You Need a Chief Risk Officer for Your Organization

Lee and Shimpi noted that enterprise risk management (“ERM”) has emerged as an important and essential management practice and a recognized strategic discipline and that organizations have created ERM-specific roles, responsibilities and structures, notably the position of “chief risk officer” (“CRO”) that has taken its place along with other members of the C-suite.  Lee and Shimpi argued that the CRO has become instrumental in assuring that the organization has processes in place so that it complies with the very much heightened risk management expectations of shareholders, regulators, and even elected officials and attorneys general, and in developing and introducing an integrative risk management framework that helps the organization mitigate risks and allocate capital to build shareholder value with a full understanding of both the positive and negative potential of the risks involved.  Specific duties and responsibilities of the CRO generally include central oversight of the organization’s risk assessment and risk appetite; familiarizing the organization, its shareholders, regulators and rating agencies with the ERM program; implementing a consistent, integrated risk management framework throughout the company; managing that program with a particular emphasis on operational risks; and developing ways to mitigate and finance risk within the organization’s larger business strategies.
There are several different strategies that companies use with respect to the reporting obligations of the CRO position.  The most popular approach is for the CRO to report to the CEO, although many companies have the CRO report to the CFO due to the fact that many of the risk factors that a business must face and overcome are finance-related.  A smaller group of companies have opted to have the CRO report directly to the board of directors or the board-level committee responsible for risk management.  Even if the CRO’s first reporting obligation is to another member of the C-suite, the compliance and risk management committee should be vested with explicit authority to oversee the activities of the CRO and his or her support group and should carefully monitor the CRO’s relationship with other members of the senior management team, operating groups, finance, legal and human resources.  Lee and Shimpi commented that the most successful CROs forge close relationships with the internal audit function to gather information about the effectiveness of existing risk management programs and the planning function as a means for integrating risk assessment into the development of the company’s future business strategies.
Goldberg and McNamara advised that the CRO should work closely with the company’s general counsel and other members of the in-house legal team to ensure that potential legal risks and liabilities are integrated into the ERM program and that the program operates in a manner that mitigates liability and risk exposure.  The general counsel should be able to analyze best practices and provide advice to senior management and the members of the board-level compliance and risk management committee on how the ERM program should be structured.  In addition, the general counsel can be a valuable resource in identifying, assessing, prioritizing and managing legal risks and liabilities.  The general counsel is also responsible for advising the board of directors, and the board’s compliance and risk management committee, on their duties and responsibilities with respect to oversight of risk management.
This article is adapted from material in Sustainability and Corporate Governance: A Handbook for Sustainable Entrepreneurs, which is prepared and distributed by the Sustainable Entrepreneurship Project and can be downloaded here.
Alan Gutterman is the Founding Director of the Sustainable Entrepreneurship Project, which engages in and promotes research, education and training activities relating to entrepreneurial ventures launched with the aspiration to create sustainable enterprises that achieve significant growth in scale and value creation through the development of innovative products or services which form the basis for a successful international business.  Visit the Project’s Library of Resources for Sustainable Entrepreneurs to download handbooks, guides, articles and other materials relating to sustainable entrepreneurship and keep up with the Project’s activities by following Alan on LinkedIn, Twitter and Facebook.