Surprise Surprise!

Surprise Surprise!

I was working with a CEO recently who had been in the job for about a year. When they started, they found – surprise, surprise – all was not as it was made out to be. It was a very difficult environment. The challenges were more than challenges, they were wicked problems. And the road ahead a very, very rocky one.

It got me thinking about you and what you might want to consider before you accept a CRO, or other senior, job offer in risk. Here are my top three tips:

  1. Due Diligence: Is this organisation right for you? What is the organisation’s mission, vision and, most importantly, values? Nice start. Do they live their values? Head over to social media and see what you can find. Then to the job search companies like Seek and Glassdoor to check out company reviews. Better still, talk to someone who works there if you can.

    What about their management of risk? Can you check out company performance over the last five years. Publicly listed and public sector organisations will have the most information available. Most not-for-profits publish pretty detailed annual reports that you can put a discerning eye over, however, in Australia where I am based, the Australian Charities and Not for Profits Commission (ACNC) has a company overview for all registered charities. Each overview has a History page which will include any enforcement action by the ACNC.

    Then there are all the other regulators of industries that public and private for-profit organisations operate in e.g. finance sector, aged care, food, tertiary education. Each of these regulators can be a source of information about enforcement actions or other issues you may find concerning.

    Please, don’t do your due diligence through rose coloured glasses because you want the job that badly! Maybe get a close confidant to give an opinion on what you find. However, the reason they may be seeking your skills is because they truly want to turn around their culture and/or performance, which leads on to the next two tips.

  2. Authority: What are your reporting lines and your decision-making authority? Do they reflect an organisation that is serious about managing risk for success rather than managing risk to meet compliance obligations? Ideally a CRO is on the executive team. When it comes to access to board and committees of the board, this depends on the risk management model in place or desired by the organisation. In the Three Lines Model favoured by regulators, it is very clear that the CRO must have direct access to the board and board committees. In a tri-partite model of risk management where the CRO is adviser, as opposed to challenger, the approach would be to have standing agenda type items where the board or committees hear the CRO’s views on future performance and advice on key decisions.

    If the role you are looking at is reporting to a CRO or an executive on the leadership team who is the notional CRO, I would be trying to understand their level of understanding of what it takes to have a fantastic risk culture. And as you know, it starts with the executive team. It will be hard work if you have to constantly fight to be heard by the executive and board.

  3. Budget: The proof is in the pudding. Ensure you have your own budget, and it is sufficient for the resources you will need. Too many times I have worked with CRO’s that had to get approval from the Audit and Risk Committee to spend what I would consider a small amount of money in the scheme of things.

    When negotiating budget, I hope you have quantification of risk on your mind. Many organisations have data, or could create data, for much more informed decision making about risk. Quantifying risk is easier when it is strictly about finances. However, it has been well proven by the likes of Doug Hubbard, author of How to Measure Anything, that much, much, much more can be done than is the case in many organisations.

Votes: 0
E-mail me when people leave their comments –

Bryan is a management consultant operating since 2001, specialising in risk-based decision making and influencing decision makers, born from his more than twenty years of facilitating executive and board workshops.

Bryan’s experience as a risk practitioner includes the design and implementation of risk management programs for more than 150 organisations across the public, private and not-for-profit sectors.

Bryan is the author of Risky Business : How Successful Organisations Embrace Uncertainty; Persuasive Advising : How to Turn Red Tape into Blue Ribbon, and Team Think : Unlock the Power of the Collective Mind [to be published in 2022].

He is licenced by the RMIA as a Certified Chief Risk Officer (CCRO) and is the designer and facilitator of their flagship Enterprise Risk Course since 2019.

<a href="http://www.bryanwhitefield.com">www.bryanwhitefield.com</a>

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!

lead