Mikhail Bukhtin, Director of consulting projects of the research center "REA - Risk Management", editor-in-chief of the journal "Financial Risk Management"
“The risk manager must give qualified management recommendations to the bank's management, aimed at a long-term strategy. This is a broader field than financial analytics, and it requires more courage, more ability to take responsibility.
— Mikhail Alexandrovich, you have been working in the banking system since 1993… And even then you were engaged in risk management?
— Then - financial analytics: first, the analysis of interbank loans, setting limits on transactions with banks, then - the analysis of intra-banking activities, planning and budgeting. Risk assessment and management as a separate specialization appeared in Russia since 1997, when the Central Bank of the Russian Federation issued Regulation 509-P "On the organization of internal control in banks", which stated that banks should provide a set of measures "to minimize the risks of banking activities", t .e. create a risk management system. But its widespread creation began only after 2000, when banks began to recover from the financial crisis in 1998.
There was no help or pressure from the Bank of Russia - they worked intuitively. In many ways, everything depended on the enlightenment of the bank's management - directors who received a Western education or an MBA degree understood that it was impossible to work effectively without this. One of the first risk management systems appeared in Alfa-Bank. Then Andrey Kozlov, former Deputy Chairman of the Central Bank of the Russian Federation (1997 - 1999), who briefly headed the Russian Standard commercial bank (before his second arrival at the Bank of Russia), introduced appropriate approaches to organizing risk management systems there, and things started to go ...
— AT In 2000 - 2009 you were the head of risk management departments in several large banks. Where does the creation of a risk management system usually begin?
— As a rule, the deputy chairman of the board or the head of the risk management department (this department can be called differently) is appointed responsible for the direction. Its risk managers evaluate the performance of the main divisions and identify their weaknesses. Then they prepare a report for top management, assess the weaknesses in business processes, IT support and methodology, and propose a plan for embedding procedures for identifying, assessing and managing risks into ongoing operations. Sometimes the heads of risk management units try to "skip" this stage - it seems to them that they have found one weak spot, and they must immediately eliminate it. This must be done systematically - otherwise risk management will become one-sided, and itself will become the weak point of the bank - in full accordance with the well-known aphorism of Kozma Prutkov.
When risk management standards and methodologies are developed and implemented in all banking processes and they are followed by relevant committees, we can say that the system has been created. For each of the areas there are "support" managers - they take on part of the processes of integrated procedures. This takes two to three years. Then you can either leave the created system to a bank and go to another, or stay in it and develop further on this base, relying on selected and trained people and on the infrastructure created.
— Heads of other departments are probably happy to help risk managers find gaps in their work?
— At first, there is almost complete rejection. The entire history of the creation of risk management in Russian banks from 2000 to 2008, until the second crisis, went against the backdrop of overcoming the reluctance and resistance to this of the directors of other divisions.
What manager would want someone to control him, demand an account and prove that the high or underestimated risk taken is justified by a higher income? Many times I have seen how the first "risk people" tried to give recommendations timidly. The authoritative leaders of the banking business units started to simply “break” them right off the bat - criticize, find shortcomings (and who doesn’t have them?) And inflate them, showing the incompetence of specialists. So they had to be in no way inferior to those being tested. Psychologically, it was very difficult to work in this structure, but in that “crucible” the first cohort of Russian risk managers who came out from within the banking community was forged. Someone managed to become a professional and independent risk manager, and someone chose the path of compromises and “servicing” business tasks, giving the appearance of acceptable risk to essentially high-risk operations and strategies that banks were led by their managers or owners, solving momentary tasks . Each risk taker found his role and his niche, and some of the risk takers then left this profession and moved into business.
— Who chose this job then and chooses now?
— Ten years ago, young specialists went to risk managers and, as a rule, they already had banking experience. You had to succeed in the direction in which you were first placed and move on. The best representatives of the "economic", "banking" youth tried to take risks, there were also many former mathematicians, physicists, technologists...
In recent years, the profession of a risk manager has become more widespread and popular; it is considered as prestigious as the profession of a credit manager or a trader. More mature people come to it - in particular, former employees of audit, internal control, and they bring their own culture, an independent position in relation to business. In the late 1990s, it was a young enthusiasm, now it is gone. People, having received the first “blows” from partners, the lessons of crises, layoffs and reorganizations, have now cooled down, focusing more on technical, calculated, i.e. a quieter, non-political niche of risk management.
— You started with financial analytics - how is risk management different from it?
— A financial analyst operates within a field that is well known to him, where the tools are already known and well described in professional literature, consecrated by authorities. He usually does not write conclusions and recommendations outside of standard approaches and formats. And the risk manager always has to deal with a new object - with an indefinite analysis and evaluation toolkit, with a lack of statistics and established causal relationships between the parameters of previously made decisions and their consequences. And you have to offer limits, control measures, give management recommendations in the face of uncertainty - this is a wider area than financial analytics, and it requires more courage, more ability to take responsibility. The work of a risk manager is based on expert, professional opinion, which is easier to criticize or obstruct.
— What for this purpose it is necessary to have preparation, what to know?
— Risk managers have a very broad specialization. It's like asking what a graduate of an economic university should know in order to work in a bank. But which department? Trader? In the credit department? In accounting?
