Skip the navigation
Storage: Cheap & Secure Data Stores

Skills: Chief Risk Officer

The chief risk officer takes a bird's-eye view of all enterprise risk.


Sign up to receive Computerworld newsletters on your favorite technology topics


April 17, 2006 (Computerworld) -- Risk is a fact of life these days. Financial services organizations have always grappled with credit- and market-related risk as an integral part of doing business. But today, the far-reaching threat of operational risks arising from potential breakdowns in internal controls and corporate governance -- breakdowns that could compromise business -- span vertical industries and business functions, including IT.

With risk playing a role in many IT-related endeavors, such as data and physical security efforts and privacy and regulatory compliance initiatives, who keeps track?

Enter the chief risk officer, who acts as an organization's linchpin for enterprise risk management (ERM), including IT and data security. CROs are fast becoming familiar faces among C-level executives at large organizations. According to Forrester Research Inc. in Cambridge, Mass., the executive ranks of any company that has revenue of at least $1 billion and can be classified as "critical infrastructure" -- such as financial institutions, energy companies and health care providers -- are likely to include a CRO. By next year, three quarters of large, critical infrastructure organizations will have a formal ERM office with a CRO or equivalent role, according to Forrester.

After its early emphasis in financial services, ERM has played an increasingly crucial part in business planning across industries during the past several years. Its widespread acceptance was spurred in part by regulations such as the Sarbanes-Oxley Act for accounting oversight and Basel II for measurement of international banking capital. As different types of operational risk also get included under the ERM umbrella, the CRO's job is to eliminate the "fragmented" approach to managing risk, according to Forrester. With government regulations and the rise of corporate governance policies addressing enterprisewide risk, Forrester and other analyst firms have hammered on the importance of having a single point person in place to oversee its management.

"With the fragmented, siloed approach to risk management, there is no one watching risk across the organization," Forrester analyst Michael Rasmussen wrote in a December 2004 report on ERM trends. "In today's complex business world, one weak spot can impact the entire business. Without a framework to work within, and someone in charge of risk management, organizations are running in the dark."

An Expanding Role

One key to success for CROs is the ability to see the range of risk variations that can crop up across the enterprise. At The PMI Group Inc., a mortgage insurance company in Walnut Creek, Calif., the CRO position was created in 2003 to monitor international credit-risk operations. But the position's description has since been expanded to encompass risk throughout the company, including strategic, operational, external, financial, IT and security (both data and physical) operations.

1 | 2 | NEXT  

Print this Story Send Us Feedback E-mail this Story Digg! Digg this Story Slashdot this Story

Special Reports

HP's new lifeline for OpenVMS gets a thanks from users
Judge approves Apple e-books price-fixing settlement
Panasonic to help Tesla build battery 'Gigafactory'
More top stories...
15 great apps for Android Wear
25 useful, free tools for every Windows desktop
Google offloads mystery barge to marine company

Ads by TechWords

See your link here

IT Jobs
Hot Topics
Special Report Topics
All Zones
The SAS Zone
Software Resource Center
Mobile Security
Disaster Recovery & Cost Savings
Strategic Content Management
Business Analytics Zone