The Chief Risk Officer (CRO) is the corporate executive tasked with assessing and mitigating significant competitive, regulatory and technological risks across the enterprise. The position is sometimes called Chief Risk Management Officer (CRMO) or simply Risk Management Officer (RMO).
Organizations have long been concerned with business risks that can threaten productivity and profitability. The formalization of those efforts in the form of enterprise risk management (ERM) led by a dedicated CRO gained momentum in the wake of regulatory requirements such as the Sarbanes-Oxley Act of 2002. Concerns fueled by legislation such as the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 have made the CRO position even more important in the C-level hierarchy. In addition to issues of compliance, CROs are typically concerned with issues such as insurance, IT security, financial auditing, global business variables, fraud and other internal corporate investigations.
Most large businesses and those organizations considered “critical infrastructure,” such as financial institutions and energy providers, now support an ERM program led by a CRO or equivalent. According to industry surveys, the typical enterprise CRO has a post-graduate degree and more than two decades of business experience, usually in accounting or legal affairs.