I would single out 4 main areas that you need to learn as a student.
Firstly, you need to know the statistics, not be afraid of calculations, without this you will not get qualifying diplomas of a risk manager - where 70% of the tasks are for knowledge of mathematics.
Secondly, the economics of the enterprise, economic and financial analysis - in order to be able to assess credit and business risks.
Third, how do they work? financial markets how it works exchange trading and everything connected with it in order to be able to assess market risks.
And one more, fifth wish - we must actively master software. Very often, a young risk manager is given a task: to collect, analyze, process information, and he must be able to quickly create such a macro program in standard applications.
Many students of economic specialties already from the 4th year get a job in banks or in financial companies analysts. Someone starts with a job in the credit department or in the front office, and only then tries to move on to risk analysis - everyone has their own way.
— What specializations can they choose? And is it difficult to move from one to another?
— Now risk management is very differentiated: there are specialists in corporate, credit, market, and other risks. There was specialization before, but to a lesser extent. The intersection of knowledge is possible only if this is a person of the “old leaven” and he worked in one direction, then, by the will of fate, he ended up in another, or was “at the origins” when these directions began to diverge.
Today, a person from corporate credit risk will not be taken to retail. This is a completely different technology, a different view, a different mentality. The bank is more likely to choose a specialist from the retail business who knows how to offer different products, calculate the profitability of a product, and understand the structure of losses. Similarly - market risks: they would rather take a former trader, a treasury employee or an employee of the financial service of a bank involved in planning or budgeting, rather than from retail or corporate risks.
— How is the work of a risk manager assessed? Where is the pinnacle of his career?
— Work is judged on how often recommendations match subsequent results. In terms of market risks - have you assessed them correctly, how do you control them. It is necessary to ensure the profitability of operations - and reduce losses, or at least keep them at a certain level.
Regular, ongoing risks can be seen with some experience. For example, if a company's debt exceeds its annual profit by 3-5 times, it will have problems repaying the loan. But there are also irregular risks - political ones, due to crisis phenomena. It is impossible to calculate everything, but there is the concept of individual risk and portfolio risk. During a massive crisis, losses increase across the entire portfolio of loans, they need to be closed with their own coverage funds. This is a task not only of risk management, but also of the bank's management: it must see and solve these issues systematically.
The "top" of a specialist's career - from the head of bank risks to a member of the board, deputy chairman. I even know banks where this deputy went further and became the chairman of the board. For the bank, this is a kind of challenge. After all, as a rule, a risk manager is the bearer of innovative technologies and views, and he can extend these views to management, technologies, and business processes. But usually people from business are appointed as chairmen of the board so that they provide, first of all, income and ambitious strategic goals, and as soon as the crisis begins, these incomes and “goals” turn into huge losses.
— In what areas are bank risk managers most in demand now?
— In retail and market risks: banks will integrate into and manage financial markets.
In lending individuals and small entrepreneurs. Demand for risks legal entities we have traditionally at the same level - in third place.
I would put operational risks in last place. To manage them, new technologies must be introduced, and Russian banks are not ready for this. Retail and market risks are more obvious to them, although the borrower's default may be based on the same operational risk - incorrect analysis, collusion between a manager and a client, etc. But so far we do not understand this. The first to implement operational risk assessment were Alfa-Bank and Russian Standard back in the early 2000s, then some banks from the top thirty, and the rest look at it rather coolly.
— A few years ago, they talked about Russia's joining the second Basel Accord, which involves the assessment of operational risks plus credit and financial risks. Does it make sense now for a risk manager to study world standards in order to improve their skills?
— The Basel Accord turned out to be somewhat abstract, divorced from our Russian practice. I welcome it in the sense that it outlined the tools and methods for risk assessment. You need to be able to read it and "pass" it through your head, but many of our tools so far have no analogues and practical application. Practicing banker, "blinkered" regulation The Bank of Russia is difficult to understand, but for a beginner who masters international standards and financial instruments in general, it is easier.
A specialist needs to attend seminars, conferences, courses, read specialized books and magazines, try to “immerse himself” in this community, figure it out on his own... Even if you don’t use something yet, you need to be in line with the global information flow. So it is easier then either to go where it is in demand, or still try to introduce this innovation even at home, in a conservative environment.
At the business schools where I teach, I often have to talk about my implementations and innovations. About 15 banks introduced my offers, not only in Russia, but also in other countries - in Belarus, in Kazakhstan, in Latvia. Recently, I was approached by students from a regional bank - 2 years ago they attended a seminar, and then they introduced a risk management system. It is very nice that there are such banks - where you work, it is sometimes difficult to implement new proposals to the end. It has its own culture, structure, distrust of change, and so on. Not every innovation can immediately "go" - first it must find an environment for this.
— And how often do Russian risk managers move from one bank to another in search of a better environment?
— There are two types of banks in Russia now. In some management teams change very often, following the owners - these banks are constantly subject to mergers, sales, purchases, reorganizations. Some kind of “miracle” is expected from the “risk players”. A year has passed, what have you done? What use are you? Prove it! But the risk manager is a "cast" of the bank itself: is its management ready to accept new methods, implement the necessary tools, allocate resources - if not, it's better to leave. In addition, the “fashion” for “risk players” is now growing all the time, and they are simply poached.
