The CRO is responsible for assessing and mitigating significant competitive, regulatory, and technological threats to a firm's capital and earnings.
The CRO works to ensure that the firm is compliant with government regulations, such as Sarbanes–Oxley, and reviews factors that could negatively affect investments.
The role of the chief risk officer (CRO) is becoming increasingly important in financial, investment, and insurance sectors.
CROs typically have post-graduate education with over 20 years of experience in accounting, economics, legal or actuarial backgrounds.
CROs need to balance risks with financial, investment, insurance, personnel and inventory decisions to obtain an optimum level for stakeholders.
According to a study by Morgan McKinley, a successful CRO must be able to deal with complexity and ambiguity, and understand the bigger picture.
A main priority for the CRO is to ensure that the organization is in full compliance with applicable regulations and to analyze all risk related issues.
They may deal with topics regarding insurance, internal auditing, corporate investigations, fraud, and information security.
The responsibilities and requirements to become a chief risk officer vary depending on the size of the organization and the industry, however, most CROs typically have a masters-degree level of education and 10 to 20 years of business-related experience, with actuarial, accounting, economics, and legal backgrounds common.
Another important task is managing the development of new risk policies and procedures and participating in local and global discussions to enhance security processes and standards.
The increasing regulatory and legislative requirements of organizational compliance make the CRO one of the most important members of the management team.
[19] [20] Along with their extensive knowledge of the rules and regulations in finance, they usually would have held a position in the first/mid-level management up to senior executive for their past qualification in the industry.
With their quantitative background in math, finance, and accounting - making the change to risk management would be a familiar experience.
Their financial expertise will aid in creating reporting procedures that will monitor any critical risks an organization may encounter.
Chief risk officer salaries vary widely and depend on the company and status the specific CRO achieved.
However, CROs with years of effectiveness and successful developments often pass the quarter million mark annually, so there is no earnings limit.
[28] According to James Lam, the definition of ERM is a value added function can be described as the inclusive and cohesive framework for managing key risks in order to achieve business goals, mitigate unexpected earnings unpredictability, and increase firm value to reduce risk which is a variable that can cause deviation from an expected outcome.
[29] Moreover, ERM has been said to increased risk management awareness allowing for more efficient operational and strategic decision making.
[29] Thus, ERM enables senior management to identify, measure, and limit to acceptable levels the net exposures faced by the firm.
Companies that adopt an ERM approach have seen improvements in areas requiring key management decisions from capitol allocations to product development and pricing to mergers and acquisitions.
The CRO communicates the firm's risk profile to the key stakeholders such as the CEO, the board of directors, and business partners.
The chief risk officer in an ERM is responsible for knowing and gathering information over all the different aspects within an organization.
Another characteristic of the Silo approach is the continuous fighting of one crisis after another without having an integrative concept or a specific individual that can be held responsible.
Further more there is another aspect that shows a weakness of this model: Having different organizational units to address every specific risk that the first has to be segmented in the company definitely speaks for a less effective technique.
[33] Furthermore, it regulates and set standards for companies to protect shareholders and the public from accounting errors as well as generates more transparency between reporting and the markets.
Data of the risk model are often “created by finance” and their outcomes exert influence on the financial reporting, [citation needed] with the interdependencies then clear.
[citation needed][36] COSO, a Committee of Sponsoring Organizations of the Treadway Commission, uses the concept of Enterprise Risk Management for the first time.
This involves assigning different enterprise risk management roles throughout the organization, and establishing a clear hierarchy structure.
Establishing a hierarchy chart for the company's risk management roles is a critical step to ensure clear communication of the tasks and duties in the ERM process.
With the introduction of SOX, the corporate officers could be held liable for failure to produce accurate financial reports and standings in the company.