Let’s get Real

Talk to CROs and all the nice theories about risk management get put in their place.  In real companies, the loudest and most influential voice is usually the people who want to add risks.

A real CRO is not often struggling with issues of risk theory.  They are totally immersed in the reality of corporate power politics.

  • In some firms, the CEO will set up the CRO in a position where risk concerns will trump all else.  The CRO will have authority to stop or curtail any activity that s/he feels is excessively risky.
  • In other firms, the CEO will set up the CRO to be one of many voices that are clamoring for attention and for their point of view to be heard.
  • And a third set of firms has the CRO as purely a reporting function, not directly involved in the actual decision making of the firm.
The first case sounds ideal, until the CRO and the CEO go head to head on a major decision.  The battle is not usually long.  The CEO’s view will will.  In these firms, it is usually true that the CRO and the CEO see eye to eye on most things.  The CEO in these firms has the opinion that the business units would take enough risk to imperil the firm if left alone.  But the CEO is still responsible to make sure that the firm is able to grow profitably.  And a CRO who gets used to power over risk decisions, sometimes forgets that power comes solely from the CEO.  But for the most part, the CRO in this firm gets to implement the risk management system that works the way that they thinks is best.
The second case sounds much more common.  The CEO is not saying exactly how much s/he supports ERM.  The CEO will decide in each situation whether to support the CRO or a business unit head on any risk related major decision.  The risk management system in this firm exists in a grey area.  It might look like the risk management system of the first firm, but it does not always have the same amount of authority.  Managers will find out quickly enough that it is usually better to ask for forgiveness rather than follow the rules in the times when they see an important opportunity.  The CRO in this firm will be seeking to make a difference but has to define their goals as all relative.  Are they able to make a noticeable shift in the way that the firm takes risk.  That shift may not go all the way to an optimal risk taking approach, but it will be a shift towards that situation.  Over time they can hope to educate the business unit management to the risk aware point of view with the expectation that they will gradually shift to more and more comfort with the risk management system.
In some of these firms, the risk management system will look more like the system of the third case below – a Risk Information system.  The approach is to keep all of the negotiation and confrontation that is involved with managing risk limits and standards to be verbal rather than on paper.
In third case, the risk management system exists to placate some outside audience.  The CEO has no intention of letting this process dictate or even change any of the decisions that s/he intends to make.  The most evident part of an ERM system is the reports, so the risk management system in these firms will consist almost entirely of reporting.  These firms will be deliberately creating an ERM Entertainment system.  The best hope in these firms is that eventually, the information itself will lead management to better decisions.
What is working against the CRO in the second and third cases are the risk attitudes of the different members of management.   If the CRO is targeting the ERM system and/or reports to the Manager risk attitude then it might be a long time before the executives with other risk attitudes see any value in ERM.
Advertisements
Explore posts in the same categories: Cultural Theory of Risk, Enterprise Risk Management, Risk Management System

Tags: ,

You can comment below, or link to this permanent URL from your own site.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: