Risk and Controls Director

Ideas | People | Trust

We're BDO. An accountancy and business advisory firm, providing the advice and solutions entrepreneurial organisations need to navigate today's changing world.

We work with the companies that are Britain's economic engine – ambitious, entrepreneurially-spirited, and high‐growth businesses that fuel the economy – and directly advise the owners and management teams leading them.

We'll broaden your horizons

The Quality and Risk Management Team (QRM) provides leadership, guidance, and tools to help partners and staff manage quality and risk matters. The team is comprised of an Advisory and Compliance Team, a Chief Information Security Office Team, an Economic Crime Team, a Legal Team including a Commercial & Contracts Team, an Ethics Team plus the Quality Monitoring Team. The team works closely with the firm's Technical Standards Group and the firm's leadership.

We'll help you succeed

Leading organisations trust us because of the quality of our advice. That quality grows from a thorough understanding of their business, and that understanding comes from working closely with them and building long-lasting relationships.

You'll be someone who is both comfortable working proactively and managing your own tasks, as well as confident collaborating with others and communicating regularly with senior managers, directors, and BDO's partners to help businesses effectively. You'll be encouraged to identify and draw attention to opportunities for enhancing our delivery and providing additional services to organisations we work with.

Overview

BDO is seeking an experienced Risk & Controls Director to lead the review of our existing approach to Enterprise Risk Management (ERM) and refinement of our Internal Controls Framework (ICF). This critical, internal-facing role is key to managing and overseeing the Firm's risk management systems and cultivating a pervasive culture of risk awareness throughout the organisation. The selected candidate will play a key role in shaping and integrating risk management policies into the core strategic decision-making processes and day-to-day operations of the Firm. Starting with one direct report, this position is designed to grow in scope and influence alongside the Firm's expansion, offering substantial opportunities for professional development and strategic influence. The role promises significant engagement with BDO's Leadership Team, Management, and Partnership Council (oversight board), providing a platform to drive change and influence at the highest levels.

Responsibilities

Risk Management Responsibilities:

• ERM Framework: Oversee, administer, and facilitate the ERM framework to align with the Firm's strategies and priorities, ensuring risk awareness and understanding at all levels. Ensure the integration of ERM into all the Firm's processes and decision-making from both a strategic and operational perspective.
• Risk Universe: Continuously update and refine the risk universe, maintaining comprehensive and appropriate risk topographies and classifications in accordance with recognised frameworks like COSO.
• Risk Management Policies: Regularly review and update risk management policies to adapt to changing regulatory environments and business needs.
• Risk Assessment and Response: Collaborate with risk owners across the Firm to assess risks by evaluating impact, likelihood, velocity, and volatility. Work together to determine the most appropriate risk responses – avoid, reduce, transfer, or accept, ensuring that each response aligns with the firm's overall strategy and risk appetite/tolerance.
• Risk Appetite and Tolerance: Regularly review and adjust the Firm's risk appetite and tolerance levels to ensure they are appropriate and adhered to, reflecting the Firm's strategic aims and regulatory landscape.
• Key Risk Indicators: Develop key risk indicators to effectively monitor and communicate potential risks, enabling proactive management and strategic decision-making.
• Risk Management System (RHIZA): System administer Rhiza which is used to facilitate the ERM processes and provide the data for risk reporting.
• Committees Administration: Manage and coordinate all aspects of the Executive Risk Committee and the Partnership Council's Risk Subcommittee, including preparation of agendas, reporting packs, and minutes.
• Sustainability and CSR: Integrate sustainability risks into the ERM framework, aligning with CSR goals and addressing ESG factors.
• Third-Party Risk: Develop and oversee a comprehensive third-party risk management program to identify, assess, and mitigate risks associated with external partners, including vendors, service providers, and strategic partners.
• Risk Culture: Assess and actively report on the Firm's risk culture, driving initiatives to embed a proactive risk management culture across the organisation.

Internal Controls Responsibilities:

• Internal Controls Framework: Develop and maintain a comprehensive internal control framework that identifies and interlinks all control activities across the Firm. This unified framework ensures coherence and interconnectivity among various control processes, facilitating seamless oversight and enhancing the effectiveness of risk management practices.
• Determine the Firm's Key Controls: Identify and establish key controls crucial for ensuring the Firm's operational integrity and compliance, safeguarding against potential risks.
• Controls Testing: Design and execute regular testing of internal controls to evaluate both their design and operational effectiveness, identifying areas for enhancement.
• Controls Self-Assessment: Implement and manage a robust internal controls self-assessment program that enables regular evaluation of internal controls across the Firm. This ensures their effectiveness and compliance with relevant standards and regulations.
• Management Representation Letters: Implement and manage a process for management representation letters, allowing senior leaders to formally affirm the effectiveness and compliance of internal controls. This enhances accountability and ensures transparency in the control environment.
• Key Control Self-Certification: Establish a self-certification process for key controls, enabling responsible managers to attest to the efficacy and operational integrity of their specific control areas. This fosters individual accountability and provides detailed insights into the overall control environment.

