Return to Search

Join our mailing list

Sign up to our free mailing list to stay updated on the latest from the IRM.

Subscribe Now

Byron Tidswell, IRMCert: General Manager Risk, Assurance and Audit at V/Line

Byron Tidswell, IRMCert

General Manager Risk, Assurance and Audit


Melbourne, Australia


How did you get your job?

Halfway through my 2nd last year at school I set out to forge a career in IT with a particular interest in the path of a business analyst. I started off on the right foot by being lucky enough to secure a place in an information systems degree at university. In my second year I started on an IT risk management module and loved it – it was by far, the single unit that I seem to naturally understand and was quite motivated by the subject content.

After University, I joined one of Australia’s largest conglomerate retailers in an IT graduate program, primarily rotating through different departments in a junior business analyst capacity. There were several opportunities throughout that program that allowed me to either advocate or work in an IT risk management context which further underlined my passion for sound risk management and the value doing it well brings to the business. At the end of my first year I remember reaching out to the group’s Chief Risk Officer (CRO) to find out what happens at a whole of business level from a risk management perspective – the term Enterprise Risk Management (ERM) 13-14 years ago was emerging but not well understood. I received a response from the CRO a couple of days later acknowledging the limited documentation that was available for me to read but invited me for a coffee and chat. Weeks later we had that chat and I was offered a job in her department. It took me 6 months to get across and have been in enterprise risk and compliance for pretty much most of my 14 year career.

Following my time at the retailer, I’ve had a number of risk, compliance and assurance roles in various industries including energy/utilities, financial services, a technology-financial services start up, risk consulting and now in rail. For the last 8 or so years, I have spent most of my time either building or turning around risk management functions into advisory type functions and help executive teams and boards get the most out of risk management information to help drive their decision making.

What’s a typical day like as a General Manager Risk, Assurance and Audit?

My typical day has evolved as I have moved up the organisational hierarchy. As General Manager Risk, Assurance & Internal Audit at V/Line (Victoria’s regional rail and coach operator) my day is shared between coaching and developing my team to ensure they are equipped as best as possible to drive risk management and advise their stakeholders on decisions and issues that matter most to them and scanning our internal and external environment for the next issue that requires strategic risk advice. I also spend a fair amount of my time reflecting on how we’re doing and how we can be even better in supporting the business in driving performance and growth through really useful and engaging risk information and “experiences”. Of course, the day wouldn’t be complete without a couple of coffees with key peers of mine to understand what is happening in their part of the business so I can connect a few dots between their issues and opportunities and other peoples.

What do you enjoy most about your job?

The role is a combination of strategic advisory, communicating with impact and leading and developing a high performing team. I work across the whole business which means I’m lucky enough to see the business evolve and grow and understand the deep challenges that the industry and external environment presents – every day is genuinely different.

What are the challenges?

Two prominent ones come to mind. Firstly, staying relevant and engaging. Too often I see risk management professionals roll out the same approach and templates that they have always done since risk management became a profession. Unfortunately most organisations and industries have evolved and innovated in the way they engage with their customers, their employees and their communities. The risk management profession, in my opinion, also needs to keep evolving and reflecting on the way we support and engage our customers, so that we are not the last to know what the big issues that management are contemplating and last to make it to the decision making table, well after the decision has been made.

We’ve got to develop an intimate knowledge of the business, its cycles, external environment and key decisions that lie ahead and understand what our “customers” want from us in terms of support and how they want us to shape and articulate information. The second one keeping the team engaged and inspired even when their recommendations to management are not always endorsed or implemented. We work really hard to present information in a way that is engaging and articulates issues in a commercial, non-risk lingo context and sometimes our recommendations won’t always be implemented. That’s OK and sometimes entirely appropriate. My job as the leader of the function is to ensure we reflect, celebrate and learn and not get too caught up in the disappointment.

In what way are your IRM qualifications relevant?

I completed the International Certificate in Enterprise Risk Management as I was building my second risk management function, back in 2010-11.

I found the course provided really a really practical and useful framework to think about operational and enterprise risk from a “capability” perspective and not just as a process. It also gave me some additional tools for the toolbox which I continue to use today. A lot of what I learnt back then has been invaluable to me in continuing to build or turnaround under performing risk management functions, some 8-9 years later!

What would you say to others thinking about joining IRM as a member?

Think about what it is you want to get out of your membership and the degree to which you want to “invest” in that membership. Quite often we’ll secure membership to organisations or periodicals for the sake of being able to say we’re a member but not do too much with it. Think about if this is the right reason to join – what else do you want from it. This comes to my next point – investment – I don’t mean the financial commitment from paying the fees. What I mean by investment is, the time to access and use the resources that are available from the membership. For local members – attending various functions or development days to continue to round out your own toolkit. Those of us who maximise our membership take advantage of all of this available to us – the privilege of claiming we’re a member is the icing of the cake!

How has your role developed and what are your career ambitions? Has being linked to the IRM helped?

I am fulfilling many of my career ambitions at the moment – leading a high performing risk function that is providing opinion and recommendation to management and executives on issues which matter most to them in a style that is engaging and bringing them back for more. Ultimately my ambition is to secure a permanent seat at the executive table in a risk management and assurance capacity. IRM has provided some industry credibility to my skillset as I have moved from organisation to organisation.

Top tips:

To enjoy a challenging and long term career in risk management (and I would say the same from a compliance and assurance perspective also, having being in various roles in both of these fields also) my advice boils down to 3:

Build presence and stay relevant: Develop and sustain presence among your stakeholders that you’re trying to influence – learn their business backwards and their environment so that what you offer them is useful and connected and not isolated and theoretical. You cannot be an advisor to your business by sending out a handful of emails and workflow tasks!

Customer experience, not compliance with process: Learn and understand how the stakeholders you’re trying to influence like to receive and digest information to support them – do short and shape one-page infographic style documents work – do they like more words or diagrams – email or a document, presentation or a coffee catch up. Design your outputs to meet your stakeholder’s needs, not based on a risk management standard. Make it commercially focused and not risk textbook focused. Your stakeholders won’t give you extra credit for using a head of risk buzzwords they don’t understand, but they will come back and ask for more if you help them make sense of an important issue or help them make a better decision. Risk management has never been about meeting a standard or process – it’s about helping to make the business better through a different lens with possibly additional information.

Learn to self-reflect and keep improving: None of us get it right first time and all the time.

Learn to reflect how your meeting, workshop, preparation or presentation went and keep