Gene Boyd, GradIRM: Manager Corporate Internal Audit, LEO Pharma
How did you get your job?
In 2012, LEO decided to establish an internal audit department. At the time, I was working as an independent consultant and, as one of my assignments, I actually supported the establishment of the department. I was then offered a manager role in the new department which was sufficiently attractive for me to accept! Being involved at the start of any activity has always been very interesting and an opportunity to impact on its subsequent development.
My background prior to joining LEO is that I am a Chartered Accountant and, up until 2006, I have held various positions in Finance and General Management roles in both sales & marketing and manufacturing pharmaceutical companies. From 2006 to 2012 I worked as an independent management consultant.
In 2012, LEO was starting from a relatively low base in terms of a formal risk management structure. I recognised that a good knowledge of risk management was required so that I could contribute to a better understanding of risk management in LEO. This also presented an opportunity for me to develop my knowledge and expertise in this area and be in a strong position to influence future developments which would also benefit the work of the internal audit department. This background was the basis of my introduction to the Institute of Risk Management and then to pursuing firstly the International Certificate qualification followed subsequently by the International Diploma. These qualifications gave me the necessary knowledge and tools to be able to interact positively regarding risk management with colleagues in LEO and, as I said, also helped in the establishment of the internal audit function in LEO.
What’s a typical day like as an Internal Audit Manager?
Working in an internal audit department, my typical day will mainly be concerned with planning, conducting or closing out audits of processes or entities within the LEO organisation. Risk management plays an important part in each of these activities.
- Planning – a large part of planning is about identifying where the risks are as the decisions regarding which audits to conduct should be made by adopting a risk-based approach. Being able to draw on my knowledge from the IRM courses helps me to contribute to this in a structured manner.
- Conducting – this involves being able to identify and analyse the risks associated with the process or entity being audited and assessing how well those risks are being managed.
- Closing out – this is largely around issuing an audit report which is clear about the status of the controls in place to manage the risks identified during the audit and issuing recommendations about how to best manage those risks. I also follow-up later to ensure that the recommendations have been implemented.
From the above, you can see that risk management is an important and intrinsic part of my work and, as mentioned earlier, the knowledge and expertise gained from the IRM course have been invaluable in this regard.
The IRM support has also very relevant where ‘consultancy-type’ assignments have been conducted by the internal audit department particularly with regard to risk management. I have been involved in a number of these and, again, what I gained from my IRM courses was both very relevant and helpful.
What do you enjoy most about your job?
I enjoy meeting and interacting with people from all over the world as LEO has a presence in more than 60 countries worldwide. While my role in the internal audit department is mainly operating in the Third Line of Defence role, there are regular interactions with colleagues on the challenges they face and I find that being able to make some contribution on how particular risks can be best managed is quite rewarding.
What are the challenges?
People are very busy with lots of things to be done to address their own challenges e.g. meeting sales targets, implementing change etc. and the principal challenge for me is finding the space to interact with them in a comprehensive way on the issues which have been raised during the audits.
In what way are your IRM qualifications relevant?
My IRM qualifications give me the opportunity to talk authoritatively to my colleagues about risk management and also to be confident regarding the application of established techniques. I find generally here is much vague understanding of what risk management involves and I find it positive to be able to speak from a position of knowledge regarding how best to implement a risk management process or address particular risk-related issues. In addition, the access to resources which are available through the IRM is hugely supportive in my role.
What would you say to others thinking about joining IRM as a member?
I think risk management is pervasive in all aspects of management and having a recognised qualification, coupled with knowledge and expertise will definitely be of benefit to one’s career. For persons engaged directly in a risk management role, it’s a no-brainer; for others it’s a considerable extra dimension to your profile which will also benefit how you approach your work.
How has your role developed and what are your career ambitions? Has being linked to the IRM helped?
Working in the internal audit department means that one will never be directly responsible for risk management but it still plays an important part in my daily work, as I have outlined above. Also, there is a greater understanding of risk management across management in general and its importance in overall corporate governance. In the past, formal risk management systems might have been seen as a ‘nice to have’ but are now seen as essential to good governance and to basic management i.e. if you don’t know the extent of the risk your organisation is facing, how can you effectively manage the organisation?
Being part of IRM and having access to its resources in the broadest sense has definitely been beneficial to me both personally and how I carry out my work.
- Join IRM, even just for access to its resources
- Get a formal qualification – it’s what will allow you to speak knowledgeably and authoritatively about risk management and distinguish you from your peers who will not have the same expertise as you.
- With regard to studying, I found it useful to make short notes of the content of the books I was reading, sometimes only key points from executive summaries. I could bring these anywhere with me so that while just having a coffee or waiting at an airport, for example, I could reflect on these key points.
- For the examinations, I found that I had a lot to write to good time management is crucial.