Step 2: Select a Strong Leader to Drive the Enterprise Risk Management
Finding a leader to head the initial Enterprise Risk Management project is also critical for success. BOD should identify a leader with the right attributes to head the Enterprise Risk Management effort. This person does not need to be a “CRO” (Chief Risk Officer).
Often, it is best to initially use existing resources, for example the Chief Audit Executive or Chief Financial Officer, for this role to get Enterprise Risk Management started. This leader will not necessarily be the person to head Enterprise Risk Management in long term, but the person to get the initiative started and to take responsibility for moving the organization’s Enterprise Risk Management activities to the next level.
It is critical that the risk leader have sufficient stature and be at an appropriate senior management level in the organization to have a rich strategic perspective of the organization and its risks and to be viewed as a peer by other members of senior management. Embedding Enterprise Risk Management into the business fabric of the organization is necessary. Having a risk leader who can be viewed as a peer by members of senior management is vital for the success of the Enterprise Risk Management initiative.