Magazine article Risk Management

A View from the Top

Magazine article Risk Management

A View from the Top

Article excerpt

The Growing Role and Influence of the Chief Risk, Officer

In 1 993, James Lam set up a new risk framework at GE Capital. At the time, he was responsible for the middle office, which dealt with credit risk, market risk, risk transfer and hedging risks. He was also responsible for the back office, which was responsible for operational risk. In reviewing his responsibilities, he went to his boss and said, 'I'm getting ready to order business cards. What is my title?' "He didn't have one for me. So he told me to come up with one on my own/' says Lam, who is now president of James Lam & Associates and author of Enterprise Risk Management: From Incentives to Controls. At that point, GE Capital and other companies were just starting to create the position of chief information officer (CIO), which involved elevating information technology to a C-level agenda item. "Since I Was responsible for integrating all of the risks of the company, I came up with the title of chief risk Officer/' he SayS. The concept caught on, and today, according to Lam, there are probably over 1,000 CROs around the world.

In the mid-1990s, only a small number of companies had CROs, and most of them worked for large banks. A 2005 report by Forrester Research found that almost all companies with at least $1 billion in revenue and that are classified as "critical infrastructure" firms (e.g., financial institutions, energy companies, transportation companies, telecommunication providers and healthcare providers) have a CRO position. By 2007, the report went on to say, three-fourths of all large, critical infrastructure companies will have a formal enterprise risk management (ERM) office, being led by a CRO or equivalent title.

One reason for the growth of the CRO position has been the requirements of Sarbanes-Oxley (accounting oversight) and Basel II (measurement of international banking capital). In such situations, the CRO's job is to coordinate the management of risk by being a single point person for all risks to which an organization might be exposed. This covers everything from accounting policies and procedures to technology networks. In sum, one of the main responsibilities of the CRO is to make sure that the company functions as it should, and that preventable disasters of any and all kinds (financial and otherwise) do not occur.

While an auditor's responsibility is to discover things amiss, a CRO's responsibility is to make sure nothing goes amiss in the first place. But it is not all prevention. A good CRO can create structures and practices that help a company improve its competitive position, such as implementing strategic technologies for the most effective and secure management of data. While the job requires a somewhat detailed knowledge of technology, the overriding responsibilities tend to be integrative and analytical in nature. Above all else, communication skills are critical. CROs commonly report directly to the CEO, while traditional risk managers or vice presidents of risk report to the CFO or COO.

A good CRO is someone who understands policies and procedures, as well as the nuances and details of technology and its implications. This person also needs to be able to coordinate all of the different elements of risks into a comprehensive and organized structure that operates seamlessly. This is why so many CROs oversee ERM strategies.

So what industries should consider having CRO positions? According to Lam, the decision should be made more on a matter of the size and complexity of the company, specifically in terms of the risk profile, rather than by the industry the company is in. However, he does believe that the CRO role should be seriously considered in the financial services, energy, pharmaceutical, healthcare, telecommunications and transportation industries. In addition, all companies with over $1 billion in revenue in any industry should probably have a CRO.

Having been a CRO and also having written a book on ERM, Lam is intimately familiar with both concepts and how they can dovetail. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.