The events of the past year have made it crystal clear that resilience is no longer a crisis-driven capability that only occasionally comes into play. Resilience needs to be a regular part of doing business. Indeed, 87% of organizations say they are investing in capabilities that will help boost resilience.
Updated technology is often at the top of the resiliency wish-list. And that’s not surprising given the fact that so many organizations struggled to get reliable risk intelligence amidst the pandemic’s rapidly changing conditions. With no time to gather siloed data and people, action became nothing more than a shot in the dark. No one wants a repeat of that.
To be sure, technology that delivers a holistic, 360-degree view of risk is essential for an agile response. But why stop there? Organizations that are really serious about improving the resiliency of their risk management programs are amping up the power of technology with a secret weapon of the human sort – a chief risk officer.
Your Risk Champion
A CRO is your risk champion, the point person in charge of the processes, technology, and structure to tie all the pieces together into a cohesive risk story. Investing in a CRO can spur innovation in risk analysis and response – and it can elevate the status of risk management both inside and outside your organization. A CRO also has the ability to cut through the red tape and eliminate bottlenecks that often stand in the way getting you what you need – that is, fast, reliable risk information on which to base decisions.
Here are four specific ways a CRO can boost resilience:
1. Offer a holistic view of risk across the organization. The pandemic has been a wake-up call that not all risks are insurable. Third-party risk, IT risk, HR risk, compliance risk, and more are all critical to an organization’s ability to survive extreme events. A CRO takes a holistic view of all types of risk – insurable and noninsurable risks – and is attuned to the strategic impacts, both individually and collectively.
2. Speed up response time. The cost of reacting too slowly or ineffectively multiplies by the second. Getting facts quickly – and using those facts to inform your response strategy – is essential for a successful outcome. A CRO can break down silos between departments and be a uniting force for the consistency, communication, and collaboration needed to pivot quickly.
3. Provide strategic guidance to the C-suite. Leadership has a newfound appreciation for the discipline of risk management and is – finally – ready to welcome representation to the strategy table. A CRO can offer strategic guidance on high-impact risks and how to handle upstream and downstream consequences. Elevating risk to a “chief” role also signals the importance of risk awareness to the organization.
4. Instill a risk mindset throughout the organization. In resilient organizations, the business of managing risk is everyone’s job. More eyes and ears on the lookout for emerging risks means you are more likely to detect small changes before they escalate into significant threats. And the smaller the bumps in the road are, the faster you can bounce back. A CRO is a visible presence to keep risk a top-of-mind activity at all levels and functions throughout the organization.
What to Look for in a CRO
A chief risk officer needs the acumen to assess everything from claims to supply chains, maintain numerous relationships inside and outside the organization, understand a balance sheet, and be able to articulate which risks are worth taking, which are not, and why – all while answering to government regulators and investors.
While risk managers can be very effective risk champions, a CRO has the advantage of being able to take a step back from day-to-day risk management administration and think more broadly about the cascading effects of risk across the organization – which is one of the fastest ways to resiliency.
Resilience is about being prepared for future disruptions – as well as for new opportunities. Integrated risk management technology can arm you with information to strengthen your resilience to match the speed and scale of current threats. And that intelligence is even more powerful when you give it a voice by formalizing the role of chief risk officer.