Chief risk officers are needed more than ever but business slow to react - report

11th June 2018

The need for businesses to have a single person to oversee all aspects of risk is greater than ever, says a new report from Airmic. Yet boards in the UK are slow to respond even where there are obvious gaps in risk management.

The report (entitled 'Do we need CROs?') points out that the business environment is becoming more complex and connected, whilst the pace of change is increasing with greater demands for risk disclosure. “Why would the board or C-Suite not want to share the corporate risk load with a person who would be charged with uniting business silos and achieving a view of risks across the business?” it asks.

The report acknowledges that not all firms require Chief Risk Officers or their equivalent, but  says complex or very large businesses would nearly all benefit from having one person overseeing risk. An important part of the role would be to align risk management to the organisation's wider business strategy. It draws a distinction between the compliance function and wider enterprise-wide risk management. Whilst compliance is essential, it says, ERM provides a genuinely strategic overview.

It goes on to point out that risk managers do not actually manage risk themselves, but act as facilitators to enable their colleagues to do so.

“If a risk manager is talking to the right people at the right time about the right things, then they—along with the managers they are talking to—will uncover risks and appropriate ways to deal with them. Unlike processes which follow a clear structure, this kind of conversation is built around having an ear to the ground and a wide set of trusting relationships,” it says.

The report lists the circumstances under which firms might benefit from appointing a CRO and the qualities required to step up to that position.

 “As well as being a wake-up call to businesses to respond to the risk implications of the fast-changing environment, this report sets out to help boards understand their needs so that they can assess the type of risk management set-up that would most suit them,” said technical director and deputy CEO Julia Graham. “As industries become more fluid and dependent on technology, we believe this is the perfect time to take such a view.”

Airmic represents around 1,200 risk managers. Its annual conference, The Future is Now, takes place in Liverpool June 11-13.

For further information, please contact Mark Baylis of Complete Communications, mark.baylis@airmic.com, 07775 693994.