Enterprise Risk Manager

BDO has embarked on a programme of transformation of its Enterprise Risk Management (ERM) and Internal Controls Framework (ICF), to further enhance the way that risk is understood and managed in the organisation, allowing us to meet our strategic goals. We are seeking an experienced Risk & Controls Manager to continue to work closely with the Head of Enterprise Risk Management to evolve this programme further. This critical, internal-facing role is key to cultivating a pervasive culture of risk awareness throughout the organisation. This role offers opportunities for professional development, requiring significant engagement with BDO's Leadership Team and senior partners. The role reports into the Enterprise Risk Management Senior Manager.

Risk Management Responsibilities:

• ERM Framework: Support the administration and facilitation of the ERM framework to align with the Organisation’s strategies and priorities, ensuring risk awareness and understanding at all levels.
• Risk Universe: Assist in continuously updating and refining the risk universe, maintaining comprehensive and appropriate risk topographies and classifications in accordance with recognised frameworks like COSO.
• Risk Management Policies: Assist in regularly reviewing and updating risk management policies to adapt to changing regulatory environments and business needs.
• Risk Assessment and Response: Collaborate with risk owners across the Organisation to assess risks by evaluating impact, likelihood, velocity, and volatility. Work together to determine the most appropriate risk responses – avoid, reduce, transfer, or accept, ensuring that each response aligns with the Organisation’s overall strategy and risk appetite / tolerance.
• Risk Appetite and Tolerance: Assist in regularly reviewing and adjusting the Organisation’s risk appetite and tolerance levels to ensure they are appropriate and adhered to, reflecting the Organisation’s strategic aims and regulatory landscape.
• Key Risk Indicators: Assist in developing key risk indicators to effectively monitor and communicate potential risks, enabling proactive management and strategic decision-making.
• Risk Management System (RHIZA): Assist in system administration of Rhiza which is used to facilitate the ERM processes and provide the data for risk reporting.
• Committees Administration: Support the coordination of all aspects of the Quality Risk Executive, including preparation of agendas, reporting packs, and minutes.
• Sustainability and CSR: Assist in integrating sustainability risks into the ERM framework, aligning with CSR goals and addressing ESG factors.
• Third Party Risk: Support the development and oversight of a comprehensive third-party risk management program to identify, assess, and mitigate risks associated with external partners, including vendors, service providers, and strategic partners.
• Risk Culture: Assist in assessing and actively reporting on the Organisation’s risk culture, driving initiatives to embed a proactive risk management culture across the organisation.

Internal Controls Responsibilities:

• Internal Controls Framework: Support the refresh of the internal control framework that identifies and interlinks all control activities across the organisation.
• Determine the Organisation’s Key Controls: Assist in identifying and establishing key controls crucial for ensuring the organisation’s operational integrity and compliance, safeguarding against potential risks.
• Controls Testing: Assist in designing and executing regular testing of internal controls to evaluate both their design and operational effectiveness, identifying areas for enhancement.
• Controls Self-Assessment: Assist in implementing and managing a robust internal controls self-assessment program that enables regular evaluation of internal controls across the organisation.
• Management Representation Letters: Assist in implementing and managing a process for management representation letters, allowing senior leaders to formally affirm the effectiveness and compliance of internal controls.
• Key Control Self-Certification: Assist in establishing a self-certification process for key controls, enabling responsible managers to attest to the efficacy and operational integrity of their specific control areas.

Other Responsibilities:

• Reporting and Dashboards: Assist in developing and maintaining detailed reporting and dashboard tools that integrate data from the internal controls framework, key controls status, controls testing, self-assessments, and certification processes along with key risk indicators, risk score trends, and risk status relative to the Organisation’s appetite and tolerances.
• Crisis Management: Support the Organisation’s crisis management processes, ensuring readiness and effective response strategies are in place to handle unexpected events.
• Business Continuity and Disaster Recovery: Support the development and maintenance of business continuity and disaster recovery frameworks and policies, ensuring the Organisation’s resilience in the face of disruptions.
• Transparency Report: Assist in drafting comprehensive sections of the transparency report related to internal controls and risk management, promoting transparency and accountability.
• Stakeholder Engagement and Management: Build and maintain strong relationships with internal stakeholders to ensure widespread support for ERM and internal controls initiatives.
• Performance Metrics: Assist in establishing and monitoring performance metrics for the function to evaluate its efficiency and effectiveness.
• Technology and Innovation: Support the use of advanced technology and innovative practices to enhance the effectiveness and efficiency of the Organisation’s ERM and Internal Controls frameworks.
• Training and Development: Assist in developing and leading training programs to enhance risks and controls awareness and compliance understanding at all levels.
• Regulatory Environment: Stay updated on new regulations and industry standards through regular attendance at seminars, workshops, and conferences.
• Intranet Site: Assist in managing and updating the Risk Management and Internal Controls intranet site dedicated to risk management and internal controls, providing accessible and current information to all employees.

• Some experience as outlined above in a regulated environment.
• Experience supporting an ERM and / or internal controls framework.
• A relevant qualification (ACA, ACCA, CIA, IRM).
• Demonstrated ability to work effectively with senior leaders.

You’ll be able to be yourself; we’ll recognise and value you for who you are and celebrate and reward your contributions to our business. We’re committed to agile working, and we offer everyone the opportunity to work in ways that suit them, their teams, and the task at hand.

At BDO, we’ll help you achieve your personal goals and career ambitions, and we have programmes, resources, and frameworks that provide clarity and structure around career development.

Mutual support and respect is one of BDO’s core values and we’re proud of our distinctive, people-centred culture. From informal success conversations to formal mentoring and coaching, we’ll support you at every stage in your career, whatever your personal and professional needs. Our agile working framework helps us stay connected, bringing teams together where and when it counts so they can share ideas and help one another. At BDO, you’ll always have access to the people and resources you need to do your best work.

We know that collaboration is the key to creating value and satisfying experiences at work, so we’ve invested in state-of-the-art collaboration spaces in our offices. BDO’s people represent a wealth of knowledge and expertise, and we’ll encourage you to build your network, work alongside others, and share your skills and experiences. With a range of multidisciplinary events and dedicated resources, you’ll never stop learning at BDO.

At BDO, we help entrepreneurial businesses to succeed, fuelling the UK economy. Our success is powered by our people, which is why we’re always finding new ways to invest in you. Across the UK thousands of unique minds continue to come together to help companies we work with to achieve their ambitions.

We’ve got a clear purpose, and we’re confident in our future, because we’re adapting and evolving to build on our strengths, ensuring we continue to find the right combination of global reach, integrity and expertise. We shape the future together with openness and clarity, because we believe in empowering people to think creatively about how we can do things better.