Feedback: Leaders, Learning Key to Managing Risk

In a recently published Viewpoints article ["Risk Manager Standards Sorely Lacking," Jan. 13], Keith W. Waitt is partially correct in stating that there is no recognized industry qualification to determine risk management competency, but he fails to place that comment in context.

Though a single credential with the public awareness, long history and formal licensing ramifications of a CPA designation, for instance, does not exist for risk managers, it would be misleading to imply that a hodgepodge of well-meaning nonprofit organizations have cobbled together minimum standards for risk management. On the contrary, successful, respected and rigorous industry-recognized credentials do exist. The Risk Management Association (my organization), Global Association of Risk Professionals and Professional Risk Managers' International Association all have such credentialing programs in place.

As an example, the RMA credential — Credit Risk Certification — is a well developed and recognized standard. The examination process is subjected to intensive psychometric practices, independent governance and continual improvement. Certification is granted to practitioners with at least five years of current experience who pass a rigorous examination that tests proficiency in seven critical lending skills. Continuing education credits are required to maintain the designation.

Though proficiency in credit risk can and should be determined with a standardized test, it would be difficult, if not impossible, to create an enterprisewide standard. Risk is very complex. Every organization's business model is different, necessitating unique approaches to risk management.

Further, a single industry standard for risk management competency would not have prevented the financial crisis. After all, the CPA is a well-respected accounting industry credential, yet it did not prevent the indiscretions that occurred at Enron, or at Arthur Andersen, the public accounting firm that folded as a result of its Enron entanglement.

Some say the financial crisis was a failure in risk management; in many respects, the crisis validated the need for continued and improved risk management efforts. Emphasis has been renewed on risk management education at many institutions. Companies are also allocating resources more generously to enhance individual and organizational performance. RMA has seen a resurgence of bank-sponsored training opportunities in North America and globally. In particular, considerable interest exists not only in demonstrating mastery of one risk discipline but also in giving risk managers an enterprisewide risk awareness.

The education of risk managers is undergoing significant change. As techniques, tools, products and information evolve, so, too, do the reliability and precision of risk management decisions.

Recent studies by RMA have pointed to a rising industry concern regarding people or talent risk. The ability to attract and retain qualified people with the required skills is crucial to a well-functioning risk management program. Though an industry-recognized credential may be helpful in determining a specific competency, it certainly does not inoculate the practitioner from making poor decisions, particularly at the top of the business cycle.

So what does ensure sound risk management standards?

Experienced leadership that understands the business cycle and consistently invests in risk management training and systems. Leaders create a culture of risk awareness where everyone takes responsibility for risk. Some institutions prepare risk management leaders by enrolling them in the RMA/Wharton Advanced Risk Management Program, an executive education program run by RMA and the University of Pennsylvania's Wharton School. The program presents an integrated view of risk.

Continuing education ensures that the practice of risk management in an institution evolves along with the ever-changing risks in the marketplace. Risk management education is lifelong.

Industry collaboration through professional associations like RMA promote learning through peer discussions, such as roundtables, with colleagues throughout the industry.

Sure, mistakes were made in this cycle — big ones. And mistakes will be made again. Creating a fool-proof system to snuff out risk is not like developing a vaccine to wipe out a disease. Though no universal standard can be devised for risk management, we believe that leadership and learning are the twin requirements for risk management success in institutions of every size. Opportunities abound for risk managers to hone their skills.