But there are other banks - there are not many of them, they are conservative and are not aimed at changing teams, at presenting claims or inflated expectations to specific managers. If the bank's management and shareholders are mature people, they don't expect miracles from people. They have stable teams where they calmly and systematically work on the implementation of relevant technologies and products. There is almost no turnover among the managerial staff, including "risk players". This is both good and bad, bad - because stagnation occurs, and in order to avoid this, fresh people must constantly come to such banks, bringing other cultures. But you can work in these banks calmly, for a long time and fruitfully, if you have your own promising area and adequate motivation. And in banks of the first type: the chairman of the board has changed - new people come, there is a constant turnover. If you get into such a jet, then from the outside it seems that you are a “flyer”.
— Is there more stability in the branches of Western banks? Are their requirements for specialists very different from those of us?
— In the Russian "daughters" of foreign banks, the turnover is even stronger. There is a clash of "ice and fire" - the culture of the Western establishment and our Russian reality. Managers there change very often, once every 1-2 years for sure.
Of course, to work in subsidiary bank a foreign bank needs excellent knowledge of English and Western management culture. They have more formal requirements - work experience in a similar structure, a good education, impeccable personal data, some achievements ... However, most Russian managers do not have high-status diplomas, nor knowledge of English, much less an MBA degree. Often, Western banks, "reluctantly", take the one who is - but behind his back they continue to look for a replacement for him.
Sometimes they find - there are already specialists who have managed to work abroad. But as soon as such a person plunges into Russian specifics, into a different mentality, he turns out to be alien. And the bank pays him a lot of money, although he is less wealthy. The first came out "from below" himself and can "drag" a lot. And the second - with its formal knowledge, is not a "workhorse", but a good "showcase".
One of my colleagues went to London to get an MBA degree and writes: I thought I would learn risk management, but they teach formal mathematical models, exotic options and so on… But when the so-called “random events” - crises regularly occur, they do not fit into any models and bring the biggest losses.
— Some sort of "Russian roulette"?
— Not only Russian, all over the world so. After all, no one could have foreseen that the securitization of mortgage loans - the issuance of bonds by banks to increase their own liquidity secured by such assets - would lead to a global crisis. In the West, they thought that if the risks were hedged, everything would be all right (contracts were concluded between banks and investors to purchase bonds at a certain price, and the risk of a significant price change was borne by the investor).
But when there is a one-sided sharp movement of the market - it turns out that shifting the risk to the other side does not work. (The delinquency on subprime mortgages meant that all mortgage-backed bonds were worthless.) Where were they before? Did you build your own formal model, thinking that they are the smartest and most educated, and that there are “fools” somewhere who will pay them in full for the risks sold to them?
— How big are the chances of a repeat of the last crisis? And have we now begun to create statistical databases on credit risks - to facilitate the work of risk managers?
— Such crises will occur regularly - this is due to the cyclical development of the economy, especially in Russia, which is tied to commodity prices: the demand for oil is also cyclical. Bankers need to understand this and create good capital stocks in the reserve fund and other cover funds, and not spend them on bonuses and runaway development.
In 2006-2007, we had an excess of liquidity in the market, connected both with the inflow of external capital and with high oil prices. These sources of inflow corrupted our banking system: bad borrowers could refinance even without collateral and repay old loans. So it's good that it all ended like this. Smart leaders began to build a credit policy more carefully.
But there are still no general statistical bases on risks. Each bank maintains its own base, while in all civilized states of Europe there is a national bureau, where a common base is collected for analysis both on credit defaults and on operational risk events. And we all keep secrets, we are afraid - what if competitors find out something about us and somehow “use” it?
The Central Bank of the Russian Federation could take over the maintenance of these statistics, but it does not need it, it uses its own data, does not share them with the market, and so far there is no legal regulation for this - therefore, risk management in Russia is less developed than in civilized countries. countries.
— In one of your interviews 5 years ago, you said that in many Russian banks risk managers have to do the analysis “manually”…
— Now there are many new tools - these are scoring systems (for assessing credit risks), IT systems for organizing settlements of individuals, rating systems for corporate clients, there are systems for analyzing the securities market, derivatives, etc. But only large banks - the first 30-50 - already have the technological support for this, the rest work in the same manual mode. It all depends on the enlightenment of the leadership.
It is already understood abroad that “risk-takers” do not interfere with business, but help it make optimal decisions and limit its “appetite” for risk. There are many managers and owners of banks - the second or third generation, we are still the first. Basically, these are people who came from other types of business, the "wild" capitalism of Russia in the early 1990s, and still have not changed their mentality. I know many banks where almost 30-40% of transactions and assets are accepted without the participation of risk management - as a rule, these are some kind of "gray" financing schemes for their own shareholders, their own venture projects, agreements with "special" clients and etc. It is almost impossible to assess the risks in these banks, and the risk-takers are required to write positive reports for auditors, the Central Bank, and rating agencies. Risk managers who excel at this get promoted. All this is sad...
