“When this job in CHI came up, it sounded really interesting, and after interviewing I was certain that it was going to be a great fit, it even gave me the “warm and fuzzies”. When I started here, there was quite a culture shock as I went from a large multicultural corporate environment that was high-octane and aggressive, to an organisation that really values and appreciates their staff. You are not taken for granted, you’re not just a number.” —Interview with Liana Unger, Risk and Compliance Officer

I am the Risk and Compliance Officer for CHI. I’m basically a one-man show but have the support of everyone around me, which makes it seem that I am part of one large team. Before I started in CHI 3 years ago, there was no risk and compliance department and no one to manage the process. However, CHI recognised that there was a lack of risk awareness and focus and subsequently that needed to be addressed urgently and subsequently found me.  

Prior to joining CHI, I had background in several large corporations like IBM, Oracle, Eir, Pfizer, and Bank of Ireland etc. mostly in a compliance/ risk-based role. I also hold a BA (Hons) degree in Accounting and Finance as well as a MSc in Compliance. I’m also a Fellow of the Compliance Institute and involved in a lot of networking groups from Risk and Compliance to Data Privacy, to keep both my academic credentials up to date as well as upskilling where possible. I am also invited on occasion to lecture in UCD to support Masters’ student that are preparing for their thesis.

The last role I had before joining CHI was in Perrigo Pharma, where I had to travel a lot, which was a great experience but also part of the reason I left as it left little time for me to visit my family in Germany. Unfortunately, my dad fell ill and later passed away. As I was travelling extensively I was unable to see him for almost a year prior to this passing, which made me revaluate my career path and choices. While the money, exposure, and knowledge where excellent, I needed to take a step back and when I was offered redundancy, I chose to take it. When this job in CHI came up, it sounded interesting, and after interviewing I was certain that it was going to be a great fit, even giving me the “warm and fuzzies”. When I started here, there was quite a culture shock as I went from a large multicultural corporate environment that was high-octane and aggressive, to an organisation that really values and appreciates their staff. You are not taken for granted, you’re not just a number. Everyone here is so lovely, such a pleasure to work with and everyone has their own life outside CHI. People are genuinely interested in doing the right thing and care for each other.

My day-to-day manager is the Head of Finance, but I also report to the CEO, which is great as I get to learn a lot from both. As a matter of fact, all senior management are very supportive of my work and rely on my subject matter expertise, which makes me feel very valued in my role. I often get the opportunity to work with departments and on projects outside of the scope of my work, which makes my role unique and interesting. A lot of my time is spent on researching best practices, regulatory requirements, thinking, writing, and putting us on a strategic path of excellence.

I report to various stakeholders such as the Executive Management Team, the Audit, Assurance & Finance Committee, as well as the Board, who all have risk as a standing item on their agendas. Over the last few years, the culture of risk awareness has increased substantially through training and communication, which is testament to the ongoing commitment of the leadership team to embed this “risk awareness” culture.

As part of my role, I manage the whole Risk Register which essentially is a live log of every organisational risk we have. Risk owners are assigned, who tend to be senior managers, who review their risks on a monthly basis. This also involves ensuring that we have strategies in place to mitigate the effect a risk could have on our organisation. We currently have 37 risks on our Risk Register, which is in line with best practices. Those risks can also be influenced by incidents and/or complaints that are reported to me on an ongoing basis and which can show if there are trends that management may need to consider, e.g., how many accidents were reported and is it for the same estate? If so, then CHI will look at addressing the issue for that estate.

Anyone can and should raise a risk when / if they become aware of one which could impact CHI. Once a risk is raised, it typically lands on my desk, where a risk assessment is carried out by the relevant department with my support. As a result, policies, training, and mitigating strategies are developed including an action plan to address the potential impact of the risk on CHI. However, we need to remember that risk is never zero and that it’s just part of doing business.

Ultimately, managing risk is about training and education, making sure we’re not just ticking the box and that we are all “risk aware” as part of our day-to-day activities. It is my job to be the link between departments and to make judgement calls on risks, processes, and procedures, but never people!

A few years ago, a risk health check was performed by our Internal Auditors, who were very happy with the overall Risk Register, which was also echoed by the Regulator who performed their own review shortly after our internal assessment. High praise indeed!

Additionally, I maintain a repository of our corporate policies and make sure they are reviewed on a regular basis, that the language and format are standard and that those policies do not overburden the staff they apply to. I tend to take a holistic and pragmatic approach to ensure that, while our policies have a certain standard, they can still be practically applied.

Overall, I am here to help so why not reach out if you have a question or need my “red pen” to review any type of documentation.

‍