ALMOST EVERY INDUSTRY is in the grips of a seismic shift driven largely by technology, resulting in an everyday business environment marked by the rise of new business models, new market players, and a greater need for agility, flexibility and changing skillsets. Effective risk management is critical to help organizations deal navigate successfully. This requires improvements to frameworks and processes, better tools used more effectively, better-trained people with deeper expertise, and better use of data. But, perhaps more than anything, it requires great risk leadership to make it all happen.
There are several fundamental challenges to developing strong leadership in these roles. First, risk management is still evolving as a profession. The role of chief risk officer and the concept of enterprise risk are still relatively new. Of those in risk leadership roles today, few set out to get there from the start--many came from highly technical backgrounds and, when they began their careers, there were no defined career paths or role models to follow.
Second, the demands of the role are distinctive. Risk leaders need to robustly and firmly challenge colleagues who are trying to drive the business forward, while all the time trying to position themselves as a "critical friend" and avoiding being seen as the dreaded "business prevention unit." As a result, while any executive will tell you that can be lonely at the top, this is even more the case for a risk leader. While they may try hard to emphasize a focus on upside risks and opportunities, most often, risk goes hand in hand with preventing things from going wrong. This emphasis often isolates a risk leader further from the rest of the business.
And finally, to top it all, the value of effective risk management is rarely visible as it is typically embedded in policies, systems and processes. This makes it difficult for risk leaders to demonstrate the tangible benefits they bring to the organization.
Taken together, this presents a unique leadership challenge. To gain a better understanding of what it takes to be a successful leader, we interviewed 10 senior risk leaders and conducted a survey of more than 220 risk leaders. For the purposes of the research, "risk" was used as a catch-all term for a range of disciplines and roles relating to the identification, assessment, management, assurance and reporting of risk across all domains. This includes governance, compliance, technology risk and controls across the first and second lines of defense. A "leader" was considered anyone viewed by the organization as responsible for risk management and accountable for setting direction and leading a team. To get at "success," we asked survey respondents to consider those risk leaders they perceived as effective performers in their role.
What Are the Main Challenges Risk Leaders Pace?
Before exploring the capabilities and qualities that make an effective risk leader, we wanted to understand the current and future context and challenges they face (Figure 1).
Overwhelmingly, risk leaders saw the growing risk associated with technology-driven change as their top challenge. The other priorities differed depending on seniority: More senior leaders were especially concerned with demonstrating the value of risk management and accessing talent, while less senior leaders felt it was the challenge of leveraging the mountain of data and continuing pressures on cost. Finally, all leaders noted the need for greater flexibility and agility so that risk can be more responsive to changing expectations and threats.
The DNA of a Risk Leader
Across all organizations and functions, around 40%...