Warren Buffet is a very smart man, but he is leaving the wrong impression on the topic of risk management. A colleague forwarded me this interview from the Motley Fool Website titled: Buffett Says “Chief Risk Officers” Are a Terrible Mistake. That is a very sketchy statement so I had to dig in.
In a video clip from the 2013 Berkshire Hathaway shareholders meeting, Lawrence Cunningham, author of The Essays of Warren Buffett: Lessons for Corporate America says:
“A common response to the ‘08 crisis…was to have every company appoint a Chief Risk Officer… This whole new industry…within corporate governance has installed this new person to be in charge of all risk activities… Buffet just declares this an abdication of responsibility. And a terrible mistake. The CEO is the CRO… only [the CEO] can really get the whole picture. You can’t delegate risk to this manager and leave it there. It has to come to [the CEO’s] desk. [Buffet] is emphatic about that.”
This left my head spinning on right and wrong, so I purchased my own copy of the book and this is what Buffet says:
“I believe that a CEO must not delegate risk control.” “If Berkshire gets in trouble it will be my fault. It will not be because of misjudgments made by a Risk Committee or a Chief Risk Officer.”
Well Hallelujah. I don’t disagree with a word of that, so what’s my problem with Buffet? I decided to DuckDuckGo “Buffet risk management” to see if there are any clarification on his thoughts regarding the role of risk management departments and the appropriate role of a chief risk officer and I found this clip of Buffet from January 23, 2010. In it he says:
“When you have a company as large as Berkshire and all the obligations we have…I have to be the Chief Risk Officer. I should be the best person to do that because I have this overview of the whole operation and I understand risk …”
Buffet carries a lot of weight with his guidance and he is pushing back against the idea of an office that measures and reports on risk related information to executives. This is a very bad idea.
So there it is. This is where I disagree. Fundamentally, a CRO never makes decisions on behalf of executives. The role should be to facilitate a balance between the needs to protect the company and the needs to run the business.
I’m at odds here, because you have to read very carefully everything that is being said, and I agree with most of it. Here’s the breakdown of right and wrong (LC = Lawrence Cunningham commenting on Buffet’s views, WB = Warren Buffet):
WRONG: LC: “This whole new industry…within corporate governance has installed this new person to be in charge of all risk activities.” – Where this is happening, it is an inappropriate implementation of a CRO role.
RIGHT & WRONG: LC: “Buffet just declares this an abdication of responsibility. And a terrible mistake.” Where it has been inappropriately implemented he is absolutely right. He is wrong because he is stating this as the definition of a CRO. It is not.
RIGHT: LC: “You can’t delegate risk to this [CRO] and leave it there.” Of course you can’t. Anyone doing this, doesn’t have a CRO. They have a scapegoat.
RIGHT: LC: “[Risk information] has to come to [the CEO’s] desk. [Buffet] is emphatic about that.” And a good CRO does that. It is their job.
RIGHT & WRONG: WB: “I believe that a CEO must not delegate risk control.” – This is right because it is absolutely true. It is wrong, because it made in the context that a CRO is delegated to make risk decisions. They are not.
RIGHT: WB: “If Berkshire gets in trouble it will be my fault. It will not be because of misjudgments made by a Risk Committee or a Chief Risk Officer.” – Absolutely true. I don’t know anyone who would suggest otherwise.
WRONG: WB: “When you have a company as large as Berkshire and all the obligations we have…I have to be the Chief Risk Officer.” – This is just final confirmation that Buffet does not understand what a CRO does. Probably because he doesn’t have one and is offended by his own perception, so he has never interviewed a true risk professional.
WRONG. DEAD WRONG. WB: “I should be the best person to do that because I have this overview of the whole operation and I understand risk …” – This statement implies that all CEOs should be responsible for knowing every critical detail of their organization. It minimizes the idea that a risk department could gather information, weigh options, and make recommendations regarding risk. Well, I congratulate him for having this level of oversight, but I’m willing to guess most CEOs could use a little help.
So here’s the bottom line. I’ll bet you that Warren Buffet and I agree on every single point written here. This is speculation because I didn’t run this by him before publishing. I’ll bet he has teams of people who regularly gather and report information to help him make informed risk decisions. What I truly disagree with then is the way this all reads as he puts it out there in the marketplace of ideas.
Organizations are struggling because they do not have a good view of the risks facing them. They need organization of this information reported in a business context to support business decision making. I KNOW organizations need this because I see it every day.
I wish he wasn’t out there giving executives a reason to say they don’t need risk departments or CROs.
Read Complimentary Relevant Research
Predicts 2017: Artificial Intelligence
Artificial intelligence is changing the way in which organizations innovate and communicate their processes, products and services. Practical...
View Relevant Webinars
How to Live Without Mobile Device Management
This webinar addresses the growing trend of users refusing to have enterprise management of their mobile devices due to privacy concerns....
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.