The role of a risk manager is to communicate the risk policies and processes of an organization. They provide the practical development of risk models that involve market, credit and operational risk, ensure that controls work effectively, and provide analytical and research support. The board of directors tends to play an active role in ERM as part of its corporate oversight. There could be a board-level committee or a board representative who is part of the business risk management team.
Deloitte's board of directors, for example, has a formal risk committee, according to Calagna. Department heads and line of business leaders better understand potential risks in their respective areas, sometimes with the help of business risk managers. Senior managers must create an environment in which risk management is accepted as the personal responsibility of all staff, service providers and contractors. Staff generally do not participate in the business risk management team, but employees can alert management to perceived risks.
Also known as the director of personnel, the CHRO is concerned with risks to the workforce and with minimizing workforce-related risks. They analyze risk from the perspective of risk and that of opportunity because, every time you do something new, it's not without risks. Senior managers are the first line of defense in combating risk and are responsible for implementing effective internal controls. The governance of risk management would always start from the top and, for that, the Board of Directors is the starting point.
Each staff member is responsible for effective risk management, including the identification of potential risks. As with any direct reporting to the CEO, the CRO must be accountable to the CEO, executive management and the board of directors to allow the institution to balance risk and reward and preserve the company's value and reputation. If the chief legal officer is part of the business risk management team, a compliance officer may not be necessary. The communications director manages communications with stakeholders and is sensitive to potential risks that affect the integrity, reputation and credibility of the company.
The position is often referred to as risk manager (CRO), risk manager, risk advisor, risk management coordinator, or similar. The strategy director or someone who represents strategy, innovation and research helps ensure that risk management is aligned with the company's strategic business objectives. The CRO chairs the ERM team and works with the organization's leaders in responding to risk and continuously improving the identification and management of risks. Although historically it has been more common in financial services companies and has focused on credit and other financial risks, the role of the CRO is expanding to other vertical sectors and is responsible for other types of risks.