Ideas | People | Trust
We're BDO. An accountancy and business advisory firm, providing the advice and solutions entrepreneurial organisations need to navigate today's changing world.
We work with the companies that are Britain's economic engine – ambitious, entrepreneurially-spirited and high-growth businesses that fuel the economy – and directly advise the owners and management teams leading them.
We'll broaden your horizons
The Quality and Risk Management Team (QRM) provides leadership, guidance, and tools to help partners and staff manage quality and risk matters. The team is comprised of an Advisory and Compliance Team, a Chief Information Security Office Team, an Economic Crime Team, a Legal Team including a Commercial & Contracts Team, an Ethics Team plus the Quality Monitoring Team. The team works closely with the firm's Technical Standards Group and the firm's leadership.
We'll help you succeed
Leading organisations trust us because of the quality of our advice. That quality grows from a thorough understanding of their business, and that understanding comes from working closely with them and building long-lasting relationships.
You'll be someone who is both comfortable working proactively and managing your own tasks, as well as confident collaborating with others and communicating regularly with senior managers, directors, and BDO's partners to help businesses effectively. You'll be encouraged to identify and draw attention to opportunities for enhancing our delivery and providing additional services to organisations we work with.
Overview
BDO is seeking an experienced Risk & Controls Director to lead the review of our existing approach to Enterprise Risk Management (ERM) and refinement of our Internal Controls Framework (ICF). This critical, internal-facing role is key to managing and overseeing the Firm's risk management systems and cultivating a pervasive culture of risk awareness throughout the organisation. The selected candidate will play a key role in shaping and integrating risk management policies into the core strategic decision-making processes and day-to-day operations of the Firm. Starting with one direct report, this position is designed to grow in scope and influence alongside the Firm's expansion, offering substantial opportunities for professional development and strategic influence. The role promises significant engagement with BDO's Leadership Team, Management, and Partnership Council (oversight board), providing a platform to drive change and influence at the highest levels.
Responsibilities
Risk Management Responsibilities:
- ERM Framework: Oversee, administer, and facilitate the ERM framework to align with the Firm's strategies and priorities, ensuring risk awareness and understanding at all levels. Ensure the integration of ERM into all the Firm's processes and decision making from both a strategic and operational perspective.
- Risk Universe: Continuously update and refine the risk universe, maintaining comprehensive and appropriate risk topographies and classifications in accordance with recognised frameworks like COSO.
- Risk Management Policies: Regularly review and update risk management policies to adapt to changing regulatory environments and business needs.
- Risk Assessment and Response: Collaborate with risk owners across the Firm to assess risks by evaluating impact, likelihood, velocity, and volatility. Work together to determine the most appropriate risk responses – avoid, reduce, transfer, or accept, ensuring that each response aligns with the firm's overall strategy and risk appetite / tolerance.
- Risk Appetite and Tolerance: Regularly review and adjust the Firm's risk appetite and tolerance levels to ensure they are appropriate and adhered to, reflecting the Firm's strategic aims and regulatory landscape.
- Key Risk Indicators: Develop key risk indicators to effectively monitor and communicate potential risks, enabling proactive management and strategic decision-making.
- Risk Management System (RHIZA): System administer Rhiza which is used to facilitate the ERM processes and provide the data for risk reporting.
- Committees Administration: Manage and coordinate all aspects of the Executive Risk Committee and the Partnership Council's Risk Subcommittee, including preparation of agendas, reporting packs, and minutes.
- Sustainability and CSR: Integrate sustainability risks into the ERM framework, aligning with CSR goals and addressing ESG factors.
- Third Party Risk: Develop and oversee a comprehensive third-party risk management program to identify, assess, and mitigate risks associated with external partners, including vendors, service providers, and strategic partners.
- Risk Culture: Assess and actively report on the Firm's risk culture, driving initiatives to embed a proactive risk management culture across the organisation.
Internal Controls Responsibilities:
- Internal Controls Framework: Develop and maintain a comprehensive internal control framework that identifies and interlinks all control activities across the Firm. This unified framework ensures coherence and interconnectivity among various control processes, facilitating seamless oversight and enhancing the effectiveness of risk management practices.
- Determine the Firm's Key Controls: Identify and establish key controls crucial for ensuring the Firm's operational integrity and compliance, safeguarding against potential risks.
- Controls Testing: Design and execute regular testing of internal controls to evaluate both their design and operational effectiveness, identifying areas for enhancement.
- Controls Self-Assessment: Implement and manage a robust internal controls self-assessment program that enables regular evaluation of internal controls across the Firm. This ensures their effectiveness and compliance with relevant standards and regulations.Management Representation Letters: Implement and manage a process for management representation letters, allowing senior leaders to formally affirm the effectiveness and compliance of internal controls. This enhances accountability and ensures transparency in the control