24 April 2016

Is Risk Management a Profession?

Is Risk Management a Profession?

So once again I have been invited to attend the ISO 31000 training programme. And at the end the 3 days I will, of course, pass my certification exam, and will be able to call myself a C31000 Professional. Wow am I excited, or not.

When I look at a range of "professions" I see a few things in common; years of experience and study, a professional body or association  (or bodies) that determine a set of standards for professionals, certification, and a set of disciplines. I also see regulatory bodies (even if self-regulating within the profession) that protect the name of the profession, and strike off those that fail to uphold the standards of the profession. I also see the profession seeking to protect itself from charlatans who do damage to the profession, and by pointing out clearly the standards required by the profession, to protect companies that employ such professionals.

So how does "The Google" define a Professional Association?

Somewhat limited I think, but for our purposes we can use this. What seems to be missing is protecting the integrity of the profession and professionals, but that might be included in furthering "the interests of individuals engaged in that profession" through protecting the name of the profession from charlatans.

Would the ACCA, ICAEW, IMA, AICPA, or the CICA stand by quietly as an organization or individual offered to create certified accountants in less than a week? The Medical Council would not allow someone to practice medicine without proper training and certification. Yet that is exactly what the Risk Management professional bodies do when someone offers three-day courses with a "professional" certification at the end. Where are the IRM, RIMS, GARP, PREMIA in protecting the reputation of the Risk Management profession and professionals?

So is Risk Management a profession? I'm sure that others have their definitions and expectation of what makes a profession and an professional. For me, as someone engaged in the profession, I like the definition from Google:

Considering this definition, I consider myself to be a Risk Management Professional. I have been advising companies on Risk Management, developed and ERM application from the concept to implementation, and I am a Risk Manager in a business. I am a member of a professional body, and have contributed to thought leadership published by that body, ranging from Risk Appetite and Tolerance, to Cyber Threats, and Risk in the Extended Enterprise.

Which apparently means that I should be "certified". Or at least, someone thinks that this will make me a professional.

So let us look at this kind invitation from Alex Dali again, the one that will, in three days, make me a Certified ISO 31000 Risk Management Professional.

The message from Alex Dali says:

I am pleased to inform you about the next training and certification session in London next month in May for you to become a Certified ISO 31000 Risk Management Professional with the official label C31000 certification.

It then gives the details of the course in London, for a very reasonable £1900, which includes the fee for the exam and certification.

It goes on to say:

Given your profile, I am sure that you will benefit a great deal from being a “Certified ISO 31000 Risk Management Professional” with in depth knowledge on the international ISO 31000 risk management standard. This session is also dedicated to those interested to become Certified ISO 31000 Lead Trainer.

Nice to see that my LinkedIn profile indicates that I would benefit from being such a certified professional. Or not.

So where am I going with this?

I expect my professional body to protect "the interests of individuals engaged in that profession" through protecting the name of the profession from charlatans. And that includes calling out examples like this, where people can claim to be a Risk Manager simply by paying for a three-day course.

To be very clear, any programme that offers a professional certification after a three day course and an exam (I wonder what the failure rate is, after paying £1900) is a joke. To be completely honest, I would have a difficult time taking someone seriously if they actually put C31000 or any other notification that they have receive this certification on their profile. I would then question every other certification that they claim, and I would wonder if that MBA or any other degree was from a mail-order "Institute" or "Institution" or just a postbox.

We as a Profession should be calling out specific examples like this, where someone sells certifications. We should be making it clear that we, individually and as professionals, will not accept bogus credentials.

For my part let me be very clear:

If you send me a CV with the C31000 certification on it, or if you have the C31000 certification on your LinkedIn profile, I will NOT be engaging with you. You are not a Risk Management Professional. You are the second definition of a Profession above: "an open but often false claim".

Just so there is not mistaking what I've just said:

To the professional bodies I ask, why are the Risk Management professional bodies and association such as the IRM, GARP, PRIMIA, RIMS and others not calling out the charlatans. Why are the professional bodies not protecting the interests of their members?

If my professional body will not openly state that this type of certification is a sham, then I need to do so, if for no other reason than to state categorically that I want my Profession to stand for something. When I say that I am a Risk Manager, I want it to be clear that this means I have years of experience, that I can back that up with evidence. That I am a professional.


  1. I think the fact that you there are at least half a dozen professional associations in the field with overlapping subject and geographical mandates has to be part of the problem.

    Meanwhile, Mr. Dali's work has at least attracted some attention in various corners. https://www.oxebridge.com/emma/g31000-founder-alex-dali-wanted-on-arrest-warrant-in-singapore/

  2. Michael,

    Thank you for you comment. It is interesting to note that the link (dated 2014) claims that Alex has an outstanding warrant in Singapore, yet was promoting a G31000 course to be held in Singapore in late 2014.

    While I think the G31000 Certification is a sham, I have no views on the allegations that Oxebridge make against him (though the LinkedIn bogus profile is very funny).