Business leaders are consumed with generating growth and creating long-term value. Many of them also understand risk is a significant part of value creation. Given this, you’d expect chief risk officers (CROs) to be intimately involved with shaping strategy at the board level—but many times, they aren’t. Much of this disconnect relates to how organizations have traditionally managed risk.
The flip side of threat
Historically, corporate risk management has been about avoiding or mitigating threats from things like economic upheaval, cyber security attacks, and negative publicity. In other words, risk avoidance is viewed as a way to preserve business value.
Too often, it ends there.
Risk awareness is necessary to stay on the right side of industry trends.
Consider the technology disruption happening across the economy. E-commerce, for example, has completely transformed consumer experiences along with the ecosystems in which brands and retailers operate. Connected cars and autonomous vehicles are poised to have a similar effect across a swath of business sectors, from logistics to insurance.
Is there threat amidst all this disruption? Sure. But there’s opportunity as well. They are two sides of the same risk coin. In this context, risk management is about recognizing and capitalizing on risks before they become threats as well as having the information needed to take strategic, calculated risks.
The CRO’s role
CROs have traditionally focused on threats rather than opportunities partly because of how the position has evolved. In many companies, the CRO role is part-time. Risk management is folded into the duties of another position, relegating it to a check-the-box activity that stands in the way of more strategic work. The impact of this is evident in results from a recent Deloitte survey, which indicate that 87 percent of company executives believe risk management should drive value creation, yet only 18 percent actively harness risk to drive returns.
A visionary take is for CROs to become both strategic leaders and stewards of change.
In that role, CROs collaborate with strategy officers as part of the executive management team. They also become more involved with matters of business conduct — the human element of risk — but the shift is happening slowly.
Viewing risk through a new lens
Recognizing that risk management is often an under-utilized function, leading companies are reassessing what it means to be a CRO. Threat avoidance is still important. Now, though, CROs must bring a risk-intelligent lens to the pursuit of opportunity. They must be proactive and help shape the organization’s strategy rather than merely being reactive.
In this expanded role, modern CROs will need to offer a lot: vigilance, resilience, marketplace insight, and advanced thinking. Why not forge a closer, more direct relationship between the CRO, CEO, and board? The board is supposed to be where diverse people come together to understand the marketplace and the effects of disruption.
Injecting a risk-oriented perspective can enhance those efforts and help optimize companies for the future.
It’s time to lift risk management from an ancillary function to a strategic lever of change and value creation — a force for leading companies forward, navigating complex and ever-changing landscapes, and identifying disruptive opportunities for growth and value creation.