Home > Risk > Finding the Right Chief Risk Officer

Finding the Right Chief Risk Officer

My good friend, Jim DeLoach of Protiviti, has a post on the BoardMember site. It provides some guidance for directors and others who influence the board on the selection of a chief risk officer (CRO).

I think the post is OK as far as it goes, but what is missing is guidance on what the board should look to the CRO for. The critical discussion is in his first “key consideration”, where he discusses Role and expectations, as defined by management and the board.

Perhaps Jim was limited by the site on the length of the piece. But I would have much preferred to have seen mention of the critical role of the CRO in taking ownership for ensuring the framework (including policy) and processes for risk management across the organization are adequate, and providing the executive leadership and the board with a holistic view of risk across the organization.

I would have also preferred to see an argument against limiting the CRO to a specific compliance role. Many of the failures in risk management have been because risk management, if it existed, was conducted within silos. There was no enterprise-wide coordination, and strategic risks were often not included.

What do you think?

  1. Jim DeLoach
    March 21, 2011 at 7:36 AM

    Norman, thank you for commenting. Re the role of the CRO, I agree completely with you that the role should be strategic and that is always Protiviti’s first choice. My thought process in this post was to acknowledge that in practice, there are more than a few companies in certain industries that limit the scope of the role and related responsibilities to compliance matters and that limitation in scope is a factor in determining the appropriate person. Like you, I am not a fan of the practice of placing the CRO label on what is really a chief compliance officer role. I also agree completely with you on the fatal flaw of overlooking strategic risks, as many of our writings point to this fundamental issue.

  2. akira muranaka
    March 21, 2011 at 8:35 AM

    I agree with that a CRO needs to be a holistic risk experet who can deal with IT, Finance, Operations, and Law without a silo.

  3. March 21, 2011 at 7:49 PM

    I also see the role as a strategic one, with a key requirement for both leadership and influencing skills. Many executives view compliance as an inhibitor and a skilled CRO needs to be able push back against this perception and instill an enlightened view of risk and compliance as strategic enablers.

  4. Jackie Cain
    March 22, 2011 at 3:12 AM

    I’ve also found these thoughts from Anthony Fitzsimmons, Chairman of Reputability Ltd, very interesting:

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: