Positioning the risk professional in the corporate hierarchy.
David C. Shimko is president of Risk Capital Management Partners LLC, and a senior lecturer at Harvard Business School.
If necessity is indeed the mother of invention, in the instance of the growing popularity of chief risk officers (CROs), good business sense is the father. This is perhaps the most critical moment of the post-Industrial Revolution era for all manner of corporations to have the input of a risk professional at their service. But how do you position them in the hierarchy for maximum effectiveness?
These increasingly significant senior executives are relative newcomers to corporate America, and it wasn't long ago that corporations had no risk officers at all, let alone CROs. But with the highly publicized detailing of problems at Long-Term Capital, Enron, Global Crossing, Tyco, and others, the need for formal risk management and control functions is manifest and compelling. And while many firms have taken the step to appoint a CRO, the risk management function is still not well defined in all cases. Some see the CRO's role as the steward of the firm's risk portfolio; others view the CRO as the risk controller. In most cases, the CRO role is both, making this executive something of a hybrid—balanced between risk manager and risk controller.
It is in these cases that conflicts occur. But there are solutions to resolve this dilemma, an important undertaking since, when properly structured, the function immediately becomes a powerful vehicle to facilitate informative risk disclosures to corporate stakeholders.