What are risk management skills? A list.

Risk management skills are not easy to list, as there are multiple types and subtypes of risk management. Therefore, it is rather a question of illustrating several appropriate skills, in which one will have to grow continuously. But some of them can be called generic.
In this post I give my own opinion, not that of any organization.
Author: Manu Steens

Skills for which risk management?

I make a rudimentary distinction here between operational, tactical, and strategic risk management.

Operational risk management is all about the workplace.

Tactical risk management is all about organization-wide processes and projects.

Strategic risk management is all about the strategic direction decided upon by top management.

What skills can be associated with each of them?

Operational Risk Management (ORM)

Here, risk management is very task oriented. Occupational safety is particularly important here. But also, the possibility of carrying out measurements of the work and the interpretation of those measurements. Sufficient operational product knowledge is required to be able to manage preventive maintenance, among other things. In addition, it takes the practical mind to realize where the thorny issues are in your specific workplace. This requires a good ear and contact skills with the people in the workplace. After all, people in the workplace benefit from an interpersonal sense of safety. That works both ways.

In addition to the technical and social skills, a good knowledge of the organization specific ORM is required: how to do operational risk management.

A good awareness of the status of the suppliers of raw materials and semi-finished products is an important added value for estimating future work situations. In addition, a knowledge of how their situation is in the short term, a few weeks to months, is sufficient. Personal contacts in the supply chain are a plus.

Further, one needs the skill to communicate with the higher-ups in the risk management hierarchy. Who that is, depends on the organization of the Risk Management System.

Tactical Risk Management (TRM)

This is mainly risk management with regard to organization-wide processes, such as ICT, but also HR with the recruitment and payment of wages. And, in a way, the mailroom of the business unit also applies here, although this can be considered operational. Another example is the purchasing service. There are differences in terms of risks here. For example, purchases may be susceptible to fraud, while ICT’s stock may be susceptible to theft. In other words, the risk manager needs to have good contact with the owner of each of the processes.

That contact must be built up with them, preferably also outside the purely professional contacts, but also “at the coffee machine”.

The risk techniques used by the TRM are sometimes analogous to those of the ORM. Perhaps the biggest differences are in the risk typology. In other words, in the set-up of the risk universe. This can be profoundly different from the ORM because people here are ‘busy with other things’.

Strategic risk management

This is not the easiest. For strategic risk management, there are four main sources of risk. These are the future scenarios depending on the direction you want to go, the grey Rhinos, which are on the horizon but are coming to your organization, the National Risk Assessment, which is mandatory by Europe for each of the Member States, and finally the “wicked problems”. The latter are no longer risks in the sense that they already occur and can therefore no longer be dealt with preventively. One can only reduce their impact.

These risks require a good look at the environment. To this end, there is the acronym ‘STEEPLD’, which stands for: Social/Societal, Technical, Economic, Environmental, Political, Legal, Demographic. This acronym sums up the risk typology of strategic risk management. So, the question that is asked is: “What situation in the area can disrupt these plans?”. In doing so, the risk manager is a facilitator rather than a discussion partner to elicit the risks and problems from top management. This is not about the low-hanging fruit. The employees are entitled to the low-hanging fruit.

Generic risk management skills

When thinking more deeply about the operational, tactical, and strategic risk management skills, a number of skills coincide at the helicopter level. These can partly be found in risk management standards, such as risk identification, risk analysis, risk evaluation, risk reporting, devising measures and monitoring the situation in the internal or external environment, etc.

Other skills are not so clearly mentioned, such as analytical skills to see through complicated, complex, or even chaotic situations and their implications, often on a financial and social level. So financial literacy is an advantage. At the very least, you should understand the financial indicators that the Chief Finance Officer uses.

The ability to put the perceived situation into words and make it understandable to both top management and employees at all levels of the organization. Much more has been written about difficult decisions being made by top management, but those decisions also need to be prepared, often by the risk manager. He must do that with as little bias as possible. So often it’s best not to be alone.

The skill of problem-solving is the greatest asset. These solutions must be able to adapt to changing business environments, so a flexible way of adapting is needed for the organization. Risk management is at the root of this. These things must all be done within the limits of the law. So, you need to have a portion of legal vocabulary. And knowledge of the applicable laws that the organization must comply with.

Finally, you don’t just have to know that you’re working with and for people, you must be human for them. In leading and coaching the team, in serving internal and external customers.


The normal human being is not naturally all-round in all these skills. But you can learn a lot by paying attention to it. That’s why, when you build a risk management team around you, it’s an advantage to recruit profiles that complement each other in these areas. However, that is not enough. The team members need to learn from each other by working on things together. Becoming more all-round by helping each other. And by standing in for each other sometimes.

By developing these skills in the team, the risk management team can proactively manage the risks of its organization. As a result, the probabilities and impacts will decrease significantly. This will also make it possible to exploit opportunities. All this by making and executing better decisions. And that’s ultimately the goal of developing these skills.

Manu Steens

Manu works at the Flemish Government in risk management and Business Continuity Management. On this website, he shares his own opinions regarding these and related fields.

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts