Congratulations, your chief executive officer has just named you the chief risk officer of your billion-dollar company, Fortune 500 Inc. You've made a big jump from senior vice president. You've heaved yourself out of the quagmire of corporate vice presidency, and for that you should be proud. You're the new peacock strutting around the C-suite. You're a "player." You're the man, (or woman).
But before stepping on the gas of your Mercury Mountaineers and high-tailing it to your wives, husbands or significant others with the good news, celebrating that five-digit salary increase with a meal at the Olive Garden, do yourself a favor.
Go pour yourself a stiff drink, no ice.
You've just landed the job no one else wanted. Mr. CEO threw the job your way because it looks good in front of the regulators, because the requirements of the Sarbanes-Oxley Act have imposed expensive new administrative burdens on the company, and because your competitors, driven by "lemmingitis," are themselves rushing to appoint chief risk officers.
If you thought Big Boss tossed this CRO promotion your way out of his or her good graces, you should have known better. After all, you've been in the industry 15 or 20 years, right? When's the last time any promotion came with no strings attached? Think about it. What's another $20,000 in salary, after taxes?
In truth, the company was doing just fine without a CRO. Last year's earnings numbers were decent, not the best in your company's history probably, but far from the worst as well. Other than an annoying gadfly or two squawking away at the firm's annual meeting, shareholders were hardly in revolt. Regulators were satisfied. Things were humming along.
But now, guess what. All this risk-related responsibility is on your shoulders. Now you're on the hook to deliver successful "enterprise risk management" and "operational risk management" initiatives, vague and nebulous concepts nobody wants to touch, much less implement.
CEOs and CFOs, wily operators be they, have just engaged in some very shrewd risk transfer at your expense.
Before you got that top risk job, risk was their responsibility. It was their job, along with the actuarial staffs, to weigh the risks facing the company, and to allocate capital accordingly. If the CEO and the CFO allocated too much or too little capital relative to the risks facing the corporation, they took the blame for the inefficiency in capital allocation. Their contracts weren't renewed. The board showed them the door.
Now, the CRO's in the hot seat, not an easy place to be. Your image as former insurance purchaser is working against you, and you've yet to set foot in the new corner office. A couple of three-letter bona fides after your name isn't going to account for much. Come to think of it, this new three-letter title before your name is about to make your life a lot more difficult.
C-suite titans love metrics, love numbers, love concrete measures, love the sound, if not the results, of processes like "Six Sigma." That's how they track progress for The Street, for shareholders, even to justify their own existence. That's how they ended up as top dogs. Life is measured in quarters. They don't have time for a 12-month yardstick. It's way too long. How about 60 months? Forget it. And how about 30 years, a standard unit of measure in the insurance industry? That's just beyond comprehension.
Measuring risk isn't easy. Good risk management is a balancing act, an art, that few people have ever mastered. CEOs and CFOs are just itching to pass the buck and have someone do it for them.
No doubt, you deserve credit. You've spent the past 20 years in risk management and you've just been handed the job of CRO, what many might call the apex of the profession.
Say "thanks, but no thanks," and walk out the door.
is managing editor of Risk & Insurance®.
August 1, 2006
Copyright 2006© LRP Publications