• Building resilience through risk culture.

  • Empowering our clients to improve performance.

Who can fire your Chief Risk Officer?

The answer to this question about who can fire your Chief Risk Officer (or most senior risk manager) has serious implications for risk management in your organisation.

Imagine this – your Chief Risk Officer (CRO) discovers a serious breach of policy that leaves the organisation exposed to significant risks.

She reports this to her boss who then puts her under enormous pressure to ignore the breach because it would expose his involvement in actions that caused the breach.

The CRO knows that the breach and associated risks are critical and continues to press the issue with her boss. Making no progress she leaves the organisation because either –

  • her boss fires her

  • she suffers constructive dismissal – being forced out or

  • she resigns to escape the stress and because she knows her own reputation will suffer when the breach is finally exposed

Now the organisation is even more at risk as the only person interested in fixing the breach has gone.

Real World Examples

This is not idle speculation. We have been asked for advice by risk managers who have faced similar situations: one was even threatened with physical injury if he did not drop the issue.

When the CRO at Lehman Bros began urging some caution on major deals which the CEO was pursuing he started excluding her from meetings and then fired her. We all know what happened to Lehman Bros!

Frank and Fearless.


For your organisation to be properly protected against significant risksit is essential that your CRO is confident that providing frank and fearless advice won’t result in losing his or her job.

This means there needs to be a safety valve of some sort to protect both the CRO and the organisation.

Safety Valve – The Board Audit and Risk Committee.

Our view is that the delegations of authority from the board to management should make it clear that even the CEO has no authority to –

• dismiss the CRO or
• redeploy or retrench the CRO without first gaining approval from the board audit and risk committee.

Also that if the CRO resigns then –

• the chair of the board audit and risk committee will conduct a thorough exit interview and
• report the results to the board audit and risk committee

In our experience there can often be potential for serious conflict of interest between the CRO conscientiously discharging their responsibilities and the interests of other individuals in the C suite.

Providing the sort of safety valve we suggest provides protection for your organisation and allows the CRO to deliver the frank and fearless advice required for organisational health.

Do your delegations of authority provide this sort of protection?

Would you like to strengthen the Risk Culture in your organisation?  Contact us to find out how.

About the Authors

John Dawson

Carmel McDonald

John P Dawson & Carmel McDonald are the co-owners of Dawson McDonald Consulting.  They’ve been running Risk Culture Assessments since 2008 to help clients protect their organisations and build resilience.  They can be reached at info@riskculture.com.au

Take our FREE test to see how your organisation scores on Risk Culture, click here.

In 2015 they published a book BUILD Your Business.  Risk Managers will also find this helpful in communicating their message effectively

To get your copy of this book, or to download a free sample chapter, click here

#riskculture    #riskmanagement

 

Leave a Reply

Your email address will not be published. Required fields are marked *