First Reference Talks

Discussions on Human Resources, Employment Law, Payroll and Internal Controls

You are here: Home / Business / How good is your chief risk officer?

By | 3 Minutes Read

How good is your chief risk officer?

A chief risk officer requires certain characteristics to succeed at being the leader of risk management in any organization. This article provides a list of critical attributes for such a leader.
chief risk officerMy best-selling book, World-Class Risk Management, describes how risk management can enable better decision-making, from strategy-setting to execution, and make a significant contribution to the success of any organization.
But how do you assess the leader of risk management within your organization?
Here are some attributes I consider critical. They tend to overlap but offer different ways of thinking about the individual and their team. They are not necessarily in order of importance; I leave the prioritization to you.

  1. Dedicated to helping the organization to succeed rather than simply avoid failures. (This should be the perception of others, not just the risk officer.)
  2. Has a deep understanding of the business, how it delivers value, is organized, makes decisions, and is run
  3. Seen as a trusted and valuable partner (not police) by the management team at all levels
  4. Listens, especially before speaking
  5. Looks to enable management to identify, assess, and evaluate risk rather than being the authority themselves
  6. Constructive and has good ideas
  7. Willing to recommend taking more ‘risk’ where appropriate for the business
  8. Helps everybody consider all the things that might happen, the multiple effects (positive and negative) that might flow from an event or situation, so they can make the best decisions for the organization
  9. Communicates effectively and is persuasive when appropriate and necessary
  10. Speaks well with and to authority
  11. An effective facilitator of discussions, especially across multiple groups
  12. Helps everybody understand how to identify, assess, evaluate, and respond to what might happen (risk)
  13. Seen as helping each executive, manager, and team succeed through informed and intelligent decision-making
  14. Enables an effective discussion around strategy, the setting of objectives, the management of major projects, and other key matters – either in person or by ensuring effective processes and methods are in place for managing the effects of uncertainty: what might happen (risk)
  15. Avoids enterprise list management and provides actionable, useful information to leaders of the organization that helps them understand the likelihood of achieving each of their objectives – in other words, not simply managing the so-called ‘top risks’ out of context
  16. Ensures that decision-makers have useful guidance on which risks to take
  17. A leader
  18. Works effectively with internal audit
  19. A potential leader of a business operation
  20. Objective and able to speak out as an independent voice when necessary and appropriate

Technical risk management expertise is not one of my top 20 attributes. Certainly it is valuable, but should it rate higher than any of the above?
What have I missed?
With which items do you disagree?
I welcome your comments.
PS – This is a review of my book from an experienced CRO:

Norman Marks’ latest book “World-Class Risk Management” (2015) is a must read for anyone interested in this evolving topic. It will appeal to the beginner as it leads one from the basics through the various concepts and techniques, while it challenges the most serious practitioner to re-evaluate what they do and why. The academic will also benefit from using this book because of the exhaustive references to some of the best source material on this topic. Norman challenges many stereotypical and clichéd views on risk management, but keeps coming back to simple, easy to understand concepts. He captures the essence of his thinking in “The management of risk is an essential element in successful management.” (page 13). This book makes you think, yet it is written in a lucid and friendly style. His thinking on ‘risk appetite’ challenges some ‘sacred cows’ held by many, but will help those who have struggled with this concept to find better ways of approaching this controversial subject. I wish he had written more on risk workshops but that may be another book someday. Well done, Norman, and thank you for sharing your experience, research and thinking.

Latest posts by Norman D. Marks, CPA, CRMA (see all)

Share with a friend or colleague

Get the Latest Posts in your Inbox for Free!

Electronic monitoring

About Norman D. Marks, CPA, CRMA

Norman has led large and small internal audit departments, been the Chief Risk Officer and Chief Compliance Officer, and managed IT security and governance functions.

He retired in early 2013. However, he still blogs, writes, trains, and speaks – and mentors individuals and organizations when he can.

Footer

About us

Established in 1995, First Reference is the leading publisher of up to date, practical and authoritative HR compliance and policy databases that are essential to ensure organizations meet their due diligence and duty of care requirements.

Main Menu

Stay Connected