What makes an ideal risk officer? Here are my thoughts on the most significant attributes.
I welcome your thoughts.
- Has a deep understanding of the business, including its:
-
- Business processes
- Products and services
- Organization and leadership, both in management and on the board
- Key people, such as the CEO, COO, CIO, CISO, General Counsel, CCO, CFO, and the heads of Strategy, Marketing, Sales, Manufacturing, major business units, and so on
- Goals and strategies, its enterprise objectives
- Executive and board compensation practices and policies
- Competitors
- Relevant laws and regulations
- Decision-making processes and its most significant decisions, both strategic and tactical
- Needs for information to enable effective decision-making
- Culture, including its decision-making culture
- Attitude towards risk-taking, and its risk capacity
- Customers
- Suppliers and supply chain
- Risks and opportunities
- Reliability of internal controls
- History of surprises
- Is dedicated to helping leadership and the organization succeed.
In other words, the risk officer is concerned less with managing a list of risks and avoiding failure, and more with taking the right level of the right risks to achieve objectives.
In other words, the officer is a partner of management and decision-makers, helping them with the information they need in…