Other Responsibilities:

• Reporting and Dashboards: Develop and maintain detailed reporting and dashboard tools that integrate data from the internal controls framework, key controls status, controls testing, self-assessments, and certification processes along with key risk indicators, risk score trends, and risk status relative to the Firm's appetite and tolerances. These tools will provide Management and the Partnership Council with ongoing, clear visualisations and reports to monitor the Firm's risk and control environments effectively.
• Crisis Management: Facilitate and administer the Firm's crisis management processes, ensuring readiness and effective response strategies are in place to handle unexpected events.
• Business Continuity and Disaster Recovery: Direct the development and maintenance of business continuity and disaster recovery frameworks and policies, ensuring the Firm's resilience in the face of disruptions.
• Transparency Report: Take responsibility for drafting comprehensive sections of the transparency report related to internal controls and risk management, promoting transparency and accountability.
• Stakeholder Engagement and Management: Build and maintain strong relationships with internal stakeholders to ensure widespread support for ERM and internal controls initiatives. Effectively co-ordinate and integrate activities across both the first and second lines of defence, ensuring alignment of management's risk and control activities. Enhance the Firm's overall risk position by collaborating closely with individuals such as the Head of Internal Audit, Chief Audit Risk Officer, External Auditors, and other key second line functions to secure comprehensive coverage and alignment. Additionally, engage with external regulatory bodies such as the Financial Reporting Council (FRC) and the Institute of Chartered Accountants in England and Wales (ICAEW) to ensure ongoing compliance and proactive handling of regulatory matters.
• Performance Metrics: Establish and monitor performance metrics for the function to evaluate its efficiency and effectiveness.
• Technology and Innovation: Promote the use of advanced technology and innovative practices to enhance the effectiveness and efficiency of the Firm's ERM and Internal Controls frameworks.
• Training and Development: Develop and lead training programs to enhance risks and controls awareness and compliance understanding at all levels.
• Regulatory Environment: Stay updated on new regulations and industry standards through regular attendance at seminars, workshops, and conferences.
• Intranet Site: Manage and update the Risk Management and Internal Controls intranet site dedicated to risk management and internal controls, providing accessible and current information to all employees.

Requirements:

• Proven experience of the above in a regulated environment.
• Overseeing an ERM and/or internal controls framework.
• A relevant qualification (ACA, ACCA, CIA, IRM).
• Demonstrated ability to work effectively with senior leaders and oversight board members.

You'll be able to be yourself; we'll recognise and value you for who you are and celebrate and reward your contributions to our business. We're committed to agile working, and we offer everyone the opportunity to work in ways that suit them, their teams, and the task at hand.

At BDO, we'll help you achieve your personal goals and career ambitions, and we have programmes, resources, and frameworks that provide clarity and structure around career development.

We're in it together

Mutual support and respect is one of BDO's core values and we're proud of our distinctive, people-centred culture. From informal success conversations to formal mentoring and coaching, we'll support you at every stage in your career, whatever your personal and professional needs. Our agile working framework helps us stay connected, bringing teams together where and when it counts so they can share ideas and help one another. At BDO, you'll always have access to the people and resources you need to do your best work.

We know that collaboration is the key to creating value and satisfying experiences at work, so we've invested in state-of-the-art collaboration spaces in our offices. BDO's people represent a wealth of knowledge and expertise, and we'll encourage you to build your network, work alongside others, and share your skills and experiences. With a range of multidisciplinary events and dedicated resources, you'll never stop learning at BDO.

We're looking forward to the future

At BDO, we help entrepreneurial businesses to succeed, fuelling the UK economy. Our success is powered by our people, which is why we're always finding new ways to invest in you. Across the UK thousands of unique minds continue to come together to help companies we work with to achieve their ambitions.

We've got a clear purpose, and we're confident in our future, because we're adapting and evolving to build on our strengths, ensuring we continue to find the right combination of global reach, integrity, and expertise. We shape the future together with openness and clarity, because we believe in empowering people to think creatively about how we can do things better.

For further information, and to apply, please visit our website via the "Apply" button below.