'Reflections from RMIA Risk Award Winner, Sandra Hinchcliffe
As we look forward to the 2026 RMIA Risk Awards, we are pleased to share the reflections of Sandra Hinchcliffe, RMIA’s 2025 Risk Student of the Year.
Congratulations on being named RMIA’s Risk Student of the Year! What drew you further study in risk management?
Thank you so much — it’s truly an honour to be recognised as RMIA’s Risk Student of the Year. My decision to pursue further study in risk management came from being over audited over several years from Internal and External Auditors. I realised that effective risk management is not just about compliance or avoiding negative outcomes — it’s about enabling better decision-making, building resilience, and creating sustainable value for the customer and the business.
What particularly drew me to further study was the interdisciplinary nature of risk management. It combines elements of strategy, finance, governance, psychology, and data analysis. I was drawn to how risk frameworks can be applied across diverse sectors and how implementing some sort of Risk Management could reduce the stress of non service days to the business and also it would highlight areas which needed a focus and reduce the compliance tick box on those areas which were will controlled and of low risk.
Through my studies, I’ve been able to connect theory with practice, exploring how robust risk cultures and enterprise risk frameworks can drive long-term organisational success. Ultimately, studying risk management has been both intellectually rewarding and personally meaningful. It’s given me the tools to think critically about uncertainty, contribute to informed decision-making, and support my organisation in the day to day services and the strategic planning for the future, as well as opening up other doors in the organisation such as SME for GRC projects and Training Risk Programs Internally.
Can you tell us about your research project that led to this recognition?
It started with the Audit program and how reduce audits and reuse audit reports to free up staff to continue to provide service.
As a service industry the number of audit days sometimes outnumbered the number of days in a year (Dec + Jan = 62 days – 365 days = 427 days less a few more for public holidays). As an example one year there was approximately 426 days of audits, with each audit taking approximately 3 days, resulting in 142 audits conducted across 17 sites and some of these sites have at most 3 staff working at them, which meant in some cases I had 6 auditors, from different organisations for different standards and or regulations auditing staff and asking the same questions.
So, how could this be changed and better controlled?? I had been involved in a Global project called Risk Driven Quality Assurance. I took this approach and framework and expanded it to cover a business unit and specially applied it to the audit program. With the intent to reduce audit days, and audit high risk areas only with medium to low risk being audited on a less frequent basis. This led to looking at the contract deliverables and reviewing a section call Risk Management and using ISO 31000 as a baseline framework. I realised I would need help and decided to tackle the Diploma In Risk Management and use the course work to develop the framework, rules, documentation, RACI matrix, risk register, appetite and training etc for the business while keeping my strategic focus on reducing audits in the business and moving the business from compliance to a risk based focus, ensuring controls were strengthened and client services and satisfaction were improved thru the audit findings. Today we have a audit program of 96 audits = 288 days, 2024 150 audits = 450 days that is a overall reduction of 54 audits = 162 days of service back to the business. The journey to integrate a GRC system continues well into the future.
What was the most surprising or insightful thing you learned through your studies?
There were many times during the theory study sessions that the light bulb went on confirming what I did know well and also confirming what I was missing. Having the course delivered F2F on site with only 2 students was a direct advantage as was having a teacher who was competent in industry like mine.
My core take aways are:
Leadership and Governance - Visible commitment from senior leaders to drive change. Clear governance and defined roles to embed risk ownership across the organisation.
Training and Capability - Targeted programs to build risk literacy and Practical workshops and “risk champions and risk owners” to support ongoing capability development. These are ongoing.
Communication and Change Management - A clear communication plan outlining the purpose and benefits of the new framework. Engagement activities and consistent messaging to build buy-in and reduce resistance.
Continuous Improvement and Culture - Regular reviews and feedback loops to refine the framework. Reinforcement of a risk-aware culture that values proactive, informed decision-making.
How has this award impacted your confidence or career direction?
Receiving the RMIA Risk Student of the Year award has opened my career opportunities within the business. It allowed me to take on more complex challenges such as representing Quality, Risk, Compliance and Policy in a IMS GRC Project, writing and delivering risk training programs and actively engaging in industry discussions about emerging risk trends with a broader professional network within the RMIA community, opening doors for mentorship, collaboration. I am also on the NSW RMIA Committee.
What advice would you give to other students interested in pursuing advanced study in risk management?
My advice to students considering advanced study in risk management is to approach it with both curiosity and practicality, set a defined timeline and build in buffer days, you will need them. Risk management is a dynamic, evolving discipline that touches every aspect of business — enterprise wide.
Build a strong framework that works for your business and explore how risk connects with areas like data analytics, governance, and human behaviour. Learning from mentors and industry professionals through associations like RMIA can provide invaluable insight and perspective.
Stay curious, be patient, have fun as tomorrow there will be new issue to deal with.