search

What is the role of the Chief Risk Officer?

1 years ago
Comments: 0
Views: 167

Show

The chief risk officer is responsible for the effective assumption of manageable risk and helps the organization avoid anything that might threaten the successful execution of the company’s duties. The job description of the chief risk officer accounts for the unique set of skills and abilities that allows for the individual to anticipate and hopefully eliminate such threats and keep the company operating effectively.

Position Description

The chief risk officer serves with the other managers and executives and oversees much of the financial and accounting departments in the company.

Essential Duties and Responsibilities of a Chief Risk Officer

  • Identifies potential threats to the financial stability of the company, including risky credit, investments, and portfolio inefficiencies.
  • Detects potential threats to operational efficiency including underperforming resources, personnel liabilities, property inefficiencies, and safety risks.
  • Recognizes potential threats to the company’s reputation including marketing missteps.
  • Prepares and maintains internal and external data gathering for risk analysis and reporting.
  • Designs and implements methods for avoiding potential threats using available risk metric software and personal knowledge of the industry.
  • Delivers regular risk analysis reports to company executives complete with actionable plans for avoiding or preventing potential threats at all levels.
  • Coordinates programs designed to minimize threats and anticipate threats to the company.
  • Develops insurance strategies and financing techniques to appropriately deal with any unanticipated losses.
  • Oversees all audits of accounting practices, safety measures, and compliance reports.
  • Conducts regular risk assessments either through a team of risk management experts or personally on site.
  • Manages and prepares all documentation related to risk assessments and reviews of standard operating procedures.

Required Knowledge, Skills and Abilities

  • Must be familiar with insurance and liability as well as compliance standards for the industry, including financial, property, operational, or personnel reporting, regulations, and standards.
  • Must have extensive knowledge of financing and insurance strategies to build up preventative measures against potential losses.
  • Must be a proven leader and manager, able to take charge and act assertively without guidance.
  • Must have excellent communication skills, both written and verbal.
  • Must possess knowledge of risk analysis, database management, risk metrics, and capital management.
  • Extensive knowledge of legal requirements and compliance regulations.
  • Must have strong interpersonal skills to manage large teams.
  • Must be both a problem solver and a risk taker.
  • Proficient with risk management, auditing techniques, and accounting standards and principles.

Education and Experience

  • Bachelor’s degree in accounting, business administration, finance, or risk management.
  • Master of Public Administration degree recommended for work in public sector.
  • Master of Business Administration or law degree recommended for work with large companies.
  • Must have at least 10 years in risk management, insurance or liability research, or actuarial management.

Work Environment

  • Time spent divided between corporate offices and meeting rooms and in the field monitoring daily work in the company.
  • Must be willing to travel extensively to survey work sites at all levels.
  • Some risks involved in work site visits in mechanical, construction, and other industries.

Salary

  • Median yearly salary about $200,000.
  • Those with top companies earn upside of $500,000 to $1 million a year.

Boards and chief risk officers (CRO) may need to transform their risk management practices to address new challenges, according to our 2018 global survey of more than 94 leading financial institutions. To respond to a rapidly evolving environment, we explore five key takeaways regarding the governance of nonfinancial risks.

Since 2008, boards of directors have become much more active in providing oversight of the risk management programs at their institutions. Yet the lines have often blurred between the oversight responsibilities of the board of directors and the operational responsibilities more appropriate for the province of management. Financial institutions and regulatory authorities are now recalibrating the role of the board of directors to have it focus more clearly on providing oversight.

Core oversight responsibilities

More than 90 percent of institutions reported that their board has several core risk management oversight responsibilities, such as:

  • Review and approve the organization’s formal risk governance framework (93 percent)
  • Review and approve the overall risk management policy and/or enterprise risk management (ERM) framework (91 percent)
  • Review regular risk management reports on the range of risks facing the organization (91 percent)
  • Approve the enterprise-level risk appetite statement (91 percent)

Although business strategy can often drive an institution’s risk profile, the role of the board in considering these impacts is far from universal. Seventy percent of respondents said that it’s the board’s responsibility to review corporate strategy for alignment with the organization’s risk profile.

Monitoring conduct risk

Even though conduct and culture risk are an increasing focus of regulatory authorities, only 50 percent of respondents said monitoring conduct risk was a board responsibility. This may reflect the fact that many institutions see this as more of a management responsibility. In contrast, 67 percent said that a board responsibility was to help establish and embed the risk culture of the enterprise and promote open discussions regarding risk.

The percentage of respondents who said their board of directors has the responsibility to monitor risk appetite utilization, including financial and nonfinancial risk, was 77 percent, which is down from 89 percent two years ago. This is consistent with the trend that more institutions are having their boards concentrate on oversight, rather than activities more traditionally the province of management.

Placing oversight responsibility for risk management in a board risk committee is a regulatory expectation and has become a widely accepted practice.

