Norman Marks on Taking the Reins as CRO: A Strategic Approach for Risk Leaders
Norman Marks outlines a strategic, people-centric approach for a new Chief Risk Officer (CRO), emphasizing deep organizational understanding over immediate framework adoption. This perspective is crucial for internal audit and assurance professionals, as it highlights the importance of understanding how risk management integrates with decision-making and business objectives, rather than merely focusing on compliance. It underscores the need for auditors to assess the effectiveness of risk functions in supporting strategic goals and informed decision-making.
The Indispensable Listening Tour
Norman Marks, reflecting on what he would do if appointed Chief Risk Officer (CRO) today, emphasizes that his initial priority would be an extensive "listening tour." This tour is not merely a formality but a critical exercise to gain a comprehensive understanding of the organization's unique culture, people, strengths, weaknesses, history, and future objectives. He stresses that even with prior experience in similar companies, each organization possesses distinct characteristics that necessitate a fresh, in-depth inquiry. This approach extends beyond internal stakeholders to include channel partners and the broader extended enterprise, ensuring a holistic view of the operational landscape.
Understanding Decision-Making and Mandates
A pivotal aspect of Marks's strategy involves understanding "how decisions are made" within the organization. This inquiry aims to assess the robustness of decision-making processes and the reliability of the information underpinning them. Furthermore, he would carefully consider regulatory mandates and expectations from the board and CEO. Rather than immediately conforming to these mandates, Marks advocates for treating them as requests, allowing him to develop a tailored proposal after a thorough understanding of the company's needs. This measured approach ensures that the risk management strategy is aligned with the organization's specific context and strategic goals, rather than being a generic, top-down imposition.
Strategic Priorities and Resource Allocation
Marks anticipates that his initial tasks would involve ensuring regulatory compliance, executed with optimal resource efficiency. Following this, he would shift focus to activities that directly contribute to achieving enterprise objectives. A significant portion of his resources would be dedicated to empowering decision-makers, providing them with timely and relevant information, and potentially facilitating decision-making meetings. He explicitly states that adopting a specific risk framework is secondary to understanding and addressing the business's actual needs. This pragmatic outlook underscores a commitment to practical, value-driven risk management, where frameworks serve as tools rather than dictating the overall strategy. Marks also highlights the importance of managing expectations, acknowledging that meaningful change requires patience and consistent delivery.
Read more