The Institute of Risk Management (IRM)

2nd floor Sackville House 143 - 149 Fenchurch Street London, EC3M 6BN
+44 (0)20 7709 9808
  • About IRM

    The Institute of Risk Management (IRM) is the world’s leading enterprise-wide risk education Institute. We are independent, well-respected advocates of the risk profession, owned by practising risk professionals. IRM passionately believes in the importance of risk management and that investment in education and continuing professional development leads to more effective risk management.  

    We provide qualifications, short courses and events at a range of levels from introductory to expert. IRM supports risk professionals by providing the skills and tools needed to put theory into practice in order to deal with the demands of a constantly changing, sophisticated and challenging business environment. We operate internationally, with members and students in over 90 countries, drawn from a variety of risk-related disciplines and a wide range of industries. 

    As a not-for-profit organisation, IRM reinvests any surplus from its activities in the development of international qualifications, membership, short courses and events. 

How Chief Risk Officers help strategy & finance think & fund big


In business, risk is like cholesterol. There are good and bad strains. Just like in health news, where bad cholesterol makes the headlines, the negative risks that face large organizations dominate — from cybersecurity threats and widespread employee misconduct to the latest round of geopolitical instability. Senior executives, as a result, tend to focus much of their attention on these negative events to the detriment of their growth ambitions.

“They oftentimes feel the need to play it safe either because they are overwhelmed by too much information or because they overweigh the risks attached to big decisions,” says Matt Shinkman, risk practice leader at CEB, now Gartner.

“Expanding an organization’s risk appetite may be an unfamiliar role for some CROs”

Chief risk officers (CROs) and other enterprise risk management (ERM) leaders are in a position to ease these concerns and join in with corporate strategy to help colleagues gain greater confidence in high risk and reward projects.

Position ERM competencies early

Expanding an organization’s risk appetite may be an unfamiliar role for some CROs. Attempts to allay corporate risk aversion have been widespread since the early days of recession recovery. Unfortunately, many of these conversations have happened within functional silos. The results are redundant surveys, ineffective templates and disengaged leaders unaware of the trade-offs needed to allocate capital to bigger, riskier investments that support current and future growth potential. This is what CEB, now Gartner, calls making “growth bets.”

To become an effective partner, CROs must position ERM capabilities early in the strategic planning process to assess the company’s range of growth ambitions. ERM leaders can then formulate risk implications for the stated growth goals and provide feedback to partners in finance and strategy.

CROs should also align the ERM team’s calendar with that of the strategy team. This ensures ERM planning is concurrent with the strategic planning process. Having assessed the full scope of growth ambitions across business units, the CRO is then in a solid position to lead a discussion on the risks associated with major growth bets. This discussion must focus on both positive and negative types of risk.

“CROs have a key role to play in getting colleagues comfortable with the good kinds of risk”

Providing a detailed understanding of these risks gives strategy the permission to think big and finance to fund big. However, even the most detailed discussions also require guardrails to keep initiatives within parameters that are realistic to the firm’s current financial state. Below are two tactics companies in the CEB, now Gartner, network have used with success.

Decision tree

When the strategy team of one banking company struggles to get a proposal approved, its ERM team introduces a decision tree tool to help bring clarity to the situation. When the time is right, the ERM team provides resources to help strategy collect risk information, set up a risk mitigation dashboard and review the plans. The ERM team will then sign off on these plans, which lets decision makers know it has vetted the proposal’s risks. The end result: Top executives cut the time used to debate the downside risks of a new project in half.

Safety nets

The ERM team of one large technology firm creates “safety nets” for projects that include project-specific metrics, metric trigger points that signal something has gone wrong, and contingency plans if the initiative hits those trigger points. Decision makers, now presented with ways to track and mitigate a risky initiative, feel more confident in making decisions and moving projects forward. This type of visibility and pre-planning helps executives feel they can comfortably look away until their attention is actually needed.

CROs have a key role to play in getting colleagues comfortable with the good kinds of risk. When these leaders take the right steps to get involved early in the strategic process, create partnerships across functional lines and enable real-time risk guardrails, they can help their colleagues make the most informed growth bets.