Risk in focus: Emma Duggan

The Institute of Risk Management (IRM) talks to Emma Duggan, Risk Manager, Experian on what working in risk is like and what advice they would share with people looking for a career in risk management.

How did you get your job?

My pathway to risk management has been an unconventional one. In 2013, I achieved a degree in Psychology, I then took a job in a high-street bank in order to save and travel the world. It turned out working in financial services was something I really enjoyed, so on returning from my travels I continued to work in multiple branches, taking on more risk roles – specifically in conduct and operational risk, as a Personal Banker and interim Branch Manager.

When the time came to take on my next challenge, I had developed a passion for risk and began to look for risk-specific roles. In January 2017 I took a role as Risk Co-ordinator for a credit reference agency, and during my first year I was given the opportunity to lead on minor projects which lead to the experience I needed to apply for, and secure, my current role as Risk Manager.

During this time I had been using IRM resources to gain further breadth and depth of knowledge for my role, and in 2018 I came across the IRM Digital Risk Management Certificate. Upon reading the course syllabus, my interest was piqued and I enrolled for the first set of exams. During my studies, I found the content was relevant in my day to day role.

What’s a typical day like as a Risk Manager?

> As a Risk Manager, my daily activities include;

> Reviewing new and existing products and processes to support in identification of risks

> Analysing and evaluating those risks based on likelihood and impact should they materialise

> Supporting in identification and creation of a strong control suite of documented risks

>Communicating and consulting with key stakeholders in the business on a regular basis to ensure Risk
Management remains comprehensive and dynamic

> Monitoring and reviewing risks and controls to ensure risk management is embedded within the organisation

What do you enjoy most about your job?

Risk management spans a vast area of the business which means my role remains varied, and no day is the same. I enjoy coming to work, knowing I will be faced with different challenges each day to ensure the level of risk management is constantly maturing and we are powering consumers with opportunities in the right way.

What are the challenges? 

An ever-growing challenge, is ensuring risk management and the skills within the business are able to keep up with the fast-paced innovation of our current technological climate. Technology is developing quicker than the regulatory framework around it, and digital ethics is a challenging area to navigate. This was one of the main drivers for me choosing to complete the IRM Digital Risk Management Certificate.

What would you say to others thinking about taking the Digital Certificate?

This is extremely relevant for anyone working in technological development, as risk is everyone’s responsibility. Even those who don’t work with technology may find this interesting as it gives intelligent insight into the way technology and innovation is impacting our society, and what professionals are doing to keep consumer information safe. As a qualification, I have found this extremely relevant to my role and would urge risk professionals to consider it.

What have you been able to put into practice in your job as a result of what you have learnt?

I have been able to write and present on the ethical considerations within Digital Risk Management, which as previously mentioned can be difficult to handle in progressing competitive growth, without consumer detriment / unease. I have also been able to take more of a leading role in ensuring cybersecurity risks are effectively controlled and information security issues are remediated at the root cause.

Top tips:

> Communication is key – in respect of both providing education around Risk Management to ensure all stakeholders are bought in to the concept, and also to ensure those stakeholders are continually involved in identification, analysis and evaluation of those risks

> Be approachable – Risk management requires building trust within a business in order to identify all risks as well as the issues that have materialised, and work with stakeholders in the right way to mitigate and remediate these

> Industry knowledge – build your Risk knowledge so you can bring innovative ideas to a risk management role and ensure the Risk Management Framework is maturing with the work you do