Role of the Chief Risk Officer

CRO attributes
Role and expectations, as defined by management and the
board – The CRO may focus on strategic issues or more
tactical matters, such as compliance management. The
nature and scope of the position have a significant impact on
the type of individual needed.
Experience requirements – Executives with at least 10 years
of experience are preferred, especially those with experience
in risk management, the industry, and reporting to the board.
Critical thinking skills – Strategic thinking, effective analysis of
data, and the ability to disaggregate business plans into
component risks are essential skills needed in the role of
the CRO.

2.
CRO attributes
Interpersonal skills – Strong verbal and written communication
skills support the CRO in achieving effective relationships
and motivating others.
Keen business acumen – Business and financial judgment,
and problem-solving skills are crucial requirements to serve
as a trusted adviser and a control authority.
Strong process orientation – A strong understanding of
processes and core management activities are essential if
the CRO is responsible in assisting the organization develop
processes to identify, monitor, and report on key business
risks.
Cool under fire – Concise, direct communication while under
pressure, and active knowledge-sharing styles are necessary
to manage through a crisis.
3.
 Is a Chief Risk Officer born or made?

What are the key aspects of CRO’s competency?

Experience Leadership Education Sector

knowledge

• How much experience?

• How many roles?
• What level of exposure to executive and Board
interactions?
• What primary and secondary education or qualifications?
• Time spent in or with which functions?
• Is insurance sector experience critical?
4.
Evolving role of the CRO?

Has anything really changed since 2005? 5.

The CRO’s challenge?

6.
Its about “Change management”
• “Many organisations have learnt
that the introduction of risk
processes is insufficient to
fundamentally change
behaviours…
• To encourage desired behaviours
often requires a campaign of
change management…
• CRO’s and Heads of Risk should
be facilitators with an ability to
influence change in risk-related
behaviours.”
• This implies a different skill set to
that held by many current risk
professionals 7.
 IRM Professional standards
• IRM have defined functional
professional standards against 4
competency levels:
• Leadership
• Senior
• Management
• Support
• IRM have also defined 6 behavioural
competencies
• Courage and confidence
• Influence and impact
• Integrity, ethics and values
• Innovation and catalyst
• Building capability
• Collaboration and partnering
8.
What does a CRO therefore look like?

• Senior-level executive capable of contributing across a

wide range of business issues
• Not necessarily an expert on all areas of risk or someone
able to model risks
• Someone who gathers an excellent team of risk experts
and professionals around them
• With the ability to challenge management when necessary
• Someone with the CEO’s ear
• Gravitas and credibility with peers
• Overall - a communicator and a facilitator

9.
What about the missing ingredient?

• Gravitas?
• Communication?
• Consultative style?
• Stakeholder management?
• Marketing?

10.
Key success factors
Viewed as a Peer with Business Line Leaders
• In order to achieve the forward-looking risk perspective and
its serious consideration, the CRO must be able to deliver
those expectations through a collaborative relationship with
business line leaders.
• Hence, the CRO must be viewed as a peer.
• Not doing so would hamper the ability for the CRO to function
effectively and misplace the CRO’s direct reporting capability.

11.
Key success factors
Board Reporting and Interactions
• While the CRO is not an owner of specific risks, he or she
has the task of executing a strategic oversight of the entire
risk management focus that mandates free access to the
board for conveyance and reporting.
• Not providing such access would cause disconnect in
communication and the loss of resolutions to various
strategic problems.

12.
Key success factors
Managing Risks is Everyone’s Job
• The board, senior management and other line managers
must remove the misconception that the CRO is the only
person responsible for risk.
• Risk has to be an enterprise-wide concern.
• Thus, raising awareness and owning risks within operations
to establish a risk-aware culture is imperative to a successful
implementation of a CRO’s function.

13.
Key success factors
Risk is Equal to Opportunity Pursuit
• Risk management functions to preserve value as well as
create value.
• The best interests of the organizations are kept while
pursuing these strategies to improve the organization.
• Nevertheless, organizations must realize limits in engaging in
value-creating activities against value preservations controls.
• The CRO attempts to strike this balance through decision
making and risk appetite formulation.
• An imbalance may raise the level of risk for the less
proportionate aspect and create a setback to the
organizations.

14.
Key success factors
Broaden Focus Beyond Compliance
• It cannot be stressed more than the fact that the focus of
the CRO should be on the enterprise risks, risk profile and
aligning strategy based on risks.
• This goes beyond compliance risks and raises the bar for
the CRO.
• While the CRO has to be in compliance with the laws and
regulations, expanding the focus will make it easier for
the CRO to have the desired impact in managing risks.

15.
Key success factors
Clearly Defined CRO Position
• Clearly defined CRO position should be in place in order to
enhance the CRO’s objectivity in fact and appearance
• Setting the right expectation about the CRO’s responsibility
for promoting effective governance of significant risks is
crucial in furthering the role of the CRO.
• Not having clear definitions may cause the CRO to lose focus
and extend resources in less important matters lowering the
overall effectiveness of the CRO.

16.