A new leadership role is evolving as more companies take a broader, more high-profile view of risk management.

How that role is being shaped, the title it carries, and the teamwork involved vary among different organizations.

The idea behind the position, frequently referred to as chief risk officer, or CRO, is to have an executive who is the focal point for enterprise or integrated risk management in the organization, said Michael Toothman, the Philadelphia-based managing partner of the casualty, actuarial, claims and risk management practices of Arthur Andersen.

The CRO has an "oversight role that would include the establishment, maintenance and continuous improvement of business risk management processes," said Bill Sacks, Los Angeles-based managing director of the business risk management competency development center, North America, for Arthur Andersen.

Today, the CRO's role includes integrating market risk, credit risk, operational risk, insurance products, derivative products and alternative risk transfer products, said James Lam, global head of Enterprise Risk Solutions, a division of Oliver, Wyman & Co., a New York-based enterprise risk consultant and broker.

The CRO position is an outgrowth of what is called enterprise, holistic or integrated risk management. That approach generally involves developing a risk management strategy based on identifying and understanding the spectrum of risks a company faces, whether they be financial, operational, insurable, legal or market risks.

"Every company has a chief risk officer. The problem is that the chief risk officer is not a professional risk officer. It's many times the CEO," observed John Riley, director-corporate risk management for The Dun & Bradstreet Corp. in New York.

Responsibility for all of a company's business risks tends to fall under many positions, Mr. Riley said. No one reports to a common officer until the level where individuals report to the CEO.

The establishment of the chief risk officer role, therefore, is an important step in the right direction, he said.

"It's a process," Mr. Riley said. "It's going to be a long process."

Dun & Bradstreet, he said, is moving toward an enterprise risk management approach.

Richard M. Inserra, assistant treasurer-risk management and insurance for Danbury, Conn.-based Union Carbide Corp., said, "Most companies are stepping along that path" toward a more consistent or integrated approach to risk management and the eventual naming of one individual to head the process (see related story). The true advantage of a CRO is to have someone whose full-time responsibility is to develop and implement risk management strategy and communicate it up and down the organization, Mr. Inserra said. The actual execution of the strategy, he said, may be done by a team of specialists or technical experts.

Companies have different theories about who in an organization has the broad view to assume the chief risk officer position, said John Bugalla, managing director of Advanced Risk Management Services at Willis Corroon Corp. in Nashville, Tenn.

Some companies view the traditional risk manager as the most appropriate person to step up to the CRO role. Others see the corporate treasurer as the likely candidate, while still others find the general counsel best suited.

And some companies are filling the CRO position from outside their organizations, consultants say.

Driving the establishment of the chief risk officer position is "greater awareness and appreciation on the part of senior management of corporations, or any entities, of the impact of risk on their business," said Charles R. Lee, principal and marketing and development manager for Tillinghast-Towers Perrin Worldwide in Dallas.

When companies see risks ranging from natural catastrophes to reputational catastrophes, Mr. Lee said, they begin to ask whether they need, "if not a uniform way of addressing them, at least an organized way of assessing, identifying, quantifying and mitigating risks."

"If a CEO thinks that way, then he or she is going to logically say, 'I need somebody I can rely on to pull all this together and help me analyze and manage this,' " he said.

In some cases, high-profile losses are prompting companies to rethink their risk management strategies and, ultimately, to name a more senior person to coordinate efforts at the corporate level.

The CRO trend is most prominent in the financial services industry, followed by public utilities and petrochemical industries, said H. Felix Kloman, a former Tillinghast consultant and now the Lyme, Conn.-based editor of the Risk Management Reports newsletter. The financial services and petrochemical industries both have had high-profile losses that suggest the need to rethink their risk management approaches, Mr. Kloman said. The public utilities have "major risks on their radar scopes," ranging from nuclear risks to extremes in cold and heat that can disrupt the power grid.

Within five years, about 50% of companies in those three industries will have chief risk officers who probably will report to the CEO and the board of directors, Mr. Kloman predicted.

"It used to be we had a handful of CROs in the United States," said Mr. Lam of Enterprise Risk Solutions. "Now we have dozens globally, across different industries."

Another reason companies may decide to name a CRO is the increased focus on corporate governance by regulators in the United States, Canada and the United Kingdom. Government-backed commissions in those countries all have developed standards aimed at achieving efficiency, reliable financial disclosure and compliance with laws, said Willis Corroon's Mr. Bugalla. Commission reports have said the responsibility for identifying and quantifying risks should be at the level of the board of directors and not at the middle-management level, he said.

As the perceived value of senior-level risk management leadership increases, the role of the chief risk officer will expand.

"A few years ago, the role of the CRO was much more narrow. It was the role of integrator," Mr. Lam said. That role consisted of integrating different market risks or of trading the risks of various business activities.

Mr. Lam formerly was CRO at GE Capital Corp.'s Capital Markets Services Division, with responsibility for credit, market and operational risks. Most recently, he was chief risk officer at Fidelity Investments in Boston, with corporatewide risk management responsibilities.

The titles that may go along with the role are many, said Mr. Lam. In addition to chief risk officer, the role sometimes is called chief market and credit officer, principal risk officer, executive vp-risk management, head of risk management, or global head of risk management.

In a nutshell, the CRO's key responsibility is "to reduce risk at the appropriate times and to increase risk at the appropriate times," he said.

That mandate includes enhancing the business performance of the organization through risk-adjusted pricing so the company is appropriately rewarded for taking risks.

The CRO is going to be more of a consultant than a transaction person, said Mr. Bugalla of Willis Corroon. The CRO will meet with the CEO and the CFO to understand their strategies and to offer risk management insights related to those strategies. The CRO also will provide insights for strategic and tactical actions that senior risk management might want to take. The key objectives would be to protect earnings, to increase market capitalization or the underlying asset value of a private corporation, and to take advantage of accounting efficiencies to reduce the overall cost of risk, he said.

Another significant part of the CRO's role is ensuring that the right people are in place to carry out the enterprise risk management approach.

"You have to have the right risk management expertise managing risk at the source of the risk," said Mr. Sacks of Arthur Andersen.

The CRO also usually has a team of people to assess, evaluate and analyze key risk information provided by business units. That information is then summarized by the CRO and reported to senior management and the board of directors, he said.

CROs most often report to the CEO or the CFO, said Mr. Lam, and a growing number report directly to the board.

Those reporting to the CRO include the heads of market risk, credit risk, operational risk and risk management systems analysis, as well as the heads of risk management within the various business units, he said.

While specific academic credentials in finance and a knowledge of insurance both are assets for the position, those qualifications alone do not make a CRO.

Several characteristics needed in a CRO include leadership and management strength, strong communication skills and the ability to effect change, said Mr. Sacks. The person should be able not only to strategize, but also to execute, he said.

"I'm not sure people look for specific credentials, but they do look for specific skill sets," said Mr. Lam. Those skills come from a "broad and deep risk management experience," including an understanding of international markets and of credit and operational risk, and an in-depth knowledge of derivatives and alternative risk transfer applications, he said.

Companies also look for a "solid risk management record," which includes the use of risk transfer tools to optimize portfolio performance and the application of risk-adjusted capital to increase shareholder value.

"My challenge to those who wear the risk manager title," said Tillinghast's Mr. Lee, "is that they need to position themselves -- if not to be the chief risk officer, then to be a core member of that whole process."

"I think one thing they must do is really understand the business that their company is in and the industry very, very intimately," he added.

Risk managers that wish to enhance their role should get to know all the key decision-makers at the operating company and corporate levels of the organization and offer to participate in risk-related decisions, Mr. Lee advised.

It's important for the risk manager to understand the key financial measures or performance indicators that the company uses to determine success. Risk management steps should be taken with the purpose of improving those indicators, Mr. Lee said.

"The role that the traditional risk manager needs to evolve toward is much more of an added-value role," said Mr. Lam. Risk managers must see "where there are gaps" in their own experience and then work to fill them.

To help prepare students and risk managers for the new professional environment, The College of Insurance in New York has changed its curriculum over the past few years, said President Ellen Thrower.

The master of science in risk management program, launched about 18 months ago, gears students to the broader, integrated approach to risk management, with in-depth education in risk financing and financial risk management.

Those who choose the risk management concentration in the college's master of business administration program also now receive more emphasis on alternative risk financing, including the use of capital markets and derivatives, in addition to traditional risk management, Ms. Thrower said.

In addition, the college offers customized courses to meet the needs of risk management professionals at specific companies.

"Certainly, not every company or organization, or even every big company, will have a CRO, but we do believe we're going to see more of it," Ms. Thrower said.