The risk manager should be seen as component business processes, then they will trust him, understand that he contributes to the development of the bank. In fact, this is the culture of entrepreneurship in Russia as a whole - that's when it changes, then there will be a change in the structure of the economy.
Interviewed by Maria Saltykova
The existence of risk as an element of the economic process, as well as the specifics of managerial influences used in this area, led to the emergence of an independent type professional activity - risk management. It is carried out by professional institutes of specialists, Insurance companies, financial managers, risk managers, insurance specialists. Risk manager is a specialist in risk management; risk manager (full-time position in large companies), in functional responsibilities which includes Management of risks.
Tasks of risk managers: detection (identification) of increased hazards; risk assessment based on past statistics, taking into account influencing factors, as well as on the basis of mathematical modeling methods; analysis of the acceptability of the existing level of risk for the organization; development (selection) of risk reduction measures; finding a balance between different (for example, insurance and non-insurance) methods of protection against risks; if a dangerous event has occurred, then taking measures to compensate for the damage caused. The need for a global risk assessment and the adoption of targeted measures to reduce it makes the services of risk managers relevant.
Until recently, in the positions of risk managers, company presidents sought to hire insurance business professionals so that he could be a buffer between the company's management and mysterious world insurers. Thanks to the efforts of risk managers, who came up with many new tools and techniques and simplified everything as much as they could, risk management has become much more than the formation of a company's property insurance program.
Currently, the following requirements are imposed on the qualities of persons applying for the positions of risk managers: excellent communication skills and abilities (communicator); having the mindset of an entrepreneur (businessman); competence in risk management (specialist); knowledge of the industry in which the firm operates.
There are two types of risk specialists:
- risk manager generalist, i.e. the general risk manager of the firm
us or a CRO (Chief Risk Officer) who is required to be proactive
strategist leader. He is obliged to provide the firm with adequate, well-coordinated
and economical maneuvering in a multidimensional dynamic risk field.
This is one of the top managers of the company, who owns integration methods.
advanced risk management. According to a study conducted in 2000-
2001 in the US: 85% of CROs work in energy, utilities,
Chapter 7
insurance, banking and financial services; 50% of surveyed organizations have held a CRO position only in the last 2 years, 20% in the last 3 years and only 1% in the last 5 years; 45% of CROs report directly to the top executive of the organization; 35% - to the chief financial officer of the organization and 20% - to other officials;
- risk manager a specialist who needs only to be an expert in his narrow field within a broad field of knowledge about risks and their management. Specialists in identification, analysis, monitoring and specific types of risk help the generalist to form and justify an integrated risk management program.
In commercial, financial, government and other organizations, risk managers mainly worked with insured risks. At the same time, line managers are primarily interested in business risks associated with competitive, operational and personnel uncertainties. However, both of them strive for the same goals, are guided by financial results solve similar problems. It follows that any management in business is one way or another risk management, and any line manager is to a large extent a generalist risk manager. Each employee of the company at his workplace is obliged to work in the most productive of all safe methods. This is not only a legal and general humanistic requirement: such work is economically beneficial. In a market society, it is the firm that is responsible for repairing all damages that have occurred due to its action or inaction. And claims for such damages can be catastrophic. In short, in modern world each employee (and, in principle, each individual person) to a large extent becomes a risk manager; risk management itself in a well-managed company becomes a shared, collective profession. It is this approach that allows us to resolve the contradiction between the expansion of the need for risk managers and the high requirements for them.
An analysis of existing trends shows that most of the known risks are growing and many new risks are emerging, including those associated with the globalization of the world economy, global natural processes and global trends. scientific and technological progress. Therefore, the role of risk management is changing. From auxiliary work on the calculation of the insurance program of the company, he becomes a full-fledged, and maybe even the leading function of managing the company. The possibilities of identifying, analyzing and monitoring risks are also being strengthened. This requires high professionalism from risk managers. Judging by the development of attention to this problem in the last twenty years, in the near future most medium and large firms will have a conscious risk management mechanism. Established risk management units will be small but well-equipped, capable of achieving sufficient security with minimal means. The employees of these divisions will probably be the most educated and active employees of the firm. In small firms, risk management functions will increasingly be given to their owners and managers. Market technical means security will rise rapidly.
Risk management systems in various fields
Attention to risk as a natural component of technological civilization will increase throughout society. According to these trends, the social prestige of the risk manager profession and the demand for professionals in this field will grow.
Information and education on risk management goes far beyond the simple training of risk managers. In today's information society, education and possession of information in any field become strength factors, and in risk management they become even survival factors. Most modern approach to the training of employees in the field of risk management is focused on changing the corporate culture towards adequate sensitivity to risk and qualified caution.
36.6
Official partner of the section
Financial University
under the Government of the Russian Federation
Leading university in the field of training economists, financiers, lawyers in financial law.
Do you want to become an economist?
Read about choosing a profession, specialties, admission conditions, the learning process and much more in the Economics and Finance section
For friends!
Reference
Risk is the potential danger of some unfavorable outcome and contains the likelihood and consequences of the occurrence of an unfavorable event. Risk assessment is the process of identifying factors and types of risk, their quantitative assessment. It means an estimate of the likelihood that the return on the investment received will differ from the expected one. The risk assessment includes not only unfavorable outcomes (income lower than expected), but also favorable outcomes (income higher than expected). The following types of risk are distinguished: credit, operational, investment, market, legal, insurance, exchange, transport, competitive, risk of loss business reputation and staffing uncertainties.
