Newsletters Welcome, Guest Log In | Register
Knowledge Network :

Discussions

Join the Community

Exchange

Get full access to our community's expertise and resources.

Register Now >

What's New

Hosted by JohnStorts

Updates and news from the Knowledge Network

E-Mail Usage Policies Reduce Spam, Increase Meaningful Communication
 
Visualizing Virtualization: Is It Right for Your Company?
 
Knowledge Network Tools Make Learning About, Upgrading to Windows 7 Easier
 

Top Contributors

View all participants

Popular Tags

View all

This Question is Possibly Answered

1 "correct" answer available (4 pts) 1 "helpful" answer available (2 pts)

The evolving role of CRO

4 Replies Last post: Mar 17, 2009 9:57 AM by Ralph DeFrangesco  
ManishPal-1680074  
ManishPal-1680074
2 posts since
Mar 7, 2009
Reply

Dec 16, 2009 2:02 PM

The evolving role of CRO

From a risk cop to a decision maker - the CRO (Chief Risk Officer) is being tasked with additional responsibilities. I need your opinion and feedback on who are the likely candidates for this position? Traditionally CRO is an offshoot from the Finace/Accounts dept with legal background.

 

In light of the current global economic scenario is it time that the CISO (Chief Information Security Officer) get re-branded as CRO? The CISO amongst the enitre lot of C-level executives has a holisitc view of the risk that a business is exposed to, thereby making an ideal candidate.

Tags: executive_suite, workforce_management, risk_management
Lora Bentley  
Lora Bentley
15 posts since
Oct 3, 2008
1. Mar 12, 2009 10:04 AM in response to: ManishPal-1680074
Re: The evolving role of CRO

I wrote on the CRO role recently, you can check it out here. From what I've seen and heard, the finance/legal combination is still a good place to start.

 

As for the CISO part of the question, I'll defer to our security contributor.

Report Abuse
Ralph DeFrangesco  
Ralph DeFrangesco
54 posts since
Oct 3, 2008
2. Mar 15, 2009 9:05 PM in response to: ManishPal-1680074
Re: The evolving role of CRO

Lets define the role of the CRO. In my experience this person assess the companies risk structure, looks at improving operational efficiencies, evaluates longterm strategic and operational financial plans in regards to risk, oversees financial models for risk analysis, risk measurement, simulation and stress testing, performs risk analysis on the balance sheet and income statement.

 

This description is certainly not a CISO. In my opinion, the CRO should be filled from within the financial organization. Keep in mind that there is no one-size-fits-all solution here. In smaller organizations, the CFO does double duty. In larger organizations, there might be a dedicated CRO position.

 

Hope this helps,

-Ralph

Report Abuse
ManishPal-1680074  
ManishPal-1680074
2 posts since
Mar 7, 2009
3. Mar 16, 2009 2:22 AM in response to: Ralph DeFrangesco
Re: The evolving role of CRO

Hi Ralph.... your description fits more of what duties the CFO performs. While there not an iota of doubt in the ability of the CFO to address risk, the risk he addresses and the ones you mentioned are domain specific . Its also called “silo state” thinking.

One key to success for CRO’s is the ability to see the range of risk variations that can crop up across the enterprise. The CRO’s area of responsibility has steadily expanded to encompass risk throughout the company, including strategic, operational, external, financial, IT and security (both data and physical) operations. The ability to see the big picture is key for the CRO.

 

One person who has steadily evolved (in many companies) as an important entity and addresses information security related risks. He/she works closely with all business units to understand the nature of their activities to address the emerging business-unit specific information risk; and is hence has the opportunity to get an enterprise view of the various risks that an organisation has to identify and mitigate. By virtue of the job description, the CISO has the ability to see the big picture and can logically connect these risks, like sort of connecting the dots!

Ilook forward to your views on my opinion.

Report Abuse
Ralph DeFrangesco  
Ralph DeFrangesco
54 posts since
Oct 3, 2008
4. Mar 17, 2009 9:57 AM in response to: ManishPal-1680074
Re: The evolving role of CRO

Manish,

 

First, thank you for taking the time to write such a lengthly response. We typically just get short replys. As I said, in my experience the CRO does come from the financial organization so that's why it looks financially oriented to you. The CFO has a different job altogether and we won't go into that here.

 

That being said, I think we are comparing apples with oranges. If you are looking at just IT assets, then yes the CISO is your person. However, today we can not just afford to look at just IT assets. We have the business to worry about, credit risks, the physical assets, clients, stakeholders and employees. I don't want to generalize this about all CISO's but lets face it, their training is in IT, not business. You can open any IT publication today and find articles where they berate CIO's for not having a thorough understanding of business. So if our CIO's are not business savvy, what makes us think that CISO's are more savvy? What training do they get to make them understand business risks? Again, I am not saying that all CISO's are not business savvy, but I think they are better off in the area they play best in and that's IT risk. Because of this, I still feel that someone from the financial organization is better able to understand risks as they relate to the whole organization.

 

MY2cents,

-Ralph

Report Abuse

Premium Tools

Browse

Disaster Recovery & Business Continuity Template Pack

Prepare your company for any type of disaster you can envision and those you cannot. Immediately download this comprehensive set of templates and tools for documenting your business contingency plans.

Learn more >

All About Reducing Your IT Costs

Looking to cut costs? Use this research-driven Excel tool to pinpoint which IT cost reduction measures best fit your needs.

Learn more >

Hot Topics

Browse

Resource Centers

Browse

Enterprise Manager

Tools, best practices and expert advice on managing your enterprise IT infrastructure, databases, and Web service components.

Featured Whitepapers

Enterprise Management Flyover

Data Center Management

Indispensable technologies and best practices to maintain your organization's most valuable asset.

Featured Whitepapers

Management Strategy for Network-Critical Physical Infrastructure

Network Optimization

Network management tools and tips to increase network speed and efficiency, regardless of office location.

Featured Whitepapers

Extreme Savings: Cutting Costs with WAN Optimization

Service Oriented Architecture (SOA)

Service-Oriented Architecture is the catalyst that allows today’s companies to respond to business demands faster and more effectively than ever.

Featured Whitepapers

SOA Strategy: A Comprehensive Yet Flexible Suite for a Pervasive Architecture

White Papers, Events, and Resources

Maximizing the Return on Enterprise Mobility

This executive report assesses the current state of mobility management, explores the key ingredients of an effective mobility management plan, and suggests a path forward to maximize enterprise mobility.

Seven Ways to Gain Control of SAP Licensing

This white paper describes seven methods through which SAP® Basis and Procurement management teams can more efficiently manage the lifecycle of their SAP Business Suite licenses and make more informed software planning and purchasing decisions.