Le nouveau rôle du Chef de la gestion des risques
The Evolving Role of the Chief Risk Officer « ERM Advantage ermadvantage.com
In working with different sized institutions to develop an enterprise risk management program, some of the questions that tend to come up relate in particular to the Chief Risk Officer’s (CRO) role, including:
- To whom should the CRO report?
- Does the CRO only work on the risk framework or can (or should) he participate in risk assessments?
- Does the CRO own any of the risks?
Le carnet de Richard Joly, président et fondateur de Leaders & Cie, publié dans les Affaires est vraiment très intéressant. Selon une récente étude publiée par PricewaterhouseCoopers, 51 % des entreprises américaines souhaitent pénétrer les pays du BRIC (Brésil, Russie, Inde et Chine) dans un proche avenir.
Selon notre expert, « la raison est simple; ces entreprises ont de la difficulté à croître dans leurs marchés traditionnels. Pour les administrateurs de sociétés, l’expansion vers ces pays représente de nouveaux risques à gérer. Ils doivent s’assurer que les initiatives d’expansion sont au cœur de la stratégie d’entreprise et non un projet ad hoc adopté en réponse à un courant populaire ».
À lire : BRIC et C.A. : Pas sans risques !
Dix (10) questions que les CA devraient se poser en ce qui concerne la gestion des risques : Une compilation de Norman Marks
Norman is a practitioner and thought leader in internal audit, risk management, compliance and ethics, and has led large and small internal audit departments, been a Chief Risk Officer and Chief Compliance Officer, and managed IT Security and governance functions.
A good reference for boards is the 20 Questions series from the Canadian Institute of Chartered Accountants. The series includes one on risk management. I have my own set of 10 questions (OK, they have follow-on questions). These were developed for boards, but they would probably be a good basis for questions auditors could ask as well.
- How has the executive team become familiar with leading risk management practices? When you manage risk, and uncertainty in general, are you using a recognized risk standard or framework?
- Risk management is about managing uncertainties that may impact our ability to achieve our goals. In broad strokes, can you describe how you identify, assess, and determine how to manage those uncertainties?
- How do you integrate the consideration and management of risk in the setting of strategy, achievement of goals and objectives, optimization of performance and management of major projects?
- How have you assigned the management of risk within the companies? Is it clearly part of each manager’s responsibilities, or is it seen as the responsibility of the risk officer, CFO, or other person? If the latter, why? If the former, how are they informed, educated in risk management techniques, and provided the tools for the task?
- How are risk criteria, including risk appetite and tolerance, set? How are those levels and expectations for taking risk communicated across the organization? How do you know when the levels are exceeded?
- If each manager is responsible for managing risks within their sphere of operations, within their set of responsibilities, how do you make sure you as an executive team have a clear view of risk across the organization? How do you manage the accumulation and interplay of risks when a single situation can affect multiple areas, or when the activities of one manager affect others?
- Are you managing risk fast enough, so you can act when necessary? Is the organization agile? Are you able to change strategic directions if risk levels change?
- What is your process for involving the board? Under what circumstances will you notify us? What information will you share and when?
- If you have a risk office, what is their role relative to the responsibilities of management? Where do they report, do they have access to executives and the board, and are they adequately resourced?
- How do you make sure the risk management process is working as you expect? Are you using internal audit to obtain that assurance?