Author Abstract
This paper tracks the evolution of the role of two chief risk officers (CROs) and the tools and processes they have implemented in their respective organizations. While the companies are from very different industries (one is a power company; the other is a toy manufacturer), they both embraced the concepts and tools of Enterprise Risk Management. Over a number of years, at both firms, risk management transformed from a collection of "off-the-shelf" acquired tools and practices into a seemingly inevitable and tailored control process. The paper investigates the role of the CRO in making these transformations happen. The two cases highlight that the role of the CRO may be less about the packaging and marketing of risk management ideas to business managers, but instead about the facilitation of the creation and internalization of a specific type of "risk talk" as a legitimate, cross-functional language of business. Thereby the risk-management function may be most successful when it resists conventional and conflicting demands to be either close to, or independent from, business managers. Instead, by acting as a facilitator of risk talk the CRO can enable the real work of risk management to take place not in his own function but in the business. In both cases, facilitation involved a significant degree of humility on the part of the CRO, manifest in limited formal authority and meagre resources. Their skill was to build an informal network of relationships with executives and business managers, which allowed them to resist being stereotyped as either compliance champions or business partners. Instead they created and shaped the perception of their role which was of their own making: a careful balancing act between keeping one's distance and staying involved.
Paper Information
- Full Working Paper Text
- Working Paper Publication Date: May 2014
- HBS Working Paper Number: 14-114
- Faculty Unit(s): Accounting and Management