MetricStream’s COO, Gaurav Kapoor, discusses how the Chief Risk Officer’s role is changing; CROs are finding themselves increasingly focused on enabling growth while simultaneously ensuring stability.
It’s a global trend: Consumers and investors are demanding better standards of corporate governance and integrity. This trend has effectively shifted the focus of the Chief Risk Officer (CRO) from traditional risk areas, such as financial risk, to conduct risk, reputational risk and ethical risks. Additionally, emerging technologies, such as artificial intelligence and machine learning, have introduced new concerns around data security and privacy.
In order to best address these nuanced challenges, CROs have a multifaceted role; they must help the organization protect its integrity and reputation while also maximizing business performance. A tricky balancing act, CROs are now required to not only provide credible challenges to the business, but also to encourage profit and growth.
Here are four key priorities that are becoming increasingly important to CRO success:
1. Fostering Innovation
According to PwC’s 2018 Risk in Review study, “adapters” – organizations with risk management programs that effectively manage innovation-related risk – were almost twice as likely as their peers to say that their risk management function helps boost the odds of success or reduce the odds of failure across the business.
Fierce competition and the aforementioned rapidly changing consumer demands are forcing organizations to innovate quickly and at scale. There is limited room for error, so organizations must be decisive in their pursuits of innovation in order to gain competitive advantages.
To succeed, they need to understand the risks and uncertainties involved and take enough precautions to avoid undesirable outcomes. This is where the CRO has a pivotal responsibility focused on enabling organizations to make better, faster choices – for instance, avoiding launching a new product in a market that isn’t ready. By helping stakeholders understand such risks and capitalize on the right opportunities at the right time, CROs can be strong enablers of innovation.
2. Boosting Cyber Resilience
The CRO’s position can be seen as the protector and gatekeeper of the digital universe where digital data volumes have continued to grow, and with them, the scope of cyberattacks has increased. Today, a single data breach can strike at the very heart of the business, impacting financial gains, investor confidence, regulatory credibility and legal liability.
While Chief Information Officers (CIOs) and Chief Information Security Officers (CISOs) may oversee the mitigation of cyber risks, it is the CRO who is ultimately responsible for the overall risk management strategy. The CRO has a broad view of risks across the organization and can effectively understand how a data security risk can amplify or influence the impact of other enterprise risks, be they reputational risks, compliance risks or financial risks. The CRO is also uniquely positioned to effectively bring together stakeholders and provide the executive team and board with a big-picture view of how cybersecurity risks impact the enterprise at every level.
3. Prioritizing Technology
The CRO’s priorities boil down to one key goal: ensuring that stakeholders, executive management and the board have the risk intelligence they need – when they need it – to make informed business decisions.
Today, tools are being developed to sift through data in near real time. Artificial intelligence and natural language processing are beginning to open up new ways of analyzing information to predict risks like potential fraud and to detect cybersecurity incidents before they occur.
CROs also have access to risk management systems and tools that that can help them automate multiple risk management processes and collaborate with stakeholders in other GRC functions to share and reuse risk information. CROs can seamlessly understand how risks interact with and influence each other and the controls that are in place to mitigate those risks – as well as the associated policies, procedures, control tests, issues, and business units – with the use of technology.
4. Safeguarding the Customer Experience
Social media has given consumers a platform to freely speak up on issues related to their customer experience, such as poor service or dissatisfaction with a product. Because of this unprecedented amplification, a customer’s feedback – ranging from a video of a mistreatment at a coffee shop to an image of falsely advertised food – can quickly impact an organization’s brand value, reputation and customer loyalty.
CROs play a key part in mitigating these conduct-related risks by driving a corporate culture based on integrity and trust – one that puts customers at the core of the business and holds stakeholders accountable for their actions.
As organizational risk continues to grow increasingly complex and intertwined with various facets of the business, CROs are poised to continue playing a critical role in the company’s health. They act as the guardrails of an organization, allowing the business to go faster, without losing its balance or veering off the track.
Ensuring organizational integrity and success while simultaneously mitigating risk is no easy feat, but it’s one that can be accomplished by innovative CROs capable of effectively juggling the two goals.