With lip service paid to risk management but no real clout singled out as one of the culprits in the financial crisis, many companies in 2009 aim to make risk management a daily function of good governance. And since a new Congress and president both promise increased regulation, companies should expect to deal with risk management on Washington's terms. "We're going to see a world where accountability for risk management is spread throughout the organization, within all the functional areas of the company," says Pamella Easley, enterprise risk management (ERM) practice leader for accounting, tax and business consultancy RSM McGladrey. Risk management goes beyond "working with regulators on things like Sarbanes-Oxley and handing in forms on time," she says.
The chief risk officer's (CRO) job will evolve from what was mainly a focus on regulatory compliance to include across-the-the board oversight of everything from Sarbanes-Oxley to credit risk to business continuity. They are responsible for "making sure that everyone has an equal stake in risk management and is held accountable," Easley says.