Читать книгу Implementing Enterprise Risk Management - Lam James - Страница 13

With ERM's role increasing within organizations and across industries, the roles of the board and upper management have to adapt. Certainly, the CRO bears the brunt of this change, but the CEO, CFO, and board of directors all find that ERM is taking a more prominent position in their priorities. Here's how these parties will increasingly work together as ERM becomes embedded in corporate culture.

The CRO carries the central responsibility of ensuring that each gear in the ERM process is meshed and moving properly. He or she develops the risk appetite statement (RAS) in collaboration with the CEO and the CFO to ensure that it complies with regulations, current markets, and the organization's business strategy and objectives. The CRO monitors the risk climate, ensures compliance with regulations, sees that the firm operates within its risk appetite, and keeps the CEO and the board of directors well informed through established reporting processes.12

The CEO in turn sets “the tone from the top” in words and actions. He or she sets the appropriate business and risk management objectives, holds organizational leaders accountable for their decisions and actions, and ensures that a strong risk culture is in place. The CFO is responsible for incorporating the RAS into financial decision making, including investment, funding, and hedging strategies. If risk exposures exceed the RAS, the CFO, along with the CRO, must take mitigating action and bring it to the attention of the CEO and board.

Finally, the board of directors provides risk governance, independent oversight, and credible challenge. It reviews the RAS for compatibility with the organization's goals, approves it, and holds senior management accountable for its implementation. The board monitors the business plans against the RAS to check if they are aligned. The board also provides oversight of key business, regulatory, and reputational risk issues, as well as monitors the organization's ERM effectiveness and risk culture.

As we've seen, ERM is providing value for a large number of corporations despite its current challenges. But it is my view that we're really just beginning to see how much value ERM can offer. In less than a decade, risk management has risen to the top of corporate agendas for senior management and the board across all industry sectors. What form are these efforts taking? This question will be the focus of the next chapter, in which we'll take a deeper look at the economic, financial, and cultural drivers that are changing the face of enterprise risk management.