About the framework

The framework defines the technical and business competencies as well as leadership behaviours needed to manage risk in today’s challenging climate.

It underpins IIRSM’s membership structure and can be used by individuals to identify their strengths and developmental areas and plan their CPD accordingly. In addition, all IIRSM’s training has been mapped to the IIRSM Risk Management and Leadership Competency Framework.  


IIRSM’s framework supports the belief that risk management should be part of everyone’s responsibilities and it is a transferable skill from any sector, geographical location, organisation and job role. 

The framework is a useful vehicle to: 

1. Help embed risk management as a core skill into all job roles and responsibilities. 

2. Provide a consistent approach across an organisation to managing its risks, in all their forms.  

3. Demonstrate how risk management enables innovation, performance and resilience.  

4. Enhance decision-making through raising capabilities to identify, communicate and act on risk.  

5. Support HR teams to embed risk management competence into existing and new job roles.  

6. Understand risk management professional development needs.  

7. Integrate risk management into existing organisational policies, procedures and cultures.  

8. Enhance career opportunities, as risk management is a required competence for many decision-making roles.   


The framework includes technical risk and business competences and leadership behaviours, as all three are required to be a competent person able to make sound, well-judged decisions to manage risks, in all its forms. 

The competencies and behaviours within the framework are presented in a generic way so they can be interpreted and applied to different areas of practice, specialism and geographical locations. It is important that the user understands and applies them within the context in which they work. 

The competencies and behaviours are set at three levels of attainment linked to career progression and IIRSM membership grades. 

OPERATIONAL - Knowledge and understanding, with some application. 

MANAGERIAL – Clear application and knowledge. 

STRATEGIC – Reasoned advice and depth of complexity. 

The required level of competence will depend on an individual’s role, seniority, responsibilities, experience and area of practice.