India (ICWA) and the course was so intense that I decided that I no longer wanted to study on a full time basis.
So at a ripe old age of 20 I decided to go for a job. I had the good fortune of working in several companies and functions mainly management consulting, management accounting, financial accounting, business development, information technology and even heading a start-up for a few years before I actually landed up with this role.
My approach when I was asked for taking up this role was very simple – if my company believes I can contribute well to a role then, it must be true; this is the philosophy based on which I had lead my entire career and if you ask me, I have absolutely no regrets in saying “Yes” to almost everything that has come my way back till then.
It was a roller coaster ride in the initial years, very tough to manage the change within the company (you can imagine how it must be!) but it was very interesting as well. Contrary to what many believe, Internal Control as a topic (which is most associated with documentation, slowing down processes etc.) can actually be a very enriching and can be used as an important tool to highlight internal risks within an organization which was hitherto hidden from management at all levels.
I had several experiences of “why”, opposition, escalations etc. but I stuck to it. There were times when very senior managers were against me, but I was lucky to get the support of some other senior managers. I made several friends and had interaction with every business and corporate function of the company.
3 years later, I was made the Head of the department which also included other areas like Enterprise Risk Management and Governance and today I must say it has been an extremely rewarding experience.
Day in the life of a Risk and Internal Control Manager
How does a typical day of a Risk and Internal Control Manager look like? No day is the same as the previous day – every day there is something new waiting for you. On a given day,
- it could be about defining controls;
- having a deep discussion on how a certain process can be improved,
- analyzing how a certain industry trend could severely impact the organization;
- Investigating why a certain control failed (e.g. a supplier was paid twice for the same invoice);
- A leadership meeting;
- A tough discussion on control deficiencies;
- An interaction with internal audit on what topics they should focus on.
There are a few interesting aspects about the role:
- People have an intuitive way of managing risks. Hence most risks are actually managed even before they hit the formal risk management system.
- We need to make the process relevant for the business. If not, there is no motivation for the business to follow a risk management system.
- We have to figure out a way by which it does not become an “Us v/s Them” (Corporate v/s Business) game. It should be positions as “We” (The Company) v/s “The Risk” (The external factor).
- We have the challenge of making people recognize that they are not really manage the right risks without making them feel insecure.
- Any topic can completely get blown out of proportion; any topic could get escalated immediately.
What do I like about this role:
- It gives me a vast canvas, I get to know processes in the entire organization
- It allows me to influence a huge amount of change within the organization in a structured manner (very often without people even realizing it);
- I feel good about being able to empower people;
- I get a good amount of respect at all levels (at least I think so J based on the way people talk to me);
- I was able to make an industry forum on Enterprise Risk Management. This gave me an opportunity to learn from and make friends in several other large companies;
- I am an convener for an International Business Ethics based association in Mumbai.
Is Risk and Internal Control a good career option for you?
Let me list out some attributes of a person who would like to take up Risk and Internal Control as a career:
- You should love doing a thankless job 🙂 (really, the work itself is the reward!). But believe me – you do end up getting a lot of “Thanks” in the end.
- Qualification-wise, you could be anything; engineer, MBA, CA… but what is most important is that you should have a vast knowledge on business processes and an innate interest and aptitude in analyzing, investigating and understanding risks that impact an organization.
- You also need an eye for what is going wrong in the environment.
- You should love interacting with people at all levels – the real learning on risk and internal control does not come through analyzing processes or conducting control workshops but by informally chatting with people and catching the nuances of what they say.
- You should have strong facilitating and moderating skills.
The breadth of knowledge and interaction skills that you learn from this role can make you ready for a Business Strategy Manager and even a Chief Executive Officer/Chief Financial Officer.
Salary can be rewarding and depends on the employee but I can say it will be on an average higher than what is paid for an Accounting, Taxation or Finance Manager since demand is high (especially in the context of the Companies Act 2013) and supply is low (since not too many people know about this line!).
A few closing thoughts: Looking back, the most important learning is the Power of saying “YES”; you have read several books about how to say “NO” etc. but I haven’t come across any book which makes you say “YES”. “YES” is such a positive word that it can make the most boring topics in life, interesting and enriching. It was easy to say “NO” to a role about which there was no clarity at that time across the organization but I chose to say “YES” and its been great since then.
The second important thing – this may sound clichéd but you must understand the purpose for why the role exists and you must be able to effectively communicate this. Why do we need the role of risk management? Why should we have an Internal Control System? What value do we bring to the table? What happens if we (as a role) do not exist? Get into the root of this and then see it blossoming into a interesting and purposeful experience.