Risk: Carpe Diem

How risk has changed the profiles of key leadership roles


"Only those who dare to fail greatly can ever achieve greatly.”—Robert F. Kennedy

As firms become more complex and interdependent their risk profiles continue to change—a dialectic that has been exacerbated by the current global recession. The altered environment requires more effective leadership, and a culture and process that focuses on the true risk/reward model that is enterprise-wide risk management. In this issue, Mark Adams and a team of consultants from our CEO and Board Services practice and from a cross-section of Russell Reynolds Associates’ industry sectors examine how risk has changed the profiles of key leadership roles. 

The Forces At Work

Risk is a fact of our day-to-day lives. In business, it is largely accepted that one must take a certain amount of risk to gain reward. There is however, a way to optimize risk-taking that enables the conscientious and disciplined achievement of rewards.
Current examples of poor risk management abound, with the entire world now in or headed for a major economic downturn. Whether Wall Street or Main Street, all firms are increasingly vulnerable to poorly managed risk. There are four forces in particular that have combined to make risk even more complicated:
  • Globalization—increasingly global markets and economies have broadened organizations’ risks as their reach and market penetration expand.
  • Technology—as technology speeds processes, widens access and permeates the entire business, it can be a tool for risk identification and measurement, but may also be an accelerator of contagion.
  • Regulatory and Government Involvement—increased government regulation aimed at avoiding systemic risk will ultimately require firms to develop an understanding of, and compliance with, new rules in both mature and emerging markets in order to drive growth.
  • Supply Chain—greater complexity and sophistication of global contracts, logistical issues, outsourcing arrangements and stricter inventory management all contribute to increased risk.

Making Sense Of Risk—The ERM Paradigm

​Enterprise risk management (ERM) is one paradigm that can be used effectively across industries to identify and address all forms of risk management activity across an entire organization. It is best described as a five-step process involving planning, analysis, solution identification, decision-making and monitoring. The process is deployed in order to head off negative risks and events and to enhance the likelihood of positive outcomes by reducing the variability of initiatives. To that point, Standard and Poor’s (S&P) announced it has started incorporating evaluation of ERM into its ratings of all companies in late 2008, underscoring how ERM is now perceived as a value-added discipline and management best practice.

The Diagnostic Questions

Firms tend to focus on risks they understand best; for example, financial firms focus on market liquidity or volatility as their primary risks, whereas consumer product firms might identify product liability as the exposure with the highest potential to create “reputational” risk. 
While the risks may vary, ERM provides a framework that applies regardless of an organization’s core competencies. CEOs and Boards can ask the following questions to bring structure to addressing risk:
  • How does the firm's top leadership identify address known risk?
  • Is the firm engaged in businesses it doesn't know and understand very well?
  • Is there a mechanism in place that will allow leadership to anticipate areas of risk?
  • Has there been a recent crisis in the firm or actions by a peer or competitor that have provoked a change in the firm’s approach to risk?
  • Where is the organization in its journey towards risk identification and full ERM?
  • How much buy-in is there from the C-suite and Board—especially the Audit Committee—to adopt ERM?

The Role Of The Chief Executive Officer (CEO)

"A pessimist sees the difficulty in every opportunity; an optimist sees the opportunity in every difficulty.”—Winston Churchill

A good title for today’s successful CEOs might be “Captains of Chaos”. The rapidly-changing and ambiguous nature of business requires senior leadership that approaches risk by:
  • Viewing risk as an opportunity rather than a constraint—exploiting opportunities that paralyze or deter peers will allow CEO’s the ability to carpe diem (seize the day) and sustain a competitive advantage.
  • Adapting and improvising—no exact blueprint or business plan will last long, and an ability to influence people by providing purpose, direction and motivation will ensure success.
  • Executing with speed—leaders must be decisive, focused and a quick study, honing their ability to leverage resources swiftly.
  • Exploiting technology—instead of expecting to possess relative technological superiority, technology should be used as a tool to exploit the non-linear nature of business in a chaotic system.
  • Delegating and training—to prepare the next level of leadership there is a need to constantly test executives’ abilities by putting them in challenging situations that allow them to think and act under pressure and stress, and to create a risk-intelligent culture where teams are rewarded for innovating both individually and collectively.​

The Role Of Chief Risk Officer (CRO) In ERM

In our search for top CROs and Heads of Risk, we frequently advise CEOs on the definition and strategy for the CRO role. More often than not it is a new position. In our experience, success is predicated on getting the following right: 

Reporting Relations

The CRO should report to the CEO and be responsible for recruiting and managing a small staff globally, while also stewarding numerous strategic partnerships with internal constituencies and outside General Counsel (GC), Chief Operating Officer (COO), Chief Financial Officer (CFO) and the head of Internal Audit, all of whom should view the CRO role as a complement to their areas of responsibility. 


The goal is to build a thorough and comprehensive ERM infrastructure spanning all parts of the organization and provide a clear and easy-to-interpret real-time interface for senior management regarding all risk-related activity. 

