Magdalena Woloch IRMCert: Vice President, Enterprise Risk Management, RenaissanceRE, USA

How did you get your job? 

I started my career as a Chartered Accountant in an audit firm in Toronto and over time found myself naturally drawn in the direction of internal controls and risk. I obtained a Certified Internal Audit designation which then led me to the risk side of things and to the IRM. I have always found risk and controls very interesting especially when thinking through the risks faced by organizations in relation to their strategic objectives and understanding whether the governance, structure and controls are appropriate. I now focus on operational risk in financial institutions which focuses on risks and controls related to people, process, and IT. 

What’s a typical day like as a Vice President, Enterprise Risk Management? 

A typical day involves ensuring that the organization as a whole is appropriately identifying, evaluating, and monitoring their operational risks. This involves helping management think through their risks and controls which can be very interactive. A large component of my work involves ensuring that risks are documented in a structured way and ensuring that controls are appropriately designed to address the risks. Reporting to various governance committees (including Audit and Risk Management) is also critical. 

What do you enjoy most about your job? 

I enjoy walking through processes and identifying risks, especially new innovative processes that contribute to the achievement of key strategic objectives. The recent emergence of FinTech and importance of technology in financial institutions can involve and affect many areas and people in an Organization. Helping the business identify risks and gaps in processes that were previously unknown is very rewarding. 

What are the challenges? 

Convincing the business that investing in operational risk processes is critical and adds value can be tricky. Investment in operational risk is sometimes viewed as a tick the box and matrix exercise. However, formal processes around risk and controls should be a living and breathing mechanism and should be embedded in a company. 

In what way are your IRM qualifications relevant?

My IRM qualification is relevant because as part of my day to day I am required to think through risks and help others identify risks. I am required to be the risk expert and provide guidance to the business. The IRM qualification has helped me to formalize and improve my understanding of risk and has provided me with tools to do this effectively. 

What would you say to others thinking about joining IRM as a member? 

The IRM can be very helpful by connecting likeminded people that face the same day to day challenges. The magazine and courses are very insightful and very relevant to the work we do. 

How has your role developed and what are your career ambitions? Has being linked to the IRM helped? 

My role has developed into being able to see the bigger picture when it comes to risks and controls in financial institutions. Tying risk to strategy, capital, and day to day operations is exciting, especially when boards and executives understand and buy in to operational risk management. The IRM has helped by deepening my understanding and has boosted my confidence when it comes to talking about risk especially to Executives.

Top tips 

To become an expert for an organization in operational risk, I would recommend getting to know an organization, its strategy and processes very well, this will give you the power to think through the risks. Create an environment where you are working with the business and bringing on allies. There will be people in the organization that will see the value and will want your help to fix and improve processes, work closely with these people as they will become advocates of the value of operational risk.