These days, however, the risk management "tent" has grown into a "big top" called enterprise risk management (ERM). To be sure, the discipline should help companies cope with natural disasters, worker injuries, lawsuits against directors and officers, and other traditionally insurable perils, according to the long-awaited ERM framework issued late last month by The Committee of Sponsoring Organizations of the Treadway Commission (COSO).
Believe me, the CFO is way too focused on getting the financials right to add the equally important tasks of a CRO. The next thing they will be asked to do is take on duties associated with the CIO. This has to end.
But there's a big obstacle on that rosy career path. If a single executive manages the potential upside as well as the possible downside of a company's moves, there's the chance that the executive's decisions might be overly biased. If the CFO/CRO is especially fond of taking risks, then the company might end up excessively exposed to disaster; if the officer is too risk-averse, opportunities could be missed.
That, apparently, was the reasoning of the Office of Federal Housing Enterprise Oversight (OFHEO) when it sharply criticized J. Timothy Howard's dual roles as CFO and CRO at Fannie Mae in a September report on the mortgage company's accounting.
The Board of Directors has figured this out in most savvy financial services companies already. In fact, the CRO may soon have more of a powerbase inside the executive management ranks than the Chief Financial Officer if the trend continues.