Risk management certification: let’s discuss

Tim Leech’s IIA blog discusses some of the many risk management designations and certification available and whether or not one of these may be the cost of entry in the future. I would like to know if anyone out there is interested in replying to this post with thoughts, pros, cons, benefits, etc., for the many designations out there.

For example years ago, I entertained the FRM certification from GARP but found the study material a bit too quantitative for the risk management I was interested in. (If memory serves me right, I think there was a calculus test!) I’ve look at the RIMS CRM certification and find their website is too poorly written to understand what is explicitly required: they sort of send you off to a list of Canadian universities to take some courses then come back and apply. There is a new certification at GRCSI.org which talks about a body of knowledge and is vague on their exam.

So, I’d like to open this up to the masses. Do you have one of these or others? Are you thinking of getting one of these? What’s been your experience?

And have a read of Tim Leech’s post as well (see link above).


5 thoughts on “Risk management certification: let’s discuss

  1. Are we certain that risk management is truly a new discipline of management science, or is it a derivative of past methods. I ask, because I’m not clear how my own approach and practice of risk analysis and management differs from the methods I used in the past. Identifying and responding to risk is not new for management, and whether or not it was called “risk management” or something else is not really what’s important. From where I sit, I would recommend that risk practitioners acquire as many skills as possible in management science as early in the career as possible, including quantitative methods, accounting, finance, strategy, and leadership. However, be prepared for new approaches to the same old questions to emerge over a career in enterprise. If I were just starting out, yes, I’d probably go after one of the new certifications in risk management and analysis. But, I would also not delude myself into thinking that risk analysis is a completely new discovery of mangement science. Rather, the current incarnations of what we know as “risk mangement” are derived from the rich literature and knowledge of statistics, actuarial scicence, modeling, system analysis, and so forth, that preceeded us in years past. You can check out my own background at http://www.mckibbinusa.com. But, I admit that I’m not sure how I arrived at my current credentials except by chance. Moreover, the state of management science when I started my career during the late 1970s has certainly evolved since. Yet, there remains a certain similarity to what I then with now. I can say that studying statistics, mathematics, and economics early during my career were formative. If I had to do it all over again, i must confess I would have started with these same fields of study, regardless of present circumstances. Certification is probably a good idea, but do not stop with certifications, and make certain you continue your educaiton in the various disciplines of management science throughout your career. If there is anything I am certain of, management science will continue to evolve, albeit grounded in the lessons learned from the past. Good luck with this discussion and to all in the business of risk analysis and management!

  2. Good question Trevor, thanks for promoting the discussion.

    I think the point above is well made and I agree.

    I would offer a couple of other thoughts on this certification debate – which is rife in a number of new and emerging sub-professions of management.

    The first is highlighted by a comment in Tim’s original blog post. The RFT required ISO31000 as the source of truth, whereas his organisation (being US-based) endorsed COSO.

    It is my view that this sectarian conflict drives a lot of the debate (about which source of truth to follow) and a subsequent lack of credibility in the certification process.

    This post from Nathaniel Forbes’ blog offers another take on the proliferation of certifications in the BC field. http://www.calamityprevention.com/blog/?p=90

    My second point has to do with the way in which many of these certifications are actually administered. Once there is huge demand for a particular certification examination, it tends to move towards computer delivery and assessment. Ultimately that means multiple choice answers. Which in turn becomes not much more than a test of rote learning of the standard in question.

    If I am to be certified on ISO31000 – should it be on “Risk Management” or “the management of risk”? The standard says they are different things. I suspect certification in the later would be difficult and may only be possible with on the job assessment.

  3. Ken, thank you for sharing your thoughts and the link.

    I was certified as ABCP after getting trained (while at PwC) and writing the exam. I downplay that certification entirely since I’ve never actually performed meaningful BCP work – yet I was certified. Ironically, I have over a decade of risk management experience and no certification.

    Sadly, like the RFP Tim Leech mentioned, people engaging contractors are misinformed when they believe a certification is a panacea. That said, I’ve seen far too many recruiters and organizations demand that their risk management professionals have a Chartered Accountant (CA) designation – the Mother of All Certifications Which Doesn’t Guarantee the Holder Knows Anything About Risk Management. (I don’t have a CA either.)

    BTW, I noted on your blog you will be in Toronto in June. We look forward to having you here.

Leave a Reply

Your email address will not be published. Required fields are marked *