Westpac New Zealand’s senior manager, conduct risk and risk culture, Roberta Prentice tells us what working in risk is really like and how the IRM certification has assisted her career. 

How did you get your job?

I originally started my career in management consultancy, as a process and performance improvement specialist. Risk management was one of many factors considered when we built systems and process flows, ensuring that controls were embedded as part of the design. I then spent 10 years in London working primarily on HR change projects and transformations. I later picked up formal risk management responsibilities which gave me exposure to SOx, and to first line control owner responsibilities. Being in this role during the global financial crisis certainly brought home the importance of effective risk management, and the impact of the organisations culture on risk taking.

When I was considering a career change a few years ago I decided to explore risk management as a career as a lot of my core skills were very relevant. I applied for a risk governance role and then became responsible for conduct risk and risk culture. This bought me full circle as my Masters thesis explored ethical decision making in the workplace, which has a lot of overlap with my current work. 

What’s a typical day like as a Senior Manager Conduct and Culture?

I start my day with a review of my newsfeeds, which might include regulator news, media coverage of the latest banking scandal, or thought leadership from professional associations such as the IRM. A key part of my role in second line is to be a catalyst for discussion of conduct risk themes – sharing a relevant news story is a great way to generate a conversation on an issue we might be facing.

Most days I have meetings with stakeholders to talk about conduct risk and risk culture initiatives occurring across the business. I act as a sounding board, providing guidance on the conduct implications of other teams’ initiatives. I also work closely with our first line conduct specialists.

I am responsible for preparing dashboards and risk governance papers on my areas. I provide insights on where conduct risk has materialised or may be likely to using information from sources such as stakeholder meetings, the external news, and our own control environment data.

In addition to my conduct and culture responsibilities I also oversee the team that own the GRC (risk management information) system, and its key reporting. I work with them to develop and deliver insightful dashboards and reports for users across the business. This includes data quality reports, operational risk dashboards, compliance reports, and risk class dashboards. We also train and support our system users. The delivery of timely and accurate reports is key to driving the appropriate risk management behaviours and culture.

What do you enjoy most about your job?

The breadth of the role continues to inspire me. I get to talk to people from across the organisation, and am involved in a wide range of initiatives. I have been able to really get to know our business, understand the interconnections between its parts, and what this means for risk management. I enjoy connecting people who have common interests, and this helps our initiatives move faster. I also really enjoy developing training and communications activities to change our employees’ mind-set towards conduct risk and risk management more generally.

What are the challenges?

I need to talk to people from across the business, and am involved in a wide range of initiatives! It’s a curse as well as a blessing and I often wish I could clone myself. It’s a nice challenge to have though as it reflects how engaged our stakeholders are in this area of risk.

In what way are your IRM qualifications relevant? 

The IRM Certificate in ERM provided me with the essential toolkit I needed to consolidate my career change to risk management, and provides evidence of my competence. It provided a broader range of theoretical knowledge than what I might have gained ‘learned by doing’ as a specialist in a single risk class. My qualification has trained me me to take a broader ERM perspective, and I often draw on an operational risk skill set in analysing the likelihood of conduct risk materialising. It also gives me confidence to participate in broader ERM discussions in my 2LoD risk advisory team.

What would you say to others thinking about joining IRM as a member?

It is absolutely worthwhile joining. The qualification was valuable to build knowledge, and the extensive resources provided to members enable me to keep refreshing that knowledge.

How has your role developed and what are your career ambitions? Has being linked to the IRM helped?

My role has changed considerably over the last few years, as these relatively new areas of conduct risk and risk culture are still evolving themselves. As the thinking advances and expectations increase it requires a constant evolution of our approach, and an evolution of my role.

How do I get into work on Conduct Risk and Risk Culture? What advice can you give to others?

  • If you are an operational risk manager then you already have a great toolkit to manage conduct risk, as often is operational risk failures that impact customers and could be seen as conduct risk materialising. You can build on your skillset by reading widely on this topic.
  • If you are passionate about customer outcomes, then that mind-set is a great start for work as a conduct risk specialist. An IRM qualification would give you the tools to express your knowledge in risk management language, and to help your business manage its conduct risk.
  • Risk culture is great for someone with a background in communications, training, HR, or psychology. You can play a key role in building a risk aware culture, providing employees with the knowledge, courage, and tools to manage risk effectively. It’s about making risk engaging and approachable to everyone in the organisation. We need people with soft skills to help breakdown the ‘risk as policemen’ stereotype.