5 Roles of an Effective Chief Risk Officer
Chief risk officers (CRO) possess one of the most difficult and thankless, yet fulfilling, roles within an organization. A CRO wears several hats. He is a businessperson, a salesperson, a teacher, a diplomat, and an interpreter – all rolled into one. His constituency includes the rest of the organization—from his peers on the leadership team down to the rank and file employee and often includes external regulators, auditors, and business partners, to name a few.
Five Roles of an Effective Chief Risk Officer
1. Businessperson
Effective chief risk officers understand that providing their customers with a product or service in a manner that maximizes shareholder value is the ultimate goal of their business. The CRO’s role is not to eliminate all risk (in fact, taking risks is required to succeed), but to enable the business to accomplish its objectives without incurring unacceptably high losses.
2. Teacher
Effective chief risk officers understand that in order to enable others within their organizations to make risk-based business decisions, they must understand basic concepts of enterprise risk management. It is the CRO’s responsibility to ensure that others receive and embrace this education.
3. Salesperson
Effective chief risk officers understand that the maintenance of an enterprise risk management program may be viewed by unenlightened peers as having little value to the organization. These individuals must be regularly reminded of the benefits of risk based decision making. It is thus the CRO’s responsibility to “sell” the ERM program to their constituents.
4. Interpreter
Effective chief risk officers understand that the terminology of enterprise risk management can be intimidating to the “uninitiated.” It is the CRO’s responsibility to translate technical terminology (e.g. threats, vulnerabilities, risks, controls, mitigation, residual risk, etc.) into language that is easily understood by leaders in other disciplines.
5. Diplomat
Effective chief risk officers recognize that not everyone in the organization will see eye-to-eye on critical business decisions about risk. They also understand that risk tolerance levels may vary from business unit to business unit. The best CROs are flexible, patient, and highly skilled in conflict resolution and negotiation.
A chief risk officer who fails to wear any of these hats will be less effective than he or she could be (and in the worst case, CROs may find themselves effectively marginalized). However, a CRO who can play all of these roles and play them well has the best shot at developing the type of risk-based culture that permeates their organization.
Photo credit: davidsonscott15
About the Author: Bradley J. Schaufenbuel, CISSP, CRISC, is Senior Vice President and Chief Information Security & Privacy Officer at Midwest Bank – Now Part of FirstMerit Bank, N.A. He is a regular speaker at industry conferences and has authored numerous books and professional journal articles on topics related to information security and I.T. risk management.
How Can Risk Intelligence Make You a More Effective Chief Risk Officer?
 |
In this educational personal webinar, you’ll learn how Evantix’s risk intelligence solution creates a credit bureau for your vendors enabling you to make intelligence decisions about your business risk. Register for your personal webinar today. |