Running the Risk: What it Takes to be a Chief Risk Officer (CRO)
By Samantha Beavers
In a market fraught with geopolitical conflict, inflation and supply chain bottlenecks, businesses depend on risk professionals to strengthen their resilience in uncertain times. And whether it’s protecting the organization’s reputation after an onslaught of customer complaints about price increases, or navigating disruptions due to semiconductor shortages, an organization relies on the leadership of its Chief Risk Officer (CRO) to weather the storms.
Charged with identifying and monitoring the organization’s major risks and overseeing the company’s risk culture, the CRO plays a critical function in keeping operations running and ultimately keeping the business afloat. Accordingly, CROs must be skilled in weighing the potential impacts of these risks, which means they must have a depth of knowledge of the business and industry – understanding where the money comes in, where the risks are located and how to steer the business forward.
For that reason, several pathways to the role exist. Many CROs come in with a strong background in finance, while others move into the role after climbing the ladder in operations or marketing. However they attain it, though, this knowledge base is indispensable.
Beyond extensive knowledge of the industry, what other skills and characteristics should leaders bring to the CRO role? A few key characteristics stand out.
In addition to spotting trouble on the horizon, CROs must also understand the organization’s various risk appetites and be able to identify its potential opportunities. In this way, CROs can help businesses take strategic risks to drive competitive advantages.
And the way to do that? Possessing a constant curiosity. What makes the business unique? What risks can it take on that its competitors can’t? What does the data say? Only by digging deep and asking the right questions can leaders attain the level of knowledge needed to provide unique insights and make timely decisions.
The best CROs, then, possess a certain degree of skepticism. Never taking things at face value or assuming they understand something at first blush, they think critically and consider a problem from multiple angles and perspectives. And never content with the status quo, they challenge it.
Ultimately, CROs aren’t merely problem-spotters – but problem-solvers. And though they don’t own all of the risk, they are responsible for helping businesses achieve their goals by monitoring the risk and providing strategic guidance to senior officers and risk management teams.
This has a few key implications. First, they have to think beyond finance and compliant-related risks to consider things like market share and reputation. Additionally, they must be proactive and future-focused. And most importantly, they must keep the organization’s strategic priorities at the helm.
And because the market is always evolving, the CRO role is too. Accordingly, CROs don’t follow a set of rules or a cut-and-dried process. Rather, the role requires leaders to apply a strategic mindset to an ever-changing business landscape.
Beyond thinking and strategizing, CROs are also tasked with communicating – and should be comfortable speaking with both leaders at the top and employees on the front lines. By communicating regularly with various leaders and listening closely, CROs can better identify risks on the horizon and understand their potential impact on the organization.
For this reason, CROs should focus on building trust throughout the organization and becoming a leader that others are willing to approach. On the flip side, they should also be ready and willing to turn to others to access the data and information they need.
And at the end of the day, CROs should be strong storytellers – able to advise and inform senior leaders and boards of directors using the information at their disposal.
Interested in a career as a CRO or a similar role in risk management? Learn more about our online Master of Management, Risk and Analytics concentration.
This post was originally published in Master of Management Risk & Analytics.