Useful articles
Description of activity
The activity of a risk assessment manager is work using knowledge in the field of risk management, banking, the securities market, accounting, fundamentals of law, international standards, statistics, higher mathematics and mathematical modeling. The activity of a specialist is related to the skills of programming and knowledge of the English language.
Wage
average in Moscow:average for St. Petersburg:
Job responsibilities
The risk assessment manager performs risk analysis for the bank, analysis of bond issuers. Controls the maintenance of limits. Performs coordination of activities structural divisions risk management bank. Ensures compliance with policies, procedures, risk management standards of business units. Develops a decision-making methodology. Calculates the level of default, determines its dynamics and analyzes the causes of changes in the whole loan portfolio and in the context of loan products. Performs risk assessments for new loan products and commodity groups. Performs analysis of securities and investments in the stock market, anti-crisis management.
Executive Director of RusRisk,
Ph.D. Shemyakina T. Yu.
Awareness of the importance of risk management is also coming to Russian business.
As you know, risk is understood as the probability of obtaining an unfavorable result that can lead to losses, and therefore risk management should include the processes of identifying, assessing and optimizing its level with subsequent monitoring.
According to the magazines "Risk Management" and "Company", over the past three years, the demand for specialists in the field of risk management has increased almost seven times. The market for these services is growing at least tens of percent a year, enterprises are paying more and more attention not to current problems, but to possible tomorrow's risks.
The specifics of the current perception of possible threats by Russian business can be illustrated by survey data.
Source: Report on the conference "Insurance and reinsurance in the risk management system" big business», organized company"Russian Policy Information Group" with the support of the Russian Society for Risk Management (RusRisk).
According to the Risk Management magazine, the following risks will become the most significant in the next five years (in descending order):
- reputational,
- regulatory,
- the risk of missing out on strategic business development opportunities and the dangers associated with outsourcing service providers,
- political risks,
- strategic partnership risks,
- consequences of climate change,
- New generation IT threats,
- the risk of pandemics
- economic instability,
- terrorist threat,
- rise in organized crime
- increased competition from abroad.
The expert survey "Assessment of the development of risk management in Russia" identified the main problems of increasing the level and quality of risk management (% of the number of respondents is given):
Source: Russian Polis magazine.
According to a survey by the British magazine StrategicRISK, in the future, many issues will be addressed outside the traditional ways of transferring risks. In five years, risk management will focus primarily on managing operational risk.
A more aggressive approach to risk management, as opposed to simple risk reduction, will be used more widely. A significant part of the responsibility will be transferred to line managers. The role of risk managers will primarily be to coordinate risk analysis, loss prevention and risk transfer strategies. Risk management will be perceived as specialized view non-auditor activities, and risk managers will be given a higher status in the organization - at the level of the board of directors - and will be able to deal with a wider range of issues related to strategic planning, organizational policy development, production, quality management and decision-making.
Profession risk manager
Twenty years ago, as risk managers, company presidents sought to hire insurance business professionals to act as a buffer between company management and the enigmatic world of insurers. According to Tillinghast-Towers Perrin's report "Enterprise Risk Management: Trends and Emerging Practices", typical modern enterprise risk managers are not highly specialized in risk management - their careers have developed in most cases in more general management functions (including number - internal audit). This confirms that the risk manager is required to have the preventive thinking of the head-strategist and coach.
In the field of risk management, the profession of a specialist risk manager is also being formed. Specialists in identification, analysis, monitoring and specific types of risk help to form and justify an integrated risk management program.
In commercial, financial, government organizations, educational institutions, in almost all organizations, risk managers mainly worked with insured risks. At the same time, line managers are primarily interested in business risks such as competitive, operational and personnel uncertainties. It follows that any management in business is one way or another risk management, and any line manager is to a large extent a risk manager.
In a market society, it is the firm that is responsible for paying all damages that have occurred due to its action or inaction. And claims for such damages can be significant. In today's world, every employee becomes a risk manager to a large extent, risk management itself in a well-managed company becomes a "shared collective profession." It is this approach that allows us to resolve the contradiction between the expansion of the need for risk managers and the high requirements placed on them.
What are the specific requirements for professional risk managers.
Criterion 1. The effectiveness of the risk management program developed and implemented in the organization.
Criterion 2. One or more major organizational issues identified and resolved by the risk manager.
Criterion 3. Ability to inventively apply a wide range of risk management and insurance tools.
Criterion 4. Examples of creative and effective use of the insurance market opportunities to create an organization's protection system.
Criterion 5. Contribute to the creation of an intelligence system within and outside the organization that effectively collects and stores information about risks, events and activities that affect the organization's risk management and insurance.
Criterion 6. The ability to competently manage the risk management unit and perform the risk management function in other parts of the organization.
Criterion 7. Achieving the most cost effective effective work risk management programs in the long term.
Criterion 8. Achievement of the highest qualification in one or more broad areas leading to better management of the organization's core operations.
Criterion 9. The manifestation of attitude and active actions to strengthen and develop the profession of "risk manager".
