Derivatives in the Boardroom?
committee. The audit committee must ensure that the risk controller has all the information and resources needed to validate risk identification and measurement practices, for the purposes of protecting the interests of shareholders and bondholders, and ensuring compliance with all relevant regulations.
The functions performed by the two roles can be articulated as follows: This article points out the inherent contradictions between a "risk manager" and a "risk controller", and the conflict that develops when organizations have the same person perform both functions. The separation of these responsibilities provides for clearer recommendations on reporting lines: risk managers report to CFOs, and risk controllers report to the audit committee of the board of directors. The functions of the "CRO risk manager" are, broadly, to identify and measure risk, make high-level recommendations on how to manage the business with risk factors in mind, and represent corporate risk policies to equity analysts. The functions of the "CRO risk controller" are, broadly, to audit the risk management practices, enforce policies, and represent his or her findings to the board and credit rating agencies.
If your firm has a chief risk officer, consider whether he or she is more of a risk manager or a risk controller, and if your organizational structure best defines and leverages his or her capabilities. If your firm does not have a CRO, there is no time like the present to install one-reporting to the CFO, in addition to a risk controller reporting to the audit committee of the board of directors. Today's business environment demands certified experts in these vital functions, and shareholders deserve them.
Articles found on this page are available to Internet subscribers only. For more information about obtaining a username and password, please call our Customer Service Department at 1-800-368-5001.