IRM recently founded a ‘NEDs & CROs’ Group to provide a forum for Non-Executive Directors and Chief Risk Officers to come together to discuss how effective risk management takes place from the top down. The objective of this Group is to provide a 'vertical specialism' promoting best practices and discussing board governance and risk related matters.

Some of the key challenges facing CRO’s include:

  • Risks relating to Governance. e.g. not moving fast enough with Board composition changes
  • Finessing relationships. CROs with Chairs of Board Risk Committees
  • Board macro subjects to include Environmental Social and Governance (ESG)
  • Board risk related issues for example, how are boards facing (global) issues affecting their organisations?
  • How to be a contemporary CRO/NED. Critical for remaining up-to-date on new/emerging topics
  • Emerging Risks. Horizon scanning and emerging technologies

Relevance to the risk community

Global Corporate governance codes have stressed that effective risk management requires the appropriate people and resources to be in place. Ultimately, the responsibility for risk management rests with the board comprising of Non-Executive Directors, whilst that board needs to have confidence that they are delegating day-to-day responsibility to a suitably skilled and competent person, such as a Chief Risk Officer. Together, these senior professionals are responsible for overseeing new risks and opportunities which may include digital disruption, geo-political and economic volatility, environment and sustainability responsibilities and social change.

The IRM can help support CRO’s and their teams with a suite of qualifications and training options to suit every organisation, no matter what sector you are in. We offer group discounts for both training and qualifications and will be happy to discuss your needs, contact: Joanna Kraska for more information.

Here’s a recent webinar on Operational Resilience and what this means to a CRO



IRM has also produced the: How to Hire a Great CRO report.

This guidance is based on IRM’s professional standards and is aimed at organisations of all types seeking to recruit a Chief Risk Officer, perhaps their first, or to make other senior risk appointments. By CRO is meant the most senior executive in the organisation with responsibility and accountability for risk management, whatever their actual job title. In some sectors, particularly financial services, the role of CRO is stipulated by regulation. Other organisations have come to see the merits of such an appointment as part of a process of maturing their risk management, ensuring it adds value to the business.

Socrates Coudounaris, BEng (Hons) MSc, FCII, CFIRM, Chair of the CRO/NED group (and former Chair of the IRM) explains:

“Effective risk leadership is an essential component of a healthy risk culture. Corporate governance codes around the world have underlined that you must have the right people and resources in place. Organisations face new risks and opportunities associated with digital disruption, geo-political and economic volatility, environmental responsibilities and social change.

Ultimately, the responsibility for risk management rests with the board, but that board needs to have confidence that they are delegating day-to-day responsibility to a suitably competent person, who will also be responsible for giving them the highest quality advice to support risk based decision making. Risk management is changing fast and CROs must be up to the challenge. We are delighted to be able to offer practical guidance and advice to aid in the recruitment process – especially given the importance of this role”.

Recruitment expert Ulrich Seega, the main report author, added, "The aim of this guidance was to bring together today’s best practice in recruitment with the specialist technical knowledge about risk management offered by IRM. Organisations today are looking for CROs who display not only technical expertise at the highest level but also the appropriate behavioural characteristics relating to matters like change and leadership. This guidance will help organisations define what they need and how to go about finding it.

The IRM has a valuable suite of cross sector resources that are free to access (behind a short form).

And a suite of Operational Risk Guidance documents available here.



The value of IRM qualifications from a CRO's perspective

Mike Stark, CFIRM, Director Stark Consultancy and formerly CRO of Peninsula Petroleum chose to embark on the IRM's Senior Executive route, he said:

"After two decades in risk management it was apparent to me that I lacked any certification to support the experience I had acquired. I had been a member of the IRM for several years already and it was just a matter of finding time to complete some studies. The Senior Executive Route facilitated this for me by providing me with the most efficient and robust method of getting qualified to have recognised my standard of knowledge in risk management. Achieving certification was also to be my catalyst for pushing forward in the risk management field, developing myself and others further". 

Read his full story here.


There are some 200,000 people in MoD and many of them are making risk management decisions every day. I’m responsible for the internal policy, framework and approach and for encouraging professionalism in the practise of risk management. In one way it would be cynical of me not to have a qualification myself, but I do think that it also shows that I take pride in what I do.

The IRM's professional qualifications can help you manage your moral compass and know when to insist that those who are responsible for decision making, need to have the conversations they may be avoiding. If you’re earlier in your career then jump-starting an understanding of theory and practice, and getting recognition that you’ve done this can only help you.

More here.


Jason Qian, IRMCert, IRM Global Ambassador, China

AGM, CRO and Board Secretary at Lloyd's Insurance Company (China) Limited

We spoke to Jason back in 2018 to ask him about the value of IRM qualifications, since then he has been appointed as Board Secretary and wanted to update us.

“The International Certificate in Enterprise Risk Management and International Certificate in Financial Services Risk Management qualification have definitely helped with my career development.

When I was hired as CRO of the Company, the Board expected someone who has a good understanding of risk management - especially as it was the time to develop and implement a risk management framework under the new solvency regime. Although I did have a proven track record, the qualifications I have obtained actually provided instant ‘systematic’ assurance on what the Board was looking for. Not to mention that relevant qualification is a useful reference as CRO is a role that is subject to regulatory approval”.

The qualifications are more than just certificates. The practical nature of the content and resources of the qualifications have been, and are continuously helping me on a day-to-day basis. I think the design of the qualifications is fantastic. It provided me with both a path of progressive essential knowledge building and an opportunity of comprehensive development”.