Responsibilities of the CRO

Build the philosophical and methodological blueprint for ERM, encompassing:
  • Strategic risks: political, competitive, compliance, governance, reputation, macroeconomic
  • Operational risks: technology & operations, supply chain, business continuity
  • Financial risks: investments, financing, legal/liability, counterparty, systemic, FX
  • Hazard risks: traditional insurance, fraud, theft, pandemic, terrorism

Coordinate with senior management and peers to adapt and integrate future business plans to the redefined or new risk management framework. 

The ideal CRO profile

  • Relevant business experience, ideally within the firm’s industry but often experience with an analogous industry with similar risk profile offers a broader perspective on risk at the top.
  • Experience in as broad a set of responsibilities possible, especially in operations, finance and/or legal. This is equally as important as time spent specializing in risk management and ERM.
  • Global experience with resultant cultural astuteness. The CRO should be savvy and pragmatic about how to realistically effect change in a growing, global organization.
  • Track record of successfully using education, technology and communication to align the company and management with the goals and policies the candidate is charged with managing.
  • Successful use of technology as a tool to implement policies and to inform and educate managers on responsibilities and success/progress.

Personal and Professional Competencies

  • Judgment—ability to make decisions that balance a variety of factors (e.g. cost of risk, short vs. long-term impact) to achieve an optimal outcome
  • Vision—ability to anticipate future business risks and develop strategies to address them.
  • Development and leveraging of relationships—ability to create and cultivate networks of people across a complex matrix organization and use relationships strategically to accomplish objectives
  • Analytical skill—possession of strong quantitative, forecasting and analytical skills and a deep knowledge of risk management
  • Effective communication—ability to be highly articulate and to convey important messages in a clear and compelling manner
  • Strong healthy ego—possession of the confidence and character to hire the strongest, smartest people; ability to be resilient, learn from mistakes and complement self with talent in areas of weakness; possession of emotional intelligence.

ERM In The Boardroom

The expectation is that boards, along with the CEO, should take a more proactive stance toward risk and ERM, especially as we consider the impact of the current financial crisis. As was seen in the aftermath of the Enron and WorldCom scandals, outrage about the accounting abuses in which those two companies engaged drove Congress in 2002 to pass the Sarbanes-Oxley Act (SOX), shaking up the world of corporate governance. In today’s crisis, what appears to have been a lack of proactive risk management and a clear understanding of the risks impacting the balance sheets of so many firms, indicates a need for aggressive board oversight in all areas of risk. 
SOX significantly strengthened the importance and independence of the corporate internal audit function at public companies and put its oversight squarely in the hands of the board. Among other things, SOX required that a designated board member be a “Qualified Financial Expert” (QFE) and defined the knowledge that a QFE must possess. In practice, the QFE typically heads the board’s audit committee and is a former top-level accountant, chief financial officer or corporate controller. Even if a latter-day SOX doesn’t materialize, boards now may want to take it upon themselves to create a QFE-equivalent role for risk management: perhaps a “Qualified Risk Expert” (QRE). 
At financial companies, this QRE director would ideally be a former senior executive in a big financial organization—an investment bank, commercial bank or insurance company—with a complicated balance sheet. He/she should have a deep understanding not only of the entire spectrum of financial instruments and trading strategies, but also of the asset-liability management process. Although the financial industry is the most obvious candidate for the QRE role, a board-level discussion take place to determine need for a QRE at every public company, across industries. Industry-specific factors affecting risk management will vary, but the role is universal; the most likely QRE candidates will probably have already handled risk as a CFO, GC or COO. 


"Change before you have to.”—Jack Welch

The most successful approach to risk starts with its embrace by the CEO, who in tandem with the Board, should wisely and thoughtfully exploit both the ambiguity and the opportunities that risk offers. The entire C-suite must then buy into that approach, and view the CRO as an ally, someone who can enable prudent decision-making by providing vital business intelligence and assurance, as well as dispelling fear with open and effective communication. A board level role responsible for supporting the ERM initiative is also recommended, to ensure a culture that embraces change, develops judgment via effective delegation, and allows its leaders to fully utilize the calculated risk-taking that ERM affords.


Mark Adams is the Area Manager of the Boston office and co-leads the Insurance Practice in the Americas at Russell Reynolds Associates. Mark has extensive experience recruiting a broad range of senior executives including CEO, President, COO and CFO for both privately held and publicly traded firms in insurance and related industries. Mark also works with clients across sectors on senior risk management roles.
Discover more about our expertise in


Executives today must navigate increasingly uncertain terrain, driving up the cost of executive failure dramatically. This necessitates that executive selection undergo the same data-driven, analytical rigor applied to financial and operational decisions.
Learn More

Sign up for our newsletter

Get the newsletter that prepares you for what's next with valuable insights across industries and geographies.

Discover more about our expertise in


Executives today must navigate increasingly uncertain terrain, driving up the cost of executive failure dramatically. This necessitates that executive selection undergo the same data-driven, analytical rigor applied to financial and operational decisions.
Learn More

Featured Insight

Board and CEO Advisory Partners

Engaging the Activists

Read More

Sign up for our newsletter

Get the newsletter that prepares you for what's next with valuable insights across industries and geographies.
Risk: Carpe Diem