If a company does not have a CRO (Chief Risk Officer) or equivalent then the responsibility rests with the CEO whether they like it or not. It is all part and parcel of the highest executive role in the company and the Chairman would know this well as the Chairman and CEO have to work closely together. That doesn't deny or exempt other Board members from having a responsibility for understanding the RMF (Risk Management Framework they would have endorsed) and its oversight and raising matters at board meetings or really at any other time in regards matters of concern they should be aware of or have been presented with from others. A Board committee delegated with oversight responsibility for company risk in many companies is more about compliance, audit and financial risk whereas operational and technology risk tends to get pushed back into the executive team and this type of business that is a fundamental and basic mistake. HR needs to be held accountable here as well as they have a shocking habit of misaligning remunerations plans and allowing executives to drive to their remuneration plans rather than a holistic view of company and customers health, wealth and well-being.
Either way what a horrid way to have to bring these fundamental business disciplines to the fore.
AAD Price at posting:
$2.04 Sentiment: None Disclosure: Not Held