Responsibility for Risk Management

Who should have responsibility for risk management?

Is it the CRO? Is it the Business Unit Heads? Is it everyone? or is it the CEO (As Buffet suggests)?

My answer to those questions is YES. Definitely.

You see, there is plenty of risk to go around.

The CEO should be responsible for the Firm Killing Risks. He/She should be the sole person who is able to commit the firm to an action that creates or adds to a firm killing risk position. He/She should have control systems in place so that they know that no one else is taking and Firm Killing Risks. He/She should be in a constant dialog with the board about these risks and the necessity for the risks as well as the plans for managing those sorts of risks.

At the other end of the spectrum, there are the Bad Day Risks. Everyone should be responsible for their share of the Bad Day Risks.

And somewhere in the middle are the risks that the CRO and Business Unit Heads should be managing. Those might be the Bad Quarter Risks or the Bad Year Risks.

As the good book says, “To each according to his ability”. That is how Risk Management responsibility should be distributed.

Explore posts in the same categories: Governence, Risk, Risk Culture, Risk Limits


You can comment below, or link to this permanent URL from your own site.

2 Comments on “Responsibility for Risk Management”

  1. I agree. Everyone is responsible.

  2. It is absolutely essential that Risk Identification be linked to a process rather than professional thumb-sucking based on one’s extensive knowledge of the business/subject. This can only be achieved by identifying the risk exposure to the business. In turn, this is achieved by analyzing the business’s strategic/business plan. If uncertainty exists when considering the achievability of goals and objectives then the business is exposed to risk. By questioning ‘what will impact/prevent and objective from being achieved?’ one would be able to identify the risks to business.

    This approach is managed within, an online risk management tool that can be found at

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: