First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

How good is your chief risk officer?

A chief risk officer requires certain characteristics to succeed at being the leader of risk management in any organization. This article provides a list of critical attributes for such a leader.

chief risk officerMy best-selling book, World-Class Risk Management, describes how risk management can enable better decision-making, from strategy-setting to execution, and make a significant contribution to the success of any organization.

But how do you assess the leader of risk management within your organization?

Here are some attributes I consider critical. They tend to overlap but offer different ways of thinking about the individual and their team. They are not necessarily in order of importance; I leave the prioritization to you.

  1. Dedicated to helping the organization to succeed rather than simply avoid failures. (This should be the perception of others, not just the risk officer.)
  2. Has a deep understanding of the business, how it delivers value, is organized, makes decisions, and is run
  3. Seen as a trusted and valuable partner (not police) by the management team at all levels
  4. Listens, especially before speaking
  5. Looks to enable management to identify, assess, and evaluate risk rather than being the authority themselves
  6. Constructive and has good ideas
  7. Willing to recommend taking more ‘risk’ where appropriate for the business
  8. Helps everybody consider all the things that might happen, the multiple effects (positive and negative) that might flow from an event or situation, so they can make the best decisions for the organization
  9. Communicates effectively and is persuasive when appropriate and necessary
  10. Speaks well with and to authority
  11. An effective facilitator of discussions, especially across multiple groups
  12. Helps everybody understand how to identify, assess, evaluate, and respond to what might happen (risk)
  13. Seen as helping each executive, manager, and team succeed through informed and intelligent decision-making
  14. Enables an effective discussion around strategy, the setting of objectives, the management of major projects, and other key matters – either in person or by ensuring effective processes and methods are in place for managing the effects of uncertainty: what might happen (risk)
  15. Avoids enterprise list management and provides actionable, useful information to leaders of the organization that helps them understand the likelihood of achieving each of their objectives – in other words, not simply managing the so-called ‘top risks’ out of context
  16. Ensures that decision-makers have useful guidance on which risks to take
  17. A leader
  18. Works effectively with internal audit
  19. A potential leader of a business operation
  20. Objective and able to speak out as an independent voice when necessary and appropriate

Technical risk management expertise is not one of my top 20 attributes. Certainly it is valuable, but should it rate higher than any of the above?

What have I missed?

With which items do you disagree?

I welcome your comments.

PS – This is a review of my book from an experienced CRO:

Norman Marks’ latest book “World-Class Risk Management” (2015) is a must read for anyone interested in this evolving topic. It will appeal to the beginner as it leads one from the basics through the various concepts and techniques, while it challenges the most serious practitioner to re-evaluate what they do and why. The academic will also benefit from using this book because of the exhaustive references to some of the best source material on this topic. Norman challenges many stereotypical and clichéd views on risk management, but keeps coming back to simple, easy to understand concepts. He captures the essence of his thinking in “The management of risk is an essential element in successful management.” (page 13). This book makes you think, yet it is written in a lucid and friendly style. His thinking on ‘risk appetite’ challenges some ‘sacred cows’ held by many, but will help those who have struggled with this concept to find better ways of approaching this controversial subject. I wish he had written more on risk workshops but that may be another book someday. Well done, Norman, and thank you for sharing your experience, research and thinking.

Follow me

Norman D. Marks, CPA, CRMA

Norman D. Marks is an Author, Evangelist and Mentor for Better Run Business, as well as an OCEG Fellow and Honorary Fellow of the Institute of Risk Management. Mr. Marks has been a practitioner and thought leader in internal audit, risk management, and governance for a long time. He has led large and small internal audit departments, been a Chief Risk Officer and Chief Compliance Officer, and managed IT Security and governance functions. Read more
Follow me
Send to Kindle

, , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.