One of the problems with many risk management functions, as I see it, is their reporting structure.
Many (including regulators) see the ideal as reporting directly to the board or a committee of the board. That sets them up as separate and independent of the management team, creating the perception if not the reality that they have a different agenda: preventing management from taking too much risk (whatever that means) rather than helping them take the right risks for success.
If risk officers are seen as standing in the way of innovation and performance, let alone agility in decision-making, why should we expect executives to welcome them into their house?
XX
The second preferred option for many is to report directly to the CEO.
Does the CEO understand how risk management can help him or her and their team succeed? Or are they under pressure from the board and others to, again, see risk management as helping to avoid failure?
Focusing on avoiding failure inevitably leads to failure.
In addition, the CEO is probably the busiest person in the organisation, and it is not easy to get their time let alone their attention.
In fact, even when the CRO does report to the CEO, he or she is usually not seen as a member of the top executive team and is rarely included in meetings of the elite group that runs the…