Criterion 10. Continuing education in the field of risk management.
In order to outline state of the art professions in developed countries, here are some statistics. According to a study by the Center for Risk Management at the enterprises of the State of Georgia and the Tillinghast Towers Perrin agency, 85% of CRO (Chief Risk Officer - at Russian enterprises similar functions today are performed by heads of risk management departments or internal control and audit departments, such specialists work in energy, utilities, insurance, banks and financial services), 50% of the organizations surveyed reported that they had a CRO position only in the last 2 years, 20% in the last 3 years and only 1% in the last 5 years.
There are three main reasons for creating such a position in enterprises and companies of Russian business: 1) centralization and coordination of risk management; 2) implementation of an integrated approach to risk management; 3) improving the awareness of management, the board of directors and other interested groups about the risk position of the organization.
The most important qualification components for a CRO position are: communication skills (18%), ability to manage (8%), knowledge of accounting and reporting (accounting) (15%), knowledge of finance (22%), knowledge of mathematics and statistics (24%) , education in the field of risk management (13%).
Risk management services are often formed in the form of small units capable of achieving a sufficiently high business security with minimal means. This requires an increasing level of professionalism from risk managers. The staff members of these units should be well educated and active employees of the firm. In small firms, risk management functions will increasingly be given to their owners and managers.
The subordination of the risk management service can be different: 45% of CROs are directly subordinate to the top manager of the organization; 35% - to the chief financial officer of the organization and 20% - to other officials.
In the foreseeable future, CRO positions will be created by: financial and infrastructure, trading companies, telecommunications companies and large multinational companies, as well as integrated risk management services will be formed in many firms in most industries.
Risk Management Process
Risk management ensures the achievement of the company's goals and objectives and, accordingly, contributes to its capitalization, development and image due to:
- applications systems approach which allows planning and carrying out long-term activities of the organization.
- improving the decision-making process and strategic planning by forming an understanding of the structure of business processes occurring in environment changes, opportunities and threats to the company.
- contribution to the most efficient use/allocation of the capital and resources of the organization.
- protecting the property interests of the company.
- optimization of business processes.
- Improving the skills of employees and creating an organizational base of "knowledge".
Risk management is a central part strategic management companies. This is a process by which the company systematically analyzes the risks of each type of activity in order to achieve maximum efficiency of its activities and, accordingly, increase the value of the company.
Risk management as one system management includes a program of control over the fulfillment of the tasks set, an assessment of the effectiveness of the measures taken, as well as a personnel incentive system at all levels of the company's management.
Risk management must be incorporated into the general culture of the company, accepted and approved by the management, and then communicated to each employee of the company as a general development program with specific objectives.
The risk management process includes a sequence of tasks to develop the strategic goals and objectives of the company; risk diagnosis and identification, description and measurement; risk assessment and risk reporting; development of a risk management program and distribution of risk management functions in the company; monitoring the risk management process (Fig. 1).
The risks to which a company is exposed may arise from both internal and external factors. The diagram below (Figure 2) shows the key risks arising from internal and external factors. Risks are differentiated into the following categories - strategic, financial, operational, dangers.
Different levels of company management require different details of risk information:
The board of directors (shareholders) must be aware of the risks the company faces; monitor the implementation of the risk management program; know the anti-crisis program; maintain the image of the company.
The structural unit of the company must clearly know the risks that fall within the scope of its direct activities; have clear process indicators that allow ongoing monitoring of the effectiveness of the risk management program; report systematically to management on the performance of the risk management program.
Each employee must understand his/her contribution to the overall risk management program, understand the importance of the risk management system for the corporate culture, and promptly report to their direct management on any changes or deviations in the risk management program.
Which specialists work in the company's risk management service
1. Specialist in the organization of the risk management process
Must have good organizational and coordination skills as mainly performs administrative functions, for example, drawing up a register and a risk map, convenes a risk committee, monitors the formation of action plans for risk management. At the same time, in its activities, it must be guided exclusively by the approved corporate risk management standard and the company's instructions.
2. Risk Assessor
Must have good skills in mathematical modeling, as well as good knowledge theory of probability and mathematical statistics. At the initial stage, it is not necessary to have any qualification in risk management. Since the process of implementing the cycle corporate governance risks inevitably passes through the risk assessment stage, then the risk management service must necessarily have an employee with sufficient skills and knowledge for this. Like other employees of the risk management unit, he must be guided by the company's regulatory and methodological framework for risk management and management instructions.
3. Expert (analyst) on production risks
On the one hand, the activity of each company in the real sector is unique and specific. On the other hand, the main internal risks of the company are operational risks, which include the production risks of the real sector company. Qualitatively identify production risks and participate in the processes of planning measures to manage production risks can only be an employee who is an expert in exactly that production activities that is specific to a particular company. This employee can be drawn either from the relevant production business units of the company, or from other companies in the industry, but in any case, it must have specific production experience.
As the necessary experience and qualifications in risk management are obtained, the activities of employees in the organization of the risk management process, risk assessment and production risks can be combined, and the number of these employees is optimized. At the same time, of course, it depends solely on the motivation of each individual employee to obtain related competencies, i.e. from their aspirations to their own universalization within the framework of the company's risk management and their own participation in this process.
