If an enterprise risk management (ERM) analyst, as the title suggests, manages risk for an enterprise, then the last few years will have been highly charged. But for an ERM analyst in the airline industry, this would likely amount to a huge understatement.
‘Since the start of the pandemic, which is almost two years now, aircraft have struggled to take off, but companies like AirAsia are still flying, albeit at a lower altitude, metaphorically, and largely because management shifted gears quickly and put ERM plans into action when the crisis struck,’ says Nandini Devarajan FCCA, a risk management analyst at AirAsia.
As with so many organisations around the world, AirAsia’s first plan was to downsize, yet its most effective strategy was to quickly diversify and activate its digital and logistics businesses, leveraging its biggest asset – data – and jumping on the e-commerce bandwagon. The airline transformed itself from a budget carrier to a digital lifestyle company.
A challenge for ERM analysts is that risk is often viewed negatively, as a threat, which makes reporting and discussing it complicated
‘AirAsia did not make a windfall, but it definitely made a mark and managed to stay afloat. Good ERM policy and practice has been one of the differentiating factors for the companies that survived and also thrived during the pandemic,’ says Nandini.
An ERM analyst’s day-to-day duties involve identifying current and potential risks, determining the causes and consequences, measuring impact and likelihood, and developing controls and strategies to mitigate risk, often cross-departmentally, with visibility up to C-suite and board level.
The ultimate responsibility for an ERM department is to ensure the enterprise is well prepared by implementing a framework to achieve successful risk identification and management, find opportunity in every situation and keep senior management informed.
A key challenge for ERM analysts is that risk is very often viewed negatively, as a threat, which makes reporting and discussing it complicated. ‘So to be effective there are two fundamental aspects,’ says Nandini. Firstly, is to see risk management as an opportunity generator and, secondly, the ERM culture has to be top-down.’
There are several core skills and areas of knowledge that make a good ERM analyst, many of which are inherent to accounting and finance professionals, such as accuracy, timeliness, attention to detail, curiosity and analysis.
‘Finance cuts across all areas of business and any risk has a financial implication. Therefore, having a finance background helps me to understand and analyse risk better. I’m able to quantify the impact and also determine the cost implication of every action taken to mitigate risk,’ says Nandini.
Other key ERM skills common to many accountants include strong communication and presentation skills, IT, data and technology, being able to inform and persuade, and working closely with senior management and across functions to plan and carry out strategic objectives.
More specialised skills and training come in the form of understanding risk assessment processes, model development and Risk Management Information Systems/Risk Management Operating Systems (RMIS/RMOS).
The ultimate responsibility for an ERM department is to ensure the enterprise is well prepared
Lastly, an ERM analyst must learn about their industry inside out to better understand where risk can come from, when and in what shape. For example, the airline industry is very technological, people and capital dependent, and also highly regulated.
Getting in and getting on
Getting into ERM requires passion and an interest in the field. Nandini caught the bug while doing her ACCA Governance, Risk and Ethics paper. ‘Studying for ACCA helped tremendously by providing insight and a broad perspective on risk and risk management, as the qualification not only focuses on accounting and finance, but also IT, law, governance, and so on.’
Many people coming from a finance background make a first step into ERM as a financial risk analyst. This will enhance your technical knowledge, but also develop skills such as problem-solving, analysing, questioning, strategic thinking and communication.
There are also specific risk management qualifications such as the International Certificate in Enterprise Risk Management, COSO Enterprise Risk Management Certificate, or Chartered Enterprise Risk Analyst, among others, that can support niche risk specialisms.
After a few years both lateral and vertical opportunities will open up. ‘I could choose to specialise in a particular field like financial risk, strategic risk or operational risk, or grow vertically to be chief risk officer or even CEO,’ adds Nandini.