The Institute of Risk Management (IRM) recently reported on a shortage of candidates taking up senior level positions within Risk Management. It subsequently urged organisations to implement professional development schemes and succession plans in order to ‘nurture sufficient talent for the future’ and ensure a healthy pipeline.
However, growing talent from within, if a framework is not in place, may not always be a practical solution. A recent survey from Gallagher Insurance questioned 250 UK business leaders and found that only one in five companies had a CRO, a surprisingly low number.
Instead, the research found that business leaders and CEOs were more likely to take on the responsibility for identifying existing and emerging risks, despite many having limited knowledge or experience within Risk Management. This ultimately leaves businesses in a position where they could be exposed to potentially devastating commercial and operational risks.
The shortage stems from the notion that Risk Management is generally considered to be a less established profession compared to the likes of Law and Accountancy, having traditionally been regarded as a technical ‘backroom’ function up until the 1990s. Today, however, it is an area that businesses cannot afford to live without, with CROs being among the most senior appointments made across organisations.
Despite this, Risk careers do not always appeal, with some people feeling that there is often a stronger focus on Compliance within Risk Management rather than on the overall business strategy. Businesses may therefore look to appoint someone with transferable skills, such as a high-level Compliance background but, in our view, the skills of a CRO are now needed more than ever with the landscape having changed significantly over the past decade. Rapid financial, political, regulatory, governance and technological changes are driving a fast-changing business arena.
That said, new risks are emerging and digital developments are presenting increasingly complex and unpredictable challenges to UK businesses. Human resources and recruitment practices have been working quickly to solve these problems. However, many organisations simply do not have the specialist knowledge to identify what these emerging risks could mean for their business.
It is not simply about identifying risks facing the business. A key part of what a Risk specialist will do is clarify the issues that should be prioritised. All businesses deal with risks on a regular basis, but it is vital to know which ones could positively or negatively impact them.
A lack of robust Risk Management and identification can greatly undermine the achievement of strategic goals, and with the current lack of Risk Management skills in many businesses, it raises questions about the capacity of some of the UK’s senior leaders to take a strategic view.
The research from Gallagher showed, for example, that 75% of business leaders saw loss of reputation as a growing risk to their companies. However, without a CRO’s leadership, they may well be unable to see how these risks sit within the business, how to mitigate them, as well as put in place corrective actions should such incidents occur.
This coupled with the power of social media and rising cyber threats, puts many firms in a vulnerable position. Other future risks include workforce shortages, climate change and emerging technologies. All of these are areas which can only be mitigated with clear strategic planning.
As a result of these findings, the IRM has released new guidance on hiring for the most senior Risk positions. It is also introducing a new advisory service to provide candidate assessment support for organisations around the world seeking to make top level Risk appointments.
The guidance is based on theIRM’s professional standards and is aimed at organisations of all types seeking to recruit a CRO, whether it is their first, or to make other senior Risk appointments. A CRO is the most senior executive in an organisation, with responsibility and accountability for Risk Management, whatever their actual job title. In some sectors, particularly Financial Services, the role of CRO is stipulated by regulation. Other organisations have come to see the merits of such an appointment as part of a process of maturing their Risk Management, ensuring it adds value to the business as we so often observe on a daily basis.
To produce itsguide, the IRM has worked with hiring experts to combine an understanding of Risk Management expertise with advice on how to go about a modern and effective recruitment process.
The document includes advice on understanding the context of the CRO appointment, identifying key skills and attributes and the recruitment process and how to assess candidates.
Socrates Coudounaris, Chair of the IRM, said: “Effective risk leadership is an essential component of a healthy Risk culture. Corporate governance codes around the world have underlined that you must have the right people and resources in place. Organisations face new risks and opportunities associated with digital disruption, geo-political and economic volatility, environmental responsibilities and social change.
“Ultimately, the responsibility for Risk Management rests with the board, but that board needs to have confidence that they are delegating day-to-day responsibility to a suitably competent person, who will also be responsible for giving them the highest quality advice to support risk based decision making. Risk Management is changing fast and CROs must be up to the challenge. We are delighted to be able to offer practical guidance and advice to aid in the recruitment process – especially given the importance of this role.”
The guide offers clear advice around steps to hiring a great CRO, including points around understanding the role, the interview process, psychometric testing, candidate assessment and on-boarding. It also provides comprehensive examples around the key competencies for a CEO, how to understand exactly what the role entails and what organisations should consider when hiring, along with a helpful search process checklist.
At MERJE, we have certainly observed a significant increase in the demand for organisations to bring in high calibre CROs. The challenge is finding people with the breadth of experience required to fulfil this board level role and then striking the balance between their technical skill-sets and enabling the commercial aims of the business to flourish.
Given our considerable expertise in Risk Management, we have a credible track record of completing CRO assignments, the most recent examples having been in Banking, Insurance and Motor Finance. To discuss how we can support your business in sourcing a CRO, please do not hesitate to contact us.