If the company has implemented and operates integrated system risk management (CRMS), the following specialists may also be involved.
1. Employee for IT support of the CRMS
If a company plans to implement or has already implemented an IT system that supports risk management processes in accordance with the corporate risk management standard, then the administrator of this system must be part of the risk management department. However, the responsibility of the administrator of the IT system for risk management should lie with the person responsible for organizing the risk management process.
2. Occupational Health and Safety Risk Officer
3. Environmental Risk Officer
4. Risk Officer information security
Occupational health and industrial safety system, system environmental management, the information security management system should be subsystems of the corporate risk management system, especially since the risk management methodology is the same, no matter what risks it relates to.
At the same time, health and safety management systems, environmental management and information security are among the most implemented standards in the world and the Russian Federation, in terms of the frequency of implementation in companies (along with quality management standards). On the other hand, if we examine the relevant basic standards of these systems, then they are talking about risk management. AT Russian companies even before the introduction of a corporate risk management system, one can often find the presence of the above systems implemented or being implemented. Of course, the employees responsible for these systems should ideologically report to the company's head of risk management. However, due to the specifics and uniqueness of the situation in each individual company, at the initial stage, this accountability can only be implemented functionally, i.e. without direct organizational involvement in the risk management unit.
After the CRMS is implemented, and the risk managers gain sufficient qualifications (competence) to manage these three systems, appropriate organizational changes, leading to the organic entry of these systems into a single corporate system risk management.
5. Market risk officer
This is an employee dealing with the so-called market risks: currency; percentage; price (commodity). That is, the risks of fluctuations in foreign exchange rates, fluctuations in interest rates, as well as fluctuations in market prices for the company's products and for raw materials consumed by the company, electricity, etc.
Managing these risks is often accompanied by working with forwards, futures, options, swaps and other market risk management tools for companies in the real sector of the economy.
At the same time, it is often found that market risk management using the above methods is carried out by one of the divisions of the company's "financial block" long before the start of the implementation of the CRMS.
The profession of a risk manager in Russia in recent years has been increasingly declaring its necessity, since uncertainty and possible losses must be foreseen and their impact on the business must be limited, and not deal with the existing consequences.
This needs to be learned!
Literature
- MA Rogov The Concept of Development of the Russian Society for Risk Management. - M., 2009
- Risk Management: Textbook / Ed. I. Yurgens.- M .: "Dashkov and K", 2003
- Risk management standards. FARM, 2003
Seminar "Competencies of a risk manager"
The speakers from RusRisk will be:
- Shemyakina Tatiana (executive director)
- Lyubov Belousova
Participation in the seminar is free.
Please take part in.
Risk managers examine business processes, assess the strengths and weaknesses of the company, analyze the threat of losses and identify sources of danger, and participate in the development of a risk management strategy. The competence of these specialists includes the control of risk indicators, the economic assessment of risks, the development and implementation of measures to prevent or minimize them.
Salary offers for risk managers in Moscow average 65,000 rubles. per month. In St. Petersburg, similar specialists can count on an income of about 50,000 rubles. In Yekaterinburg, risk managers earn an average of 40,000 rubles. monthly, in Nizhny Novgorod - 30,000 rubles. Data for other cities participating in the study are presented below (see tables).
Graduates of financial, economic or mathematical faculties of universities with at least 1 year experience as an analyst or financial manager can apply for the position of a risk manager. Employers require job seekers to know the basics accounting and financial analysis, statistical methods analysis and forecasting, methods for identifying, assessing and reducing risks. Skills in working with large data arrays are in demand. Applicants also need to be computer proficient (MS Office, SPSS, possibly SAS). Novice risk managers in the capital earn from 35,000 to 40,000 rubles, in the city on the Neva - from 25,000 to 30,000 rubles, in Yekaterinburg - from 20,000 to 25,000 rubles, in Nizhny Novgorod - from 15,000 to 20,000 rubles.
Risk managers with more than 1 year of experience can count on higher income. The main requirements of vacancies relate to the fact that candidates have the skills to analyze the financial and economic activities of the organization. competitive advantage knowledge will serve in employment of English language at a conversational or fluent level. Salary offers for such specialists in Moscow reach 55,000 rubles, in the northern capital - 45,000 rubles, in Yekaterinburg - 35,000 rubles, in Nizhny Novgorod - 25,000 rubles.
Risk managers with at least 2 years of work experience with business process analysis skills and experience economic evaluation risks, in Moscow they can claim income up to 85,000 rubles, in St. Petersburg - up to 65,000 rubles, in Yekaterinburg - up to 50,000 rubles, in Nizhny Novgorod - up to 42,000 rubles.
Employers offer maximum earnings to certified specialists with at least 3 years of work experience in risk management. Applicants' experience in the field of strategic forecasting, model building and an effective risk management system is in demand. Applicants must also have the skills to successfully implement measures that minimize or eliminate the impact of risks. An additional advantage for experienced risk managers is knowledge of IFRS. The highest salary offers recorded at the moment in the capital are 200,000 rubles, in St. Petersburg - 155,000 rubles, in Yekaterinburg - 125,000 rubles, in Nizhny Novgorod - 90,000 rubles.
