Outlook for the Chief Risk Officer Role
What You Need to Know Right Now to Level Up as a CRO
As management of risk – especially digital risk – has grown increasingly important to companies, the Chief Risk Officer (CRO) role has also grown in significance. Within the framework of what has come to be known as Enterprise-Wide Risk Management (ERM), “the Chief Risk Officer is a C-suite executive who is tasked with the identification, analysis, and mitigation of events that could threaten a company,” writes Juliana De Groot, who notes that threats can be internal or external. The CRO may also deal with compliance in areas such as the Sarbanes-Oxley Act. In some companies, the CRO role is called Chief Risk Management Officer and occasionally Chief Actuarial Officer. Some organizations have a risk committee to guide their risk exposure.
Most CROs report to the CEO. The CRO takes the temperature of the organization to gauge how much risk the firm can tolerate – its risk “appetite.” Risk & Compliance magazine notes, “in building an enterprise risk-management framework, the CRO, along with the board and senior management, must develop a risk culture that is communicated and understood throughout the organization.” The CRO protects the company’s investment in risk management by implementing risk-management controls across departments to prevent fraud, penalties, security breaches, lawsuits, and investment losses.
Key Competencies for the CRO Role
While a bachelor’s degree (typically in finance, economics, business administration, statistics, or management) is usually adequate for a job as CRO, a master’s in finance or an MBA can speed the prospective CRO’s advancement, as does training in crisis management, risk assessment, internal auditing, fraud prevention, corporate compliance, and IT security. You may want to pursue a Certification in Risk Management Assurance (CRMA). CROs typically have 10-20 years of experience climbing the corporate ladder in roles such as risk manager, financial manager, compliance officer, or internal audit director.
As with most C-Suite roles, communication skills are in high demand for CROs. “In reviewing the details of some of our most recent Chief Actuary searches,” relates Kieran Welsh-Phillips of actuarial-recruiting firm DW Simpson, “the most commonly sought-after trait, aside from a well-rounded actuarial skillset, is communication savvy.” In fact, Robert Kugel of Ventana Research likens risk communication to learning another language: “A CRO should be able to translate risk jargon into words and concepts that are relevant to specific parts of the business.”
When preparing career-marketing communications to send to employers, those aspiring to the CRO role should emphasize these qualities:
- Knowledge of the business, including statistical, actuarial, financial, and economic modelling skills.
- Strategic insight.
- Ethical leadership skills.
- Ability to measure risk vs. reward.
- Analytical and math skills.
- Understanding of organizational goals and objectives.
- A solid grasp of credit and financial market cycles.
- Both empathy and objectivity.
- Influence and persuasion.
- Common sense and judgment.
- Consistency and accountability.
- Understanding of performance management.
Here are a few suggestions for those seeking to break into the CRO role, expand their horizons in an existing CRO role, or even rise beyond the CRO role:
- Grab the opportunity to obtain real-world business experience in risk management. Early on, these opportunities may come in the form of internships and summer jobs.
- Know how to optimize risk within the context of the corporate strategy. So advises Kugel, who adds, “optimizing risk is a necessary condition for optimizing return on equity and long-term success.” As Chris Ruggeri, Keri Calagna, Chris Vanuga, Cynthia Vitters, and Michael Fay point out, “most executive teams grasp the importance of risk management in the attainment of corporate goals and the value of more strategic approaches—and CROs are pursuing more strategic roles in the organization.”
- Gain international experience. T. Scott Mackenzie, whom Welsh-Phillips interviewed in an article on CRO career paths, noted of his international endeavors, “international political events can have a big impact on the operations of international companies, but may also have a contagion effect on the operations of a regional U.S. company. Being able to see and understand these potential dominos is an important attribute for the CRO.”
- Seek senior-executive sponsorship. “Senior executive sponsorship is also a critical need if the chief risk officer is to be a strategic player,” Kugel cautions.
CRO Trends to Watch
- Technological advances require a vigilant eye. “Any future CRO,” cautions Austin Clark on the Finance Director blog, “will need to have a keen eye on the digital risks that impact [their] institutions without respite and are only set to worsen.” On the flip side, technology can be deployed in risk modeling, tracking, and sensing to reduce risk, but Ruggeri, Calagna, Vanuga, Vitters, and Fay note that organizations are underutilizing these tools.
- By 2025 Chief Risk Officers and their teams will need to have become more proactive in their risk management strategies and capabilities. That’s the caveat of Michelle Perry’s portion of a White Paper entitled “Harnessing Risk Management,” which goes on to say, “the CRO will also have to be evolved into a more rounded, influential, business minded individual in order to persuade the executive board when to act to defend itself and when to take advantage of opportunities. Only that way will the CRO and its team ensure their worth and show how they have matured to benefit the broader business and keep their place at the top table.”
- CROs will need to entirely focus on spotting threats and assessing if and how those threats affect the organizations. Perry points out that CROs will need to assess whether the business has the capabilities to mitigate those threats. “It’s vital for the CRO to be able to look across the whole business – not just strategically, but tactically and operationally, too,” she says.
Check out an interesting podcast series for CROs, including podcasts on “a year in the life of a CRO.”