12 Jun 2014  Working Papers

The Triumph of the Humble Chief Risk Officer

Executive Summary — How do senior risk officers strike a balance between the twin roles of "compliance champion" and "business partner"? Understanding what role risk officers may play in organizational life is especially important in the wake of the 2007-2009 financial crisis, continuing corporate debacles, and ongoing corporate governance calls for the appointment of chief risk officers (CROs) and risk-management committees. This paper tracked the evolution of the role of two highly acclaimed chief risk officers (CROs), and the tools and processes they implemented in their respective organizations. While the companies are from very different industries (one is a power company, the other is a toy manufacturer), they both embraced the concepts and tools of Enterprise Risk Management. Over a number of years, at both firms, risk management transformed from a collection of "off-the-shelf," acquired tools and practices into a seemingly inevitable and tailored control process. The paper investigated the role of the CRO in making these transformations happen and discusses implications for managers. Key concepts include:

  • The role of the CRO may be less about the packaging and marketing of risk management tools to business managers, but instead, the facilitation of the creation and internalization of a specific type of "risk talk" as a legitimate, cross-functional language of business.
  • The risk-management function may be most successful when it resists conventional and conflicting demands to be either close to, or independent from, business managers.
  • By acting as a facilitator of risk talk, the CRO can enable the real work of risk management to take place - not in her own function, but in the business lines.
  • The facilitation of risk talk may involve a significant degree of humility on the part of the CRO, manifest in limited formal authority and meagre resources.
  • Calls for increasing investments in risk management, and for the formal inclusion of senior risk officers in the C-suite, might be, in many cases, misguided. Rather, risk managers need first and foremost commitment from others in the organization to accept a relevant and situationally contingent version of risk management, tailored to their needs.

 

Author Abstract

This paper tracks the evolution of the role of two chief risk officers (CROs) and the tools and processes they have implemented in their respective organizations. While the companies are from very different industries (one is a power company; the other is a toy manufacturer), they both embraced the concepts and tools of Enterprise Risk Management. Over a number of years, at both firms, risk management transformed from a collection of "off-the-shelf" acquired tools and practices into a seemingly inevitable and tailored control process. The paper investigates the role of the CRO in making these transformations happen. The two cases highlight that the role of the CRO may be less about the packaging and marketing of risk management ideas to business managers, but instead about the facilitation of the creation and internalization of a specific type of "risk talk" as a legitimate, cross-functional language of business. Thereby the risk-management function may be most successful when it resists conventional and conflicting demands to be either close to, or independent from, business managers. Instead, by acting as a facilitator of risk talk the CRO can enable the real work of risk management to take place not in his own function but in the business. In both cases, facilitation involved a significant degree of humility on the part of the CRO, manifest in limited formal authority and meagre resources. Their skill was to build an informal network of relationships with executives and business managers, which allowed them to resist being stereotyped as either compliance champions or business partners. Instead they created and shaped the perception of their role which was of their own making: a careful balancing act between keeping one's distance and staying involved.

Paper Information