A Chief Risk Officer (CRO) is a C-level management position recently created for managing risk at an enterprise-wide level. CROs have been put in place mostly in the financial industry, but are believed to spread into other industry sectors in the future. This position has created a level for current risk managers to aspire to and a way for them to become involved in a more strategic role within the enterprise.
A CRO should provide information to other C-level managers as well as to the board about whether or not current strategic decisions include the most up-to-date risks that the enterprise faces on a financial and strategic level. Risk managers are already trained to identify and manage risks, but will they cooperate with the CRO? The president of the Risk & Insurance Management Society (RIMS) believes that the creation of this role will benefit risk managers by making their role more strategic. Their role will transform to encompass more issues to allow them to improve their risk identification and mitigation skills.
Although current risk managers are skilled mostly in operational risk, those who have welcomed ERM have developed more financial skills that will be necessary to become Chief Risk Officers. Current economic conditions have heightened financial issues awareness such as liquidity and solvency, making risk managers a great value to their companies because they are better suited to manage financial risks in strategic decisions.
According to some, risk managers may be at a disadvantage because they are skilled in risk identification, but often report to higher management and are not skilled at making decisions. CROs will be required to be skilled decision makers and also to work with the board and other C-level management to form strategic plans. Peter den Dekker, president of FERMA (Federation of European Risk Management Associations) believes that current risk managers will be more suited for ERM roles instead of Chief Risk Officers. Successful CROs will need strong quantitative backgrounds and will need to embrace a global view of the company. As he points out, a company who has a CRO may not necessarily be managing risk to the appropriate level. The position may help some companies, but may give others false assurance that risks are being monitored successfully.
From a different perspective, Julie Graham, a CRO for a non-financial corporation, asserts that risk managers have exactly what it takes to become CROs. If they incorporate financial and management skills with their ability to communicate and employ judgment, they possess the basis of qualities needed to be successful as a Chief Risk Officer.
In favor of current risk managers, RIMS provides plenty of tools and resources to help risk managers develop the skill sets necessary to take control and move up in their careers. They published a guide, “ERM for Dummies” and RIMS also provides resources to help risk managers test themselves and compare their strengths to the strengths needed to excel. In addition, RIMS developed a “professional growth model” for risk managers to follow. This model offers them a framework to help guide them when taking their role from an operational level to a more strategic role.