Following the keynote address was a panel discussion: The New Role of the CRO: Empowered, Equipped and Engaged.

I had to duck out for a meeting, so I could only catch the gist of two of the panelists' remarks. Here are some quick notes:

Three panelists participated in the discussion:

Anthony Santomero – Senior Advisor to McKinsey, Board of Citigroup and Citibank NA
Jacob Rosengarten – Executive VP, Prez and Chief Enterprise Risk Officer at XL Capital
William Martin – Chief Risk Officer of Commonfund, Chairman of GARP Board of Trustees

Santomero: from Board member’s perspective, he has been watching the evolution of the role of the CRO with interest. At McKinsey, 4 different roles are ascribed to CROs:

1. Risk organization; the CRO is organizer of a decentralized risk system (an orchestrator, if you will).
   
2. CRO is aggregator of risk (reporting function with standards, metrics).
   
3. Empowered advisor – sets risk appetites and policies.
   
4. Clearinghouse of risks, and thereby an owner of risk, that also reports to the Board.

The above are not four choices. They are roles of active participation within a company.

Rosengarten: The role of the CRO is not to just say No, but also to elaborate as to why the businesses you are involved in make sense. And of course, if they don’t make sense, why not? The roles of risk managers at successful organizations involve constructing debate and encouraging discussion. Risk managers should be involved in strategic planning and mitigation schemes, directly involved with the Board. Boards are more fluent in financial matters than risk managers, which is ironic because “risk produces returns.”

In short, risk planning, budgeting, and monitoring processes must be brought to the Board by the CRO.

*

Apologies for the brevity here, but just in these couple of paragraphs some interesting perspectives on the relationship of the CRO to the Board come to light.

Up next: lunch!

Posted by Shaun Randol at 10:14 AM