According to a labor market survey, among applicants for the position of a risk manager, the majority are young men with higher education. Representatives of the strong half of humanity in this field of activity are 61%. The majority of applicants (53%) are under 30 years old. Higher education 93% of risk managers have. 30% of specialists are fluent in English.
Research regions: gg. Moscow, St. Petersburg, Volgograd, Yekaterinburg, Kazan, Nizhny Novgorod, Novosibirsk, Rostov-on-Don, Omsk, Samara, Ufa, Chelyabinsk
Time of the study: January 2012
Unit of measurement: Russian ruble
Object of study: offers of employers and expectations of applicants for the position of "Risk Manager"
Typical functionality:
Participation in the development of a risk management strategy;
- analysis and evaluation of strengths and weaknesses organizations, business process analysis;
- identification of threats of losses and identification of sources of risks;
- economic risk assessment;
- development and implementation of measures to prevent / minimize risks;
- control of risk indicators;
- improvement of business processes to eliminate possible risks;
- reporting.
Position requirements: type of employment - full time.
The level of remuneration of a specialist is determined by the welfare of the company, the list official duties, work experience in the specialty, the level of development of professional skills.
Examination of the data array about wages in the studied regions allows us to distinguish 4 main salary ranges depending on the experience and professional skills of specialists.
Analysis of information on the levels of remuneration of a specialist:
(excluding bonuses, additional benefits and compensations)
| Region | Average | Range I No work experience |
Range II With minimal work experience |
Range III With work experience |
Range IV With significant experience |
| Moscow | 65 000 | 35 000 - 40 000 | 40 000 - 55 000 | 55 000 - 85 000 | 85 000 - 200 000 |
| St. Petersburg | 50 000 | 25 000 - 30 000 | 30 000 - 45 000 | 45 000 - 65 000 | 65 000 - 155 000 |
| Volgograd | 30 000 | 15 000 - 18 000 | 18 000 - 25 000 | 25 000 - 37 000 | 37 000 - 90 000 |
| Yekaterinburg | 40 000 | 20 000 - 25 000 | 25 000 - 35 000 | 35 000 - 50 000 | 50 000 - 125 000 |
| Kazan | 30 000 | 15 000 - 18 000 | 18 000 - 25 000 | 25 000 - 40 000 | 40 000 - 90 000 |
| Nizhny Novgorod | 30 000 | 15 000 - 20 000 | 20 000 - 25 000 | 25 000 - 42 000 | 42 000 - 90 000 |
| Novosibirsk | 35 000 | 20 000 - 22 000 | 22 000 - 30 000 | 30 000 - 50 000 | 50 000 - 110 000 |
| Omsk | 30 000 | 17 000 - 20 000 | 20 000 - 27 000 | 27 000 - 40 000 | 40 000 - 95 000 |
| Rostov-on-Don | 33 000 | 18 000 - 20 000 | 20 000 - 25 000 | 25 000 - 45 000 | 45 000 - 100 000 |
| Samara | 35 000 | 18 000 - 22 000 | 22 000 - 28 000 | 28 000 - 45 000 | 45 000 - 100 000 |
| Ufa | 30 000 | 15 000 - 18 000 | 18 000 - 25 000 | 25 000 - 38 000 | 38 000 - 90 000 |
| Chelyabinsk | 35 000 | 20 000 - 23 000 | 23 000 - 30 000 | 30 000 - 48 000 | 48 000 - 110 000 |
Explanations for the table »
Each salary range is characterized by a certain typical set of requirements and wishes for the candidate. Each subsequent salary range includes the requirements formulated for the previous ones.
| Salary range | Requirements and wishes for professional skills |
| I No experience in this position |
- Higher education (financial / economic / mathematical) - Confident PC user (MS Office, SPSS, possibly SAS) - Analytic mind - Ability to work with large datasets - Knowledge of statistical methods of analysis and forecasting - Basic knowledge of accounting and financial analysis - Knowledge of methods for identifying, assessing and reducing risks - Knowledge of English at a basic level - At least 1 year experience as a financial manager/analyst |
| II Minimum experience in this position |
- Skills for analyzing the financial and economic activities of the organization - At least 1 year experience as a risk manager Possible Desire: Knowledge of English at a conversational or fluent level |
| III With experience in this position |
- Business process analysis skills - Experience in economic risk assessment - At least 2 years of experience as a risk manager |
| IV With significant experience in this position |
- Availability of professional certificates and attestations - Experience in building models, strategic forecasting - Experience in building an effective risk management system - Experience in implementing measures that minimize / eliminate the impact of risks - 3+ years of experience as a risk manager Possible wish: knowledge of IFRS |
Applicant portrait
Class tweet
Blog embed code
Risk manager
The research center of the recruiting portal in January 2012 studied the offers of employers and the expectations of applicants for the position of "Risk Manager" in 12 cities of Russia.
How to disable ads on Android: remove pop-up ads
The Russian received a term and a million fine for "piracy Negative consequences of the law
Identification of key factors
The criteria for classifying organizations and individual entrepreneurs as small and medium-sized businesses have changed
See what "Royalty" is in other dictionaries Pitfalls of legislation