Magazine article Risk Management

The Chief Risk Officer: What Does It Look like and How Do You Get There?

Magazine article Risk Management

The Chief Risk Officer: What Does It Look like and How Do You Get There?

Article excerpt

Not long ago, the principal questions that senior managers had about enterprise risk management were: "Is there a good reason for my organization to consider an ERM program?" and "If I do, will I have to create a new executive position to run it?" Over the last five years, however, two major trends have given rise to new, richer, organizational questions.

First, it is now clear that ERM has moved from being an interesting management concept to an important management practice. Organizations are giving enterprise risk management increasing attention, high-level accountability and clear responsibilities as befitting a legitimate strategic discipline. They are doing so because the managers we surveyed believe that ERM helps them create and improve shareholder value through risk-based decision making and capital allocation.

Second, it is now equally clear that in order to implement ERM as a management practice, organizations are creating ERM-specific roles, responsibilities and structures, in particular the chief risk officer, a position that has risen dramatically in prominence over the last few years. The reason for this rise is simple: as companies practice integrated risk management, they are realizing that having multiple risk officers makes no more sense to well-managed companies than it would to have multiple CEOs, CFOs or chief marketing officers.

The new questions about the CRO for leading companies, then, are: "What should the CRO do?" "What should the CRO look like?" "Where, exactly, does the CRO fit in the organization?" And the question for risk management practitioners is: "How do I become a chief risk officer?"

Duties and Responsibilities

As a strategic function, the CRO and his or her team play a critical part in the organization's winning strategy. While just a few years ago that part may have been largely operational to provide technical input to the decisions of the organization's policy-makers, today the CRO in leading companies participates in policy making and decision making. In particular, the CRO is becoming instrumental in two policy-making areas.

The first is assuring that the organization has processes in place so that it complies with the very much heightened risk management expectations of shareholders, regulators, and even elected officials and attorneys general. The second is developing and introducing an integrative risk management framework. The purpose of the framework should be twofold: to help the organization mitigate risks, and to help it allocate capital to build shareholder value with a full understanding of both the positive and negative potential of the risks involved.

In playing these broad, policy-level roles, the CRO helps senior managers understand the interrelationships of various types of risk. With that understanding, management can maximize value by relating its decisions on the risks it takes to its decisions on the capital used to finance its business. By managing a well-considered ERM strategy, CROs can balance the enterprise's portfolio of identified and quantified risks with a portfolio of capital resources to derive real value to the organization.

CROs generally have a set of specific responsibilities that amount to creating a risk-aware culture in the organization. These include central oversight of the organization's risk assessment and risk appetite; familiarizing the organization, its shareholders, regulators and rating agencies with the ERM program; implementing a consistent, integrated risk management framework throughout the company; managing that program with a particular emphasis on operational risks; and developing ways to mitigate and finance risk within the organization's larger business strategies.

Obviously, the CRO cannot carry out these responsibilities alone. The CRO works with, and through, the other risk managers in the organization. But given how comprehensive the role is, the CRO also works with every part of the organization: senior management, operating groups, finance, legal, human resources and the like. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.