Recently I read a comment in a LinkedIn Group that stated Chief Risk Officers should be given more authority in order to enforce sound risk management practices.  This made me raise my pen.

The notion of authority for a CRO worries me a bit along the lines that the risk management function and internal audit should be separated. 

I am more of the school that CROs sell benefits, facilitate better practices and influence good decision-making as broadly as they are able while the assurance function (eg Internal Audit) attests to the success or otherwise of the CRO's efforts (Also see my blog on should Boards have a separate Risk Committee). Yes, sometimes the CRO’s job will be near on impossible and you would need the charisma of Richard Branson, however, being seen as a “Trusted Advisor” rather than an authoritative figure will in the end assist management make better decisions.    

As many of the subsequent posts to the comment stated, you need to earn respect.  In my words, “Trusted Advisor” status must be earned.  You can have notional authority without influence.

Lastly, I was involved in the establishment of a Masters in Risk Management at Monash University, Australia, about 12 years ago and during a workshop on what might be a CRO's ultimate skill set, we concluded someone with the core technical RM skills and an MBA was getting towards the mark.  Since then I have often commented that a CRO needs to be an MBA on steroids. 

A CRO needs to understand strategy, finance, safety, project and change management, organisational behaviour as well as have a great understanding of the business. On top of that, a CRO needs to show strong leadership across all of these areas.


Votes: 0
E-mail me when people leave their comments –

Bryan is a management consultant operating since 2001, specialising in risk-based decision making and influencing decision makers, born from his more than twenty years of facilitating executive and board workshops.

Bryan’s experience as a risk practitioner includes the design and implementation of risk management programs for more than 150 organisations across the public, private and not-for-profit sectors.

Bryan is the author of Risky Business : How Successful Organisations Embrace Uncertainty; Persuasive Advising : How to Turn Red Tape into Blue Ribbon, and Team Think : Unlock the Power of the Collective Mind [to be published in 2022].

He is licenced by the RMIA as a Certified Chief Risk Officer (CCRO) and is the designer and facilitator of their flagship Enterprise Risk Course since 2019.

<a href=""></a>

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!