Skip to content

Leading from the front: How to get people on side as a CRO.

The role of Chief Risk Officer (CRO) brings challenges and responsibilities that can seem daunting, whether you're new to the position or an experienced professional looking to refresh your approach. You’re looking to build a risk management machine that operates efficiently across all levels of your organisation – but you can’t do that without getting the individuals in the organisation onside.

This article looks at three critical areas of people management which you need to pursue to build a robust risk management environment:

  • Building an effective risk management team
  • Fostering engagement with key stakeholders
  • Collaborating effectively with Line 1 teams.

For new CROs, understanding how to structure your team, engage with stakeholders, and integrate operations with frontline teams are essential steps in establishing your risk management framework. For experienced professionals, revisiting these foundational strategies can enhance your existing practices.

Download Protecht’s 90-Day Operational Risk Checklist for New Chief Risk Officers today and start transforming the way your organisation perceives and handles risk:

Download checklist

Building an effective risk management team

One of your first and most crucial tasks as a new CRO is to build and manage an effective risk management team.

The initial step in managing an effective team is to thoroughly understand its current structure and the roles of each member. Without a clear grasp of who is responsible for what, efforts can easily become duplicated or critical tasks overlooked, increasing the organisation's risk exposure.

Begin with a comprehensive assessment of the current roles and responsibilities. It’s helpful to create a matrix or visual representation of responsibilities that everyone can refer to. Once roles are clearly defined, make sure they are communicated effectively, documenting any changes and providing updates as they occur. Regularly revisiting these roles and responsibilities as the team grows and changes is also crucial.

You also need to assess the skills present and identify any gaps that could impact risk management effectiveness. Surveys, interviews, and performance data can all provide insights into where training or hiring may be necessary to bridge these gaps.

Key person risks occur when a team overly relies on one or a few individuals. To mitigate this risk, implement a strategy of cross-training, where team members are trained in multiple roles, or develop a mentorship system within the team to transfer critical knowledge.

Finally, consider whether the existing team structure is the most effective way to meet current and future challenges. Sometimes, restructuring may be necessary to better align the team with the organisation’s strategic goals. Any restructuring should be approached with careful planning, clear communication, and support from human resources.

Actions:

  • Conduct an initial team assessment: Gather data on the current team structure, roles, and responsibilities.
  • Clarify and communicate roles: Ensure each team member understands their responsibilities clearly.
  • Identify skills and knowledge gaps: Use skills audits and performance data to determine where enhancements are needed.
  • Develop cross-training and contingency plans: Address key person risks by ensuring knowledge and skills are distributed across the team.
  • Evaluate team structure regularly: Be open to making structural changes to optimise team effectiveness in line with evolving business needs.

Fostering engagement with stakeholders

Stakeholder relationships are the bedrock upon which effective risk management strategies are built. Stakeholders can provide critical support or pose challenges; hence, understanding their perspectives and securing their buy-in is fundamental to your success. This includes everyone from board members and senior executives to regulators, auditors, and key personnel in operational roles.

Communication is key to stakeholder engagement. Regular updates and transparent communication about risk assessments, potential threats, and mitigation strategies help build trust and demonstrate the value of the risk management function. To facilitate this:

  • Establish regular briefing sessions with senior management and the board.
  • Create clear, concise reports that highlight key risk issues and their potential impact on the organisation.
  • Use technology to ensure stakeholders have real-time access to risk dashboards and reports.

Engaging stakeholders is not just about sharing information; it's also about listening. Regularly solicit feedback on risk management processes and be open to suggestions for improvement. This two-way communication fosters a culture of collaboration and continuous improvement.

Work closely with stakeholders to integrate risk management into business planning and decision-making processes. This alignment ensures that risk management supports rather than impedes business goals, making it a strategic partner in the organisation.

Actions:

  • Establish regular communication channels: Set up routine meetings and reports to keep stakeholders informed and engaged.
  • Listen and adapt: Regularly seek stakeholder feedback and be prepared to adapt risk strategies in response.
  • Demonstrate value: Show how risk management directly supports business objectives to secure ongoing stakeholder support.
  • Foster collaborative relationships: Build strong, collaborative relationships with all stakeholders to ensure risk management is integrated at all levels of the organisation.

Collaborating with Line 1 teams

Line 1, typically composed of business unit managers and their teams, is on the front lines of implementing risk controls and maintaining daily operational risk management. Strengthening the partnership between the risk management function (Line 2) and Line 1 leads to a more responsive and integrated risk culture across the organisation.

Identifying and engaging risk champions within Line 1 can significantly enhance the risk management process. These are individuals who are well-respected within their units and have a keen understanding of the specific risks their units face. They can act as pivotal links between their teams and the risk management function, facilitating smoother communication and quicker resolution of risk issues.

Providing comprehensive risk training to Line 1 personnel is key to ensuring that they understand their roles in the risk management process. This training should cover not only the basics of risk identification and reporting but also how to implement controls and the importance of enterprise risk management, so staff understand their role within the broader framework.

Such a program involves more than just training; it requires ongoing communication, regular updates on new risks, and refreshers on procedures. Utilise a variety of formats, such as workshops, e-learning modules, and regular newsletters, to keep the information engaging and accessible. Encouraging an open dialogue about risks allows for continuous learning and adaptation, which is crucial in dynamic business environments.

Actions:

  • Conduct a detailed analysis of Line 1 activities: Understand the specific risk landscape of each business unit.
  • Identify and empower risk champions: Select key individuals within Line 1 who can facilitate effective risk management within their teams.
  • Develop and implement a training program: Ensure all Line 1 personnel are regularly trained in risk management principles and practices.
  • Establish regular feedback mechanisms: Create channels for Line 1 to provide ongoing feedback on risk processes and challenges.
  • Promote a culture of risk awareness: Foster an environment where risk management is considered part of everyone’s job.

Conclusions and next steps for your organisation

The role of a CRO extends beyond managing risks: it's about building a robust foundation for risk management through effective team structure, engaging stakeholders, and integrating operations with Line 1 personnel. The success of your risk management initiatives greatly depends on the people within your organisation, from your risk management team to the stakeholders and the personnel on the front lines.

To help you navigate these critical first steps, we invite you to download Protecht’s 90-Day Operational Risk Checklist for New Chief Risk Officers. This comprehensive guide is designed to support you in establishing, managing, and optimising your risk management framework right from the start. It provides actionable insights and structured plans that cater specifically to the needs and challenges of new CROs.

Download the checklist today and start transforming the way your organisation perceives and handles risk:

Download checklist

About the author

Jared Siddle is Protecht's Director of Risk, North America. He is a Qualified Risk Director who has been Head of Risk Management at three different companies, including two of the world's largest asset managers. Jared has proven success in banking, fund management and other financial service companies across over 26 countries. He is passionate about governance, risk, compliance and sustainability. He is an expert at designing, developing, and executing customised enterprise-wide risk frameworks.