The risk environment plays a critical factor when it comes to making key business decisions, and organisations have long been concerned about how productivity and profitability will be affected by risk. As such, risk has traditionally been viewed as something to avoid, the potential negative to any decision that can cost a company money, its reputation or even its existence.

However, more businesses today understand that, if managed correctly, risk can actually be a source of competitive advantage, innovation, performance and growth. Risk has been promoted – no longer is it simply the responsibility of backroom staff to feed their findings to the boardroom. The emergence of the chief risk officer (CRO) means that risk has been given a seat at the table.

The CRO’s increasing influence at the top

While the role has existed in some capacity before, the creation of the modern CRO, which encompasses more than simply financial risk, is a more recent development. Following the introduction of big regulatory acts and legislations – such as the Dodd-Frank Act, which arose from the wake of the Financial Crash of 2008 – the CRO position became even more important at the C-level.

As the CRO became fully established and recognised as a vital role in the C-suite, it instigated a revolution throughout the enterprise. The CRO’s responsibilities have grown over time, with compliance officers at some banks reporting to the CRO directly, rather than to the chief legal officer (CLO) as was tradition. This had a knock-on effect on how governance, risk and compliance (GRC) programmes were implemented and managed.

Jul-Sep 2017 Issue