Risk in Focus: Aaron Ginzburg | CMIRM Senior Risk and Compliance Partner Deakin University, Melbourne
How did you get your job?
In retrospect, my career has always had a risk focus of sorts, and specifically working in risk has been an evolution over 20 years or so, beginning with quality assurance in an engineering capacity, and later moving into the area of health, safety and environmental risk management where my interest in enterprise risk and governance increased. I progressed to a more enterprise risk focus role after looking for risk based positions across a number of industry sectors, and currently working in the higher education sector.
What’s a typical day like as a Risk and Compliance Partner?
In my current role as Risk and Compliance Partner with Deakin University in Melbourne, Australia, a typical day includes planning risk discussions and advising on risk and compliance issues. A large focus in the role is engaging with stakeholders across the university, developing and refining risk profiles with various portfolio group and faculties. Planning and conducting detailed risk reviews has been initiated to provide various university functions with deeper insight to a particular risk management issue. This is an opportunity to add further value to my role and the overall risk function.
What do you enjoy most about your job?
In one word, variety. Working across the different university campuses and with a large cross section of people provides a unique lens through which to view operations and understand the complexities of the organisation. Identifying linkages between various processes and risks in different areas and generating dialogue around observations at both operational level and Audit and Risk Committee level is rewarding.
What are the challenges?
A common challenge within the risk discipline is demonstrating the value that risk management can provide. This is no different in my role. In a university context, the main challenge is to balance persistence with patience and understanding the workloads and nature of work carried out by your stakeholders and respecting that. Too much persistence can adversely affect engagement levels. Understanding what your stakeholders need most and keeping the risk process simple where possible will help maintain engagement levels without sacrificing quality of the risk management process. Building rapport and trust also takes time. Following through on promises will build credibility and shift the risk conversation from a “need” scenario to a “want” situation.
What would you say to others thinking about taking the digital certificate?
I would encourage anyone to undertake the Digital Risk Certificate. It’s highly relevant both in a professional capacity, but even on a personal level. We interface with digital technologies in all aspects of our lives and a greater understanding of the role of technology, risks and opportunities of engaging with technology is a major benefit of the course. The first part of the course helped me clarify in my own mind one key question (amongst many others). That is, the course exposed to me important background, explaining how and why the rate of technological progress has been so rapid – the concept of “gradually then suddenly”. The first part of the certificate set the scene for digital risk management very well.
Within the university context, there has been a huge focus on data and information security. Universities hold high volumes of extremely valuable personal information and research data. Collaboration with many industry and research partners in Australia and abroad is a core activity and presents operational and strategic risks. Foreign interference is very topical and has brought cybersecurity risk into sharp focus. This makes the digital certificate highly relevant and directly applicable to my current role and professional development.
What have you been able to put into practice in your job as a result of what you have learnt?
The Certificate contains information on various techniques I can use on a personal level to protect digital assets within the organisation (and at home). I have been able to share such techniques with work colleagues. I have greater appreciation for the importance of training and other measures implemented by the IT department across the university to protect digital assets and data.
The course has also provided me with a solid foundation where I feel more confident in having risk discussions with our Information and communications technology people. I can apply my learnings to various risk profiling activities, particularly in an environment that is increasingly reliant on digital technology to advance its marketing, global engagement, teaching and learning strategies and research agenda.
Based on what I have learnt, I have gained support to pursue a project that aims to enhance the data analytics capability of the risk function and looking into how various digital technologies can be leveraged to enhance the quality and breadth of risk information for decision making.
There is no doubt a risk qualification helped me with a career change from the resources sector to higher education, a vastly different but similarly complex sector. One of the benefits of the shift to enterprise risk was gaining more exposure to and informing the governance function of the organisation.
In terms of advice to others in a risk role, understanding what your stakeholders need and value most is key. Keeping the risk process simple where possible and relevant will also help maintain engagement levels. Detailed risk reviews/investigations provide deeper insights to a particular risk management issue and the scope for risk professionals to apply their technical and analytical skills. It’s important to find the risk issue(s) that present the biggest opportunity to add further value to operational risk management activities. Finally, being able to aggregate risk information and present a coherent picture to the audit and risk committee for decision making is integral to an effective risk function.