GRS
www.grs.com
GRS News
Opportunity knocks for risk professionals
Recently, risk management has hit the headlines. Heads of department who once vacillated over the necessity of employing an executive to run an ERM program, have been left in little doubt that, in the current climate, they can’t afford not to make risk management an integral part of their strategy.
Executive management have become more involved in the risk management process thanks to corporate governance, regulation and expectations of financial transparency. This has led to a greater demand for the collection and analysis of precise data.
Staying out of jail, staying off the 6 o'clock news, maintaining your customers' trust and continuing to reward your shareholders may not be the sexiest business goals – but they're at the root of why many companies are waking up to the need for strong risk-management programmes.
Most businesses want to minimise their liability and related management costs, and are betting that a good enterprise risk-management plan, integrated with a chief risk officer (CRO), will make that happen. The turmoil in the financial markets has swept risk to the top of news and boardroom agendas. There’s never been such a compelling need to strengthen control of increasingly complex and stressed risk positions. Never before has it been quite so vital to provide a more informed risk-adjusted basis for decision-making. And input from risk professionals will be essential when it comes to identifying the more limited business opportunities available within today’s economically stressed (and capital constrained) global markets. It’s the only way to ensure organisations are well placed for an eventual upturn.The need for experienced, business-savvy, risk professionals is intensifying the pressure on recruitment and retention within what is still a relatively small talent pool.
Ensuring organisations have the right people in place, both now and in the future, is essential. This goes some way to explaining why the recruitment industry regards Risk as so now.
In the 80s it was accountants and bankers who took the recruitment limelight. The early 90s was the heyday of marketer recruitment. The late 90s and the early noughties were all about techies and hedge fund managers. Now Risk is the area everyone’s talking about.One clear change to the risk landscape in the near future, is a greater presence at Board level for risk professionals. CROs long for a place at the top table, which is supported by their CEOs, yet only 12% of organisations have actually honoured this .
Boston Consulting Group surveyed the boardroom last year and the desire for banks’ risk talent to act less like internal police and more like strategic advisers was obvious. Over 50% wanted risk functions to contribute to business strategy and planning, pricing, marketing and business development. Surely, change is afoot.
EMPLOYER EXPECTATIONS OF A CRO
The number of CROs appointed to oversee enterprise risk is increasing as companies seek to address a growing range of business threats and increased regulatory pressures. A survey carried out by the Economist Intelligence Unit found that forty five per cent of companies have appointed a CRO or equivalent. Although the majority of them are concentrated in the financial services sector, research has revealed the role is set to become more commonplace in other industries. Top risk managers now play a central role in co-ordinating their firm's response to an unprecedented range of threats. CROs enable businesses to make better investment decisions, in particular by bringing a more effective approach to measuring and comparing risk and reward.
A good CRO must be able to run a risk-intelligent organisation, understand risk, and translate it into meaningful operational requirements in the form of objectives and metrics. Not only that but the CRO is an important figure who must oversee a large array of issues including regulation and compliance, capital markets, financial reporting, globalisation, intellectual capital, and information technology. A CRO will need to create reward structures that push accountability and a position on corporate liability throughout the entire company; each unit engaging in managing its own portion of the overall risk. CROs need to establish processes that identify these risks, then quantify and communicate these across the company. The CRO must also be knowledgeable in the areas of network security and data management and will collaborate with the CIO to make the proposed processes work. Put simply, CROs must be consummate multi-taskers.
WHAT SKILLS DO YOU NEED TO REACH THAT LEVEL?
Well, sixty one per cent of the respondents to the Economist survey mentioned above, believed the ability to understand broad business issues is a critical skill for an effective risk manager, compared with only thirty seven per cent who cite technical risk skills and thirty one per cent who cite a strong background in finance as key attributes for a CRO.
A successful CRO must possess a number of characteristics broader than simple risk experience, given the important role of overseeing and managing the risk portfolio of an entire company. A CRO must be able to decipher and quantify risks, as well as be able to communicate the proposal of solutions to upper management (all C-suite executives must be able to communicate with each other and according to a recent report, forty per cent of CROs now report directly to the CEO, up from twenty six per cent in 2002). The CRO must be able to provide organisational direction and balance a variety of interests and strategic demands. And, in order to help others, such as the CIO, to implement control solutions, a good CRO has to understand the administrative and operational inner-workings of the technical infrastructure. It’s a skill set that requires academic rigour, technology savvy and general business know-how.
Many educational institutions have started developing programmes to educate and certify professionals in the necessary business approaches, calculations, and technology. But theoretical knowledge and quick certification are only going to get you so far - they’re not the only requirements an individual needs to become a successful CRO. For instance actuarial skills translate well into jobs requiring financial or risk modelling and risk management and some typical risk management functions (developing risk control processes and performing risk analysis of products, strategy, and investment opportunities) require actuaries’ skills.
But recent market failings have demonstrated that even the most sophisticated models can only give part of the answer – as Einstein said ‘everything that counts cannot be counted’. While good quantitative skills are clearly important, risk teams also need to provide the qualitative sense check of an enquiring mind and a willingness to engage and challenge, which in turn requires experience and business nous. Employers emphasise that the CRO must possess an appropriate mix of technical, communication, academic, and well-rounded business skills. The International Diploma in Risk Management is a challenging post-graduate professional qualification which should provide a lot of these key skills.
The IRM International Diploma in Risk Management is a broadly based qualification for the risk management professional, developed by academics in partnership with risk practitioners. It is usually taken over a few years and completed via distance learning.As for experience, far more can be learned from bear markets than bull markets, especially in recognising the early warning signs, what can go really wrong - and pinpointing potential opportunities. While on the downside many young risk professionals may lack this experience, today’s challenging risk environment should provide an opportunity to bring the rising stars into the risk fold and give them invaluable hands-on understanding.
MUTATION OF THE TRADITIONAL RISK ROLE
The CRO is at the forefront of the growing links between risk and strategic management. Whilst providing a portfolio-wide oversight of risk - and expert counsel to the board – CROs also act as the chief ambassadors of risk in the face of ever greater scrutiny from analysts, regulators and rating agencies. These roles not only demand keen strategic awareness, but also an acute understanding of how decisions are made and executed within the organisation and the ability to ensure risk takers also play their role in effective risk management. Of course, risk is, in political argot, a very big tent and specific dream skill-sets vary from company to company. To be effective, top risk managers also need to overcome a number of obstacles depending on their industry.
Currently, forty per cent of CROs are found in the insurance / banking / financial services sector and fifty per cent are found in energy or utilities companies. The core skills vary accordingly. Integrating risk data from multiple systems and processes is the greatest challenge facing CROs in financial services companies. But by contrast, non-financial firms are more concerned about managing risk across globally dispersed operations.But uniformly, a good CRO needs to be a fine communicator, conveying risk information to business colleagues and external stakeholders in an intelligible and compelling way. To be effective, CROs also need independence, authority and the ear of the board, if not a seat within it. It is therefore surprising that so few CROs are board members. Currently only around twelve per cent of institutions have a risk professional on their board, but this is where we are starting to see the changes. Departments are re-structuring and making risk a key part of their strategy. Over the coming months and years that twelve per cent will increase dramatically. Opportunities have never been so abundant for talented risk professionals.
