Why the Chief Risk Officer has become the most important person in your organisation
The role of the Chief Risk Officer (CRO) is by no means a new one. Risk has always existed in business and there have nearly always been people in business who’s job it is to manage, minimise and mitigate that risk.
But the past decade has seen the emergence of a greater volume and type of risk than was around previously. The nature of geo-political, regulatory, cyber and technology risks mean that modern businesses face greater challenges than before and this has changed the role of the CRO for good.
It was once a role that existed mostly to mitigate more traditional risks to a business – although an important role, it was relatively low profile and not one that was centre-stage in the business. But because the nature of risk has changed so radically, so have the requirements expected of a CRO.
What has been the driving force behind these changes and what does a CRO need to be truly successful in their job in 2019?
The evolution of risk in business
A good place to start is with the evolution of risk in business. Risk has its origins in the insurance sector, where insurers would assess the potential risk of something harmful or unexpected happening.
This could be anything from the loss, damage or theft of something, to a personal injury. By assessing and pricing risk, an insurance company knows how much money it will require to pay out on claims.
Risk has now moved beyond insurance and the broader Financial Services (FS) market and most organisations – particularly the larger ones – will have a risk department headed up by a CRO. Yet the principals remain the same. Risk is the exposure a company must factor that will reduce profits or cause it to fail in some way.
Knowing these risks allows a company to mitigate against them, protecting itself against whatever threat might be headed it’s way.
The growing complexity of risk
And what a diverse threat it is now facing the CRO. 2017 research by the Association Management Risk and Insurance De L’entreprise (AMRAE), revealed that of the 270 risk managers surveyed, they came up against a very wide range of risks – operational (91%), fraud (83%), cyber security (79%), and even environmental (79%).
Earlier this month (April 2019), asset management firm BlackRock warned investors to urgently rethink their assessment of climate risk after research found key industries in the US are enormously underestimating the economic dangers posed by the low carbon transition.
Risk is everywhere and not only is it becoming more complex, but the threat it poses is also becoming greater. Cyber risk especially has grown in impact over the past five years, with ransomware attacks potentially able to bring an organisation to its knees.
The importance of the right GRC tools
With such severe threats, the people in overall charge of mitigating an organisation against risk suddenly find themselves in positions of great importance and responsibility. The role can even go beyond a restriction and control focus, to make a direction connect to future business strategy. To meet that responsibility, it is therefore essential for any CRO to have the right GRC tools at their disposal.
Oxial’s GRC Suite offers an integrated ‘enterprise’ GRC approach which integrates, aligns and links all essential governance, risk, internal control, internal audit, finance and compliance elements on a single platform. For many CROs it is becoming a vital element of their work, allowing them to gain a full and deep understanding of the different risks they are facing.
This in turn allows the CRO and the wider organisation to not only avoid and protect itself against this threat, but also to shape the strategy based on this information. It’s a feature-rich and cost-effective platform with many tangible benefits, but one that can ultimately increase competitive advantage by turning risk into value.
Supporting your CRO
Because we live and work in a changing and complex world, it becomes ever more important to understand the risks that threaten a business in 2019. The CRO is an incredibly important member of staff and one that needs the full support of the board to be successful.
With the right support – both in terms of providing the CRO with the right GRC software and GRC tools but also with ensuring the CRO has direct access to the board and is taken seriously – then the CRO can thrive and become an even greater asset.
Both the risk function and CRO that heads up that function can adopt a more strategic role in the company, steering and shaping future direction.
Do you value your CRO? Are they equipped with the right tools to do their job effectively? For details of how Oxial can empower your CRO, click here to learn more.
