If management decides to appoint a Chief Risk Officer (CRO), the company should evaluate a variety of factors when conducting a search for the right candidates. A whitepaper issued by Protiviti lists key considerations to evaluate in selecting a CRO, including:
- Role and expectations, as defined by management and the board – The CRO may focus on strategic issues or more tactical matters, such as compliance management. The nature and scope of the position have a significant impact on the type of individual needed.
- Experience requirements – Executives with at least 15 years of experience are preferred, especially those with experience in risk management, the industry, and reporting to the board.
- Critical thinking skills – Strategic thinking, effective analysis of data, and the ability to disaggregate business plans into component risks are essential skills needed in the role of the CRO.
- Interpersonal skills – Strong verbal and written communication skills support the CRO in achieving effective relationships and motivating others.
- Keen business acumen – Business and financial judgment, and problem-solving skills are crucial requirements to serve as a trusted adviser and a control authority.
- Strong process orientation – A strong understanding of processes and core management activities are essential if the CRO is responsible in assisting the organization develop processes to identify, monitor, and report on key business risks.
- Cool under fire – Concise, direct communication while under pressure, and active knowledge-sharing styles are necessary to manage through a crisis.
Above all, the most important consideration to evaluate in choosing a CRO is whether or not the individual will “fit” or mesh with the organization. The whitepaper also suggests questions for the board to consider when evaluating the CRO position in the organization.