I noticed that there is a good number of advertisements especially from the Middle East, mentioned that the required qualifications for risk managers are MSc. or Bachelor degree in accounting, finance, management (MBA) or engineering
also they prefer those who have CPA, CFA, CIA degrees, moreover some of these organizations looking for those who have internal auditing experience.
For those organizations I said please note that these qualifications are not what
risk management needs. Particularly, one of the recommendations of the KPMG surveys (2011) to improve Enterprise Risk Management (ERM) in the emerging markets was chief risk officer competences because this survey found that one third of respondents
reported that chief risk officers could not improve the quality of managing risk in organizations, and their role is still quite focused on operational and process levels.
Similarity, for those who need internal auditing experience, kindly note that
internal auditor may lack the required expertise in risk management and give wrong assessments because they do not have the deep understanding for risk management. This may expose the organization to weaknesses in the risk management process, which could result
in unforeseen hazards appearing.
However, from this point I would like to add that unqualified Chief Risk Officers' (CROs’) will increase organizations risks because those could not know exactly what risk management need, therefore the costs
and risk exposures will be increased in these organizations.
To conclude that, a qualified risk manager is a must for a successful risk management, so it is a call for the boards of these organizations to avoid their organizations from unqualified
For help in this issue, The Directors and Chief Risk OfficersGgroup and The Governance Fund have published a helpful guidlines for CRO compitencies "Qualified Risk Director Guidlines" this report is available from: