Earlier in the year, the concept of the chief green officer piqued my interest and we had quite a conversation about whether yet another executive was really necessary. The general consensus among readers was no -- unless yours is a younger company and you're trying to get everyone on board with a focused "going green" effort.
Today I'd like to present another executive position for your consideration. In this piece at IT Compliance Institute, Matthew Schwartz suggests that a chief risk officer (CRO) is emerging as governance and compliance initiatives converge into corporate risk management.
Schwartz says creation of CRO positions is driven by the need to "coordinate companies' responses" to multiple regulations (Sarbanes-Oxley, Basel II, HIPAA, just to name a few), address IT risks, and manage interactions with rating agencies like the New York Stock Exchange and Standard and Poor's. He says:
The successful CRO, then, looks beyond just credit risks and IT threats. Instead, he or she must gather from each business unit -- while accounting for inherent biases -- an understanding of the risks each group faces; prioritize the threat posed by every risk and understand how individual risks might interrelate to cause even more damage; and then manage the overall, enterprisewide response to mitigating those risks.
To those who say another C-level executive is overkill, an expert quoted in the story says this:
The challenge, of course, is the right degree of coordination and cooperation among individuals. The chief risk officer should be sitting above it all, and have the broadest perspective, so all these other positions feed in information to the chief risk officer.
So what do you think? What can a CRO do that a chief compliance officer (CCO) or another (already existing) executive can't either do or delegate to senior managers? Is CRO just a different title for the position that has been called the CCO, or is a separate C-suite position necessary?