Professionals in corporate risk management

- There are people behind the words risk management. After all, risks don't monitor and manage themselves. Most professionals involved with corporate risk management have a high level of numeracy, curiosity, and a desire to get to the bottom of things. In business, we talk about market drivers as fear and greed, about a big sack of money and a big sack of money on fire. If you're in risk management, you're usually looking out for the big sack of money that could catch fire. The goals of risk management professionals in a corporate organization are to monitor, measure, and actively manage risks. Part of this is to make sure that current risks are being watched and future risks are being watched out for. Risk management within corporations has three main internal players, risk managers, risk committees, and C-level executives. There are also external advisors who can support corporate entities. Risk managers are employees whose day-to-day roles involve monitoring and managing risks. If you work in agriculture, they might be writing reports about rainfall, but if you're a construction company in California, they might be monitoring buildings for earthquake resistance. Risk manager roles and responsibilities may include producing reports and performing analysis on any number of risks that a company faces, both financial and non-financial. Risk manager responsibilities may also include monitoring open trading positions, trading, and actively managing risks by working with external counterparties to buy options, manage swaps, futures, or forwards. Risk committees can be formal or informal groups of corporate employees who are exposed to risk in their day-to-day roles. They may also be employees with specialized knowledge, like energy prices, or they may be dedicated to the oversight of risk in a particular region, like Africa. These committees can be housed in one dedicated division of a company, or the committee can be comprised of people from different groups that are dispersed throughout an entire organization. When I worked in banking, there were risk committees in each of the different departments that met regularly, sometimes weekly, and there was one major and senior corporate risk committee that met once a month or less. In companies that formally address risks and have risk management strategies, risk committees can drive specific decisions about how to manage corporate exposures, like if electricity prices should be hedged. They could manage position limits, like how many tons of aluminum should be locked in with a swap. They could manage pricing, like agreeing on a preferred buying or selling price. For an option, swap, or other solution. And they could manage timing, like when contracts need to be executed and set with a certain expiration. The closer the committee is to the tactical implementation of strategy, the more frequently it should meet. Those committees that address more longer term, strategic risks meet less frequently, unless a crisis is looming. Risk executives are not found in all companies. Some companies have a dedicated CRO, or chief risk officer, who will have risk managers as direct reports. Those subordinated managers may monitor country risk, currency risk, commodity risk, or any other kind of risk. But more often than not, the executive role of risk management falls by default to the CFO, or chief financial officer, of a company. In their absence, and given that corporate risks can adversely affect the bottom line of a company, the CFO is usually responsible, as she or he signs the financial filings and reports of a company. While having a CRO is a best practice, there is a significant cost and commitment to risk management required. As such, most companies forego this position. Beyond internal institutional risk management knowledge and professionals, what we find is that there are also roles and responsibilities that corporate boards fill to advise their CEOs directly. Risk topics of governance, markets, technology, and operations are often part of a corporate board's mandate. External advisors and consultants can also provide risk management support to a corporate entity. Can you name the people on the risk committees in your organization or the person at the top of the risk food chain? Is it a CRO or CFO? Or is this an area where you think oversight and corporate attention is lacking? Is your company's sack of money at risk of catching on fire?