Setting your risk function up for success

Risk function design is often informed by past practice and perceived good practice elsewhere. But tactics without clear intent won’t get you where you need to go.

What does a modern CRO team look like?

Risk functions mean many things to many people – often within the same organisation.

Lack of clarity on what is essential can lead to underperformance in things that matter and over-investment in things that don’t.

It can also result in recruiting the wrong profiles for the job and focus being skewed by unintended biases, personalities or skills.

There is no single answer. It varies for each organisation at various points in time.

Alignment on these things is critical and requires vigilance.

Getting the right leader

We are often asked to help set strategy and direction for a risk function, to get the right structure in place and appoint the right leader.

Our involvement can range from a series of conversations through to a full baseline assessment, getting alignment on desired outcomes, deciding what functions to bring together (and keep apart), writing the job spec, finding and screening candidates and sitting on the interview panel for CRO roles.

Many times the conversation starts with structuring their risk teams and appointing the right person to lead it.

To deal with this properly, we need to go back one step on what type of risk function the organisation wants and what stage they are at.

Can’t we hire someone with the same title from another company?


You might get lucky.

But you might not. And that will be expensive.

Both in terms of the hiring process and, more importantly, in lost time and momentum in the normal cycles that happen when changing leaders.

Particularly if the role is anything other than a caretaking BAU role.

And it can be really clunky and disruptive if the wrong person is appointed.

Unfortunately, we see this too often, particularly when the search and recruitment is done by someone who doesn’t specialise in the area and is also done without advice from someone who does.


Let’s go into why.

Different shapes, sizes and orientations

We’ve seen and worked closely with nearly 100 risk teams around the world. We know what makes them tick, what works, what doesn’t and why. And while there are similarities, themes and skews, we’ve never seen two that are alike.

Some teams and leaders may have a skew towards “blocking and tackling” like compliance, insurance, and internal audit.

Others may wish to not “sandbag” their risk teams with these functions and keep them solely focused on things that can move the share price.

Then there’s areas and competencies that are core to each business and industry and decisions on whether those capabilities should be held centrally or built close to where the risks are being taken.

All risk teams end up overweight in one of these areas. Some by design. Others by accident.

It pays to get this right.

The right leader for right now

And there’s the leader for this point in time.

Some risk functions need transformation. Others need a more steady state and nurturing.

Some need big picture. Others need detail.

Give a change agent a steady-state team to lead, and this probably won’t go well.

Similarly, if a big change is required, you better hire someone who likes doing this and is good at it.

Asking a big-picture person to do detail will only work well if they’re an all-rounder.

And so on.

Match fit is important.

Prioritising what’s necessary

There are an extensive number of risk maturity models around these days. Most work on the assumption that doing more will achieve better results, without going back to first principles or addressing the questions raised in this article.

In 2020, we built a model to address this gap and conducted a study of 20 organisations to get clarity on the priorities for their risk leaders and risk teams and to identify common areas where people need the most help.

Our framework contains 16 of the most common priorities for risk functions – shown in light blue below.

The model and tool unpacks each of the elements and takes participants through a thought process to understand each area and rank importance and performance.

We’ve since run the model with a number of organisations to help them get clarity and alignment on what they want to build and coordinate and this is now a starting point for any risk transformation journey:

  • To get clarity and alignment for the leader
  • To get clarity and alignment for the function sponsors
  • To get clarity and alignment for the team and stakeholders
  • To kick off a strategy refresh session for the function.

This is a great starting point before going into the next level of detail, using our risk excellence model or other tools.

How can help

The individual option: starting at $2,495.

  • Personalised reports and comparisons vs benchmark
  • Preliminary action plan on areas to confirm, area to improve
  • Video call with Todd to go through the results and practical actions to get confirmation and discuss gaps
  • Option to add 4 coaching calls to go through it in more detail

The team option: starting at $4,950.

  • As above
  • Team or stakeholder version of the survey diagnostic
  • Workshop to go through the results with participants
  • Preliminary forward plan.
  • Price depends on level of involvement

Leader appointment and development: starting at $9,500 per module

  • Module 1: Team structuring and leader role definition
  • Module 2: CRO search support, screening support and selection support
  • Module 3: Internal candidate coaching support for emerging leaders and lateral hires
  • Note: We augment the recruiting process. We do not perform it.

Function review / strategy: starting at $19,500

  • Leader, sponsor, stakeholder alignment (what do you want risk to be great at)
  • Full baseline assessment including TDA proprietary risk excellence model

Implementation support, POA

  • Coaching / advisory sessions
  • Review and feedback
  • Bespoke involvement

We can tailor solutions to most budgets.

To get started, book an obligation-free 25-minute discussion with Todd via phone or video call.

About this initiative

In working with many risk functions over the years it’s become clear to us that the expectations of the modern chief risk officer continue to evolve – often without a clear framework or agreed set of priorities.

Clarity and alignment on priorities is essential.

Changing requirements and changing stakeholders mean that prioritisation and alignment on expectations requires constant vigilance. And to be revisited when circumstances or stakeholders change.

In 2020 we developed this model to help drive clarity for some of our clients.

This model was first shared on LinkedIn and has received exceptional feedback from more than 100 risk leaders including CROs from some of the world’s most respected brands. The model was viewed and shared more than 13,000 times in under a month, which indicates the burning need for clarity.

Study summary

It is important to complete this survey every time there is a significant context change or change in stakeholders for your risk team. It only takes 7-10 minutes – long enough to enjoy your favourite beverage.

The public version of the study is now closed, but remains open for TDA clients.

Book a discovery call to find out how you can participate.

Or you can get a summary from the link below.

What does your risk function need to be great at – the results