  • Sixty-three percent of respondents reported that the primary responsibility for risk oversight lies with a risk committee of the board of directors
  • Twenty-one percent of respondents said that oversight responsibility is placed with other committees, such as jointly with the combined risk and audit committees (7 percent)
  • Only 14 percent of institutions said that the full board of directors has risk management oversight responsibility
Independent directors

There has also been a trend among regulators to expect risk committees to include independent directors who have risk management expertise and skills—and these expectations have had an impact.

  • Seventy percent of respondents said their board’s risk committee comprises a majority or entirely composed of independent directors
  • Six percent said it doesn’t contain any independent directors
  • Eighty-four percent of respondents said their institution has one or more risk management experts on its board risk committee, up from 67 percent in Deloitte’s survey two years ago

Overall, the move toward independent directors is most pronounced in the United States and Canada, where 87 percent of respondents reported their board risk committee was composed of either entirely or a majority of independent directors. This is compared to 67 percent in Europe and 58 percent in Asia-Pacific.

Back to top

What is the role of the Chief Risk Officer?

Over the course of Deloitte’s global risk management survey series there has been progress in meeting the regulatory expectation that financial institutions have an independent risk management function. Ninety-five percent of respondents in the most recent survey reported that their institution has a chief risk officer position or equivalent.

Institutions can benefit by having the CRO report both to the chief executive officer (CEO) and to the board of directors, but this is not always the case.

  • Seventy-five percent of respondents said their CRO reports to the CEO. This means that in one quarter of institutions the CRO doesn’t report to the most senior management executive
  • Only 52 percent of respondents said that their CRO reports to the board of directors or a board committee
  • But 97 percent of respondents said that their independent risk management group headed by the CRO meets regularly with the board of directors or with the board committees responsible for risk management oversight

Still, there remains room for improvement. The percentage of institutions that reported a responsibility of their board of directors was to conduct executive sessions with the chief risk officer increased to 66 percent from 53 percent in the previous survey two years ago. But more institutions should consider having their boards adopt this practice. Having the board of directors meet with the chief risk officer, ideally sometimes without the CEO or other members of senior management present, can allow the board to receive an unvarnished assessment of the institution’s risk management program.

Back to top

What is the role of the Chief Risk Officer?

“The strategic planning process is a joint exercise between the business and risk management. Dedicated senior risk leaders are also responsible for providing advice and oversight pertaining to a business risk.”

– Senior risk executive of a large diversified financial services company

An important governance decision is how to assign responsibility for each risk type. In particular, a single individual should be responsible for oversight of the risk across the organization or that responsibility should be decentralized across business units or geographies. Having a single individual accountable has become common for financial risks, such as:

  • Market (86 percent)
  • Liquidity (85 percent)
  • Credit (79 percent)

When it comes to nonfinancial risks, there is much less consistency. With some nonfinancial risks, most institutions reported that a single executive is responsible, such as:

  • Regulatory/compliance (80 percent)
  • Information security (85 percent)
  • Cybersecurity (82 percent)

In contrast, it is much less common to centralize responsibility for other risks, such as:

  • Third party (54 percent)
  • Strategic (43 percent)
  • Reputational (38 percent)
  • Conduct and culture (33 percent)

Institutions may want to consider centralizing accountability for some of these nonfinancial risks to raise their profile in the organization and clarify responsibility.

Back to top

What is the role of the Chief Risk Officer?

Explore the 2018 CEO and board risk management survey

Learn more

A written risk appetite statement approved by the board of directors provides guidance to senior management. This is especially useful when setting business strategy and considering the lines of business when making business decisions, and it should be periodically revisited. The importance of establishing risk appetite statements has received greater attention from regulatory authorities in recent years, such as the Financial Stability Board and the Basel Committee. Ninety percent of respondents said their institutions either have a risk appetite statement that has been approved by the board of directors (84 percent) or are developing a statement for approval (6 percent).

Yet institutions face a variety of challenges in defining and implementing an enterprise-level risk appetite statement, especially with respect to defining risk appetite for hard-to-quantify nonfinancial risks. The risk types that were cited most often as being extremely or very challenging in defining risk appetite were:

  • Strategic (51 percent)
  • Cybersecurity (44 percent)
  • Reputational (39 percent)
  • Operational (36 percent)
  • Conduct (33 percent)

Back to top

What is the role of the Chief Risk Officer?

Virtually all institutions (97 percent) reported employing the three lines of defense risk governance model, but many said they face significant challenges in deploying it. The issues most often cited as significant challenges typically involved the role of line one (business units), including:

  • Defining the roles and responsibilities between line one and line two (risk management) (50 percent)
  • Getting buy-in from line one (44 percent)
  • Eliminating overlap in the roles of the three lines of defense (38 percent)
  • Having sufficient skilled personnel in line one (33 percent)
  • Executing line one responsibilities (33 percent)

There is also the related issue of eliminating overlap in the roles of the three lines of defense, considered to be a significant challenge by 38 percent of respondents. To address these challenges, 43 percent of institutions said they have revised their three lines of defense model, reassessed their model, or plan to reassess it.

