Risk management responsibilities
263
procedures by which the required risk management outcomes for the organization 
are achieved.
Historically, the insurance risk manager has probably not been involved in the 
strategic management and development of the organization. The broader role now 
required of a risk manager should lead to a greater involvement in project manage-
ment and strategy formulation and delivery. The risk manager who enjoys a broad 
range of responsibilities will have a very challenging role within the organization.
It will be a role that enables the risk manager to obtain a better level of understand-
ing and involvement than most other roles or functions achieve.
Perhaps, the title ‘risk manager’ has too many historical connections for it to be 
used as an appropriate description of what is now required. There is a need to find
a new title and re-define the role of risk management at the same time. The develop-
ing importance of organizational resilience may offer an opportunity for the risk 
manager to develop into the ‘risk and resilience manager’ and fulfil a much broader 
role that is designed to be more aligned with the success of the organization.
Many organizations in the finance and energy sectors have identified the benefits 
of bringing the management of credit, market and operational risks together. It has 
been the case for some time in the finance sector that risk management has been 
separate from the purchase of insurance. The development of the role of chief risk 
officer (CRO) reporting directly to the CEO reflects this fact.
Given that one of the key principles of risk management is that the approach
to risk should be proportionate to the level of risk faced by the organization, it is
unlikely that the majority of organizations will need to appoint someone of the
seniority of a CRO. Nevertheless, organizations should, when reviewing their risk 
architecture, decide the appropriate range of responsibilities and level of seniority
of the risk manager.
The introduction of the job title ‘chief risk officer’ is not universal, but it is becoming 
common in the specialist finance and energy sectors. The box below provides an 
overview of the developing role of the chief risk officer. For organizations where it
is proportionate for a CRO to be appointed, the contribution that can be made by 
that individual will be substantial.
As champion of the ERM process, the CRO plays a key part in bringing together disparate risk 
management processes to ensure that limited company resources are applied effectively. 
The COSO ERM Framework defines the role of the CRO as working with other managers to 
establish effective risk management, monitoring progress, and assisting other managers in 
reporting relevant risk information up, down and across the organization.
Internal auditors should work with the CRO as part of their risk management duties.
In this role, internal auditors are responsible for evaluating the accuracy of ERM reporting 
and providing independent and value-added recommendations to management about its
ERM approach. The IIA International Standards specify that the scope of internal auditing 
should include evaluating the reliability of reporting effectiveness, efficiency of operations 
and compliance with laws and regulations.
role of the chief risk officer

Download 3.45 Mb.

Do'stlaringiz bilan baham: