Author: Salvatore Corradi – FM Chairman
The CRO, Chief Risk Officer, is a professional figure that has spread since the economic crisis of 2008, when regulators began to demand more transparency and accountability to businesses regarding risk management. The CRO is part of this context with the establishment of ERM, Enterprise Risk Management, and with the task of integrated risk management in direct collaboration with the CEO and the CFO.
It is a specialist that combines a deep knowledge of business with technical experience and the use of tools for risk management, such as analysis, reduction and risk transfer models. For this role, it is necessary to have excellent communication and relational skills, as it is of great importance to acquire a general vision of the business problems, assuming a role similar to a consultant.
The Chief Risk Officer is a C-level executive whose main task is to identify, evaluate and mitigate the risks that may represent a threat of an internal or external nature to the company (see also “White Hats and Ethical Hacking for Companies’ Security“).
The role and position of the CRO changes according to the size and needs of the business. Based on these claims, such a profile may face financial, strategic, liability or reputation risks.
In addition to these tasks, the Chief Risk Manager searches for potential threats within all departments of the company, for integrated and no longer separate risk management. Strategically thinking about what could be the threats, the CRO optimizes risk systems by reducing their potential damage and thus avoiding a loss of profits and productivity.
Its role has evolved over time, due to the fact that, as a result of the technological revolution, Risk Management has acquired more complexity, requiring, as a result, an improvement of the digital skills.
This new type of knowledge must be integrated with the traditional tasks of the CRO, who will need a specialization in cyber security to ensure data protection.
In order to reduce corporate exposure to digital risk, the Chief Risk Officer must understand software vulnerabilities, to prevent possible attacks from hackers or other internal or external threats.
In the next years, the CRO will have to face the digital transformation with agility, being always updated on the possible risks and on the cyber topics, thus becoming an e-CRO able to evaluate at full-access the traditional and the digital business risks to effectively protect the company.