Many institutions have been focusing on the role of the first line of defense but have found it difficult to have their business units always assume full responsibility for actively managing the risks they assume. Some business units may resist accepting their responsibility for risk management, seeing it as outside their core mission of generating revenues and profits. Beyond securing buy-in, many business units will find they need to hire or develop a sufficient number of professionals who bring both risk management expertise and experience in the specific business.

Back to top

What is the role of the Chief Risk Officer?

Navigate risk and financial advisory

Learn more

To successfully confront the array of economic threats and growing nonfinancial risks in today’s shifting business environment, financial institutions will need to reengineer their risk management programs and adopt fundamentally new approaches.

As they introduce new methods, institutions must make parallel enhancements to the governance of their risk management programs. The three lines of defense risk governance model will need to be reassessed to clarify the roles and responsibilities of each line of defense, especially the business units comprising the first line. The second line of defense should have a reporting connection to the board’s risk committee and, in many cases, a “dotted line” connection to the CEO. Accountability for managing nonfinancial risks, such as conduct and culture risk and third-party risk, will need to be reexamined. Institutions must develop more robust methodologies and gain access to relevant data to allow them to quantify their risk appetite for nonfinancial risks.

Boards of directors should play a key role in fostering new approaches to risk oversight. At many institutions, boards will need to:

  • Expand their focus to encompass oversight of the nonfinancial risks, while confirming that they truly concentrate on oversight rather than duplicate management responsibilities.
  • Assess if management has sufficiently tied risk to strategy and incorporated hard-to-quantify nonfinancial risks into the organization’s risk appetite statement.
  • Make sure they understand and are comfortable with those changes as their oversight role continues to evolve.

Back to top

What is the role of the Chief Risk Officer?

Q&A What

Related Posts

How to disable a vehicle from starting
How to disable a vehicle from starting

What are the major causes of audit failures?
What are the major causes of audit failures?

Why does my cat play with my clothes
Why does my cat play with my clothes

What is the probability of getting a total of 15 when 5 dice are thrown?
What is the probability of getting a total of 15 when 5 dice are thrown?

What represents the four main factors that determine a fitness plan success?
What represents the four main factors that determine a fitness plan success?

The concentration of glucose in blood is approximately 90 mg/100 ml. what is the molarity of glucose
The concentration of glucose in blood is approximately 90 mg/100 ml. what is the molarity of glucose

What is the nature of roots if the discriminant is greater than zero and not a perfect square?
What is the nature of roots if the discriminant is greater than zero and not a perfect square?

What is the nature of roots of the quadratic equation if the value of its discriminant is greater than zero and a perfect square?
What is the nature of roots of the quadratic equation if the value of its discriminant is greater than zero and a perfect square?

What factor is commonly associated with large for gestational age infants?
What factor is commonly associated with large for gestational age infants?

When did Austria declare war on Serbia
When did Austria declare war on Serbia

What brand of castor oil is best for hair?
What brand of castor oil is best for hair?

What are control charts based on?
What are control charts based on?

Vscode No server install found in WSL, needs x64
Vscode No server install found in WSL, needs x64

How do you get to Motion settings on iPhone?
How do you get to Motion settings on iPhone?

How long is a furlong in horse?
How long is a furlong in horse?

Replace the underlined word with the correct form
Replace the underlined word with the correct form

How many spinach plants per person
How many spinach plants per person

Bread clip in wallet when traveling
Bread clip in wallet when traveling

What aisle is heavy cream on?
What aisle is heavy cream on?

How do you play Roblox on a Chromebook without downloading it
How do you play Roblox on a Chromebook without downloading it

Advertising

LATEST NEWS

How fast does hair grow per day
1 years ago . by TranquilBabbling
Which of the following allows different operating systems to coexist on the same physical computer?
1 years ago . by UnmarkedDuchess
What is being defined as the degree to which something is related or useful to what is happening or being talked about?
1 years ago . by ComingCarcass
Which of the following is NOT a pathway in the oxidation of glucose
1 years ago . by ScarredAccreditation
Juan is the person employees go to when knowledge of a topic was needed. juan holds ________ power.
1 years ago . by AmbitiousExamination
Which of the following is not a standard mounting dimension for an electric motor? select one:
1 years ago . by MiserableSweepstakes
Which set of characteristics will produce the smallest value for the estimated standard error?
1 years ago . by GenerousIntercourse
Is a program that assesses and reports information about various computer resources and devices.
1 years ago . by SeriousBondage
How much energy is needed to move one electron through a potential difference of 1.0 102 volts
1 years ago . by CrackedKnocking
Includes procedures and techniques that are designed to protect a computer from intentional theft
1 years ago . by UneasyInvasion

Advertising

Populer

Advertising

About

Legal

Help

Social

Copyright © 2024 SignalDuo Inc.