The CRO is dead. Long live the CSIO!

Speaking to more than 150 risk professionals in Kuala Lumpur and Singapore earlier this week, Smith said that when enterprise risk management (ERM) is truly successful in an organisation, “the role of CRO or risk management director becomes defunct and a title of chief strategic information officer becomes more appropriate for a truly embedded risk management process”.

“That would evidence that risk is shaking hands with opportunity, and ultimately the output from the ERM process is to gear the executive to make smarter and smarter strategic decisions,” he said.

Smith is currently working as the global resilience leader at gig economy food delivery firm Deliveroo, is the former head of risk and insurance for Hertz, and is also a former chairman of Airmic, an association that represents risk managers and insurance buyers in the UK.

He travelled to Malaysia and Singapore to present at two high-level Strategic Risk Forums focussing on enhancing ERM. And he made it very clear that risk professionals needed to understand and adapt to the corporate cultures in which they find themselves.

“If you want to be important to the important people in the business, figure out what they worry about, then work out what you can do to help with these concerns,” Smith said.

“Are you a key adviser to the top level? If you are, you’re making good progress. If you’re not sure, you need to make a plan. The key thing is how you are perceived. Being perceived as supportive to the coalface – to the people who do the stuff – will help you succeed.”

Credibility the key
The way in which risk management is approached in any company must be aligned to the culture and strategic goals of the organisation, Smith continued.

“A risk manager needs to understand strategy and work out how they can assist with strategic decision making,” he said. “They can do so by using their risk radar to scan things such as competitors, consumers, process quality and supply chain.”

Smith pointed out that one of the key challenges for risk professionals was to “be credible in the context of their organisations”. “To a degree, proving and reproving their subject matter expertise is probably not the key,” he cautioned. “In all likelihood, their expertise in risk management is a given. Ultimately a proactive approach is for the risk manager to put themselves into the shoes of the executive and figure out by investigation – and in fact asking – what keeps them awake at night. Then they can start talking about what they would want to support their view of the objectives of the organisation and of the strategic achievements required.”

This engagement in truly understanding what an organisation is trying to achieve is what enables risk management to move itself from a risk register-based operational process to a strategic information-based service to senior management, Smith suggested.

StrategicRISK Forum Kuala Lumpur 2017 was sponsored by AIG and the Knowledge Live Singapore 2017 was sponsored by Zurich. Both events were supported by the Pan-Asia Risk & Insurance Management Association (PARIMA).