Why Warren Buffet is wrong on chief risk officers
- {{x.value}}
{{ twilioFailed ? 'SMS Code Failed to Send…' : 'Enter verification code' }}
{{ completedStep1 ? 'Authentication & Security' : content.trialHeading.replace('{0}', user.FirstName) }}
{{ content.upgradeHeading.replace('{0}', user.FirstName) }}
The email address you entered is registered with InvestSMART
Please login to continue
We have sent you an email with the details of your registration.
Looks you are already a member. Please enter your password to proceed
{{ upgradeCTAText }}
Updating information
Please wait ...
Your membership to InvestSMART Group recently failed to renew.
Please make sure your payment details are up to date to continue your membership.
Having trouble renewing?
Please contact Member Services on support@investsmart.com.au or 1300 880 160
You've recently updated your payment details.
It may take a few minutes to update your subscription details, during this time you will not be able to view locked content.
If you are still having trouble viewing content after 10 minutes, try logging out of your account and logging back in.
Still having trouble viewing content?
Please contact Member Services on support@investsmart.com.au or 1300 880 160
Please click on the ACTIVATE button to activate your Intelligent Investor 15-day free trial
Please click on the ACTIVATE button to finalise your membership
Unsuccessful registration
Registration for this event is available only to Eureka Report members. View our membership page for more information.
Registration for this event is available only to Intelligent Investor members. View our membership page for more information.
- You are already registered for this event.
- This event is already full.
- Please select a quantity for at least one ticket.
- {{ i }}
Forgotten password
Please enter your email address below to request a new password
- Verify your email address by clicking on the link we sent to {{user.Email}}
- You now have free access, we look forward to helping you on your financial journey.
Warren Buffet is a very smart man, but he is leaving the wrong impression on the topic of risk management. A colleague forwarded me this interview from the Motley Fool Website titled: Buffett Says “Chief Risk Officers” Are a Terrible Mistake. That is a very sketchy statement so I had to dig in.
In a video clip from the 2013 Berkshire Hathaway shareholders meeting, Lawrence Cunningham, author of The Essays of Warren Buffett: Lessons for Corporate America says:
“A common response to the ‘08 crisis…was to have every company appoint a Chief Risk Officer… This whole new industry…within corporate governance has installed this new person to be in charge of all risk activities… Buffet just declares this an abdication of responsibility. And a terrible mistake. The CEO is the CRO… only [the CEO] can really get the whole picture. You can’t delegate risk to this manager and leave it there. It has to come to [the CEO’s] desk. [Buffet] is emphatic about that.”
This left my head spinning on right and wrong, so I purchased my own copy of the book and this is what Buffet says:
“I believe that a CEO must not delegate risk control.” “If Berkshire gets in trouble it will be my fault. It will not be because of misjudgments made by a Risk Committee or a Chief Risk Officer.”
Well Hallelujah. I don’t disagree with a word of that, so what’s my problem with Buffet? I decided to DuckDuckGo “Buffet risk management” to see if there are any clarification on his thoughts regarding the role of risk management departments and the appropriate role of a chief risk officer and I found this clip of Buffet from January 23, 2010. In it he says:
“When you have a company as large as Berkshire and all the obligations we have…I have to be the Chief Risk Officer. I should be the best person to do that because I have this overview of the whole operation and I understand risk …”
Buffet carries a lot of weight with his guidance and he is pushing back against the idea of an office that measures and reports on risk related information to executives. This is a very bad idea.
So there it is. This is where I disagree. Fundamentally, a CRO never makes decisions on behalf of executives. The role should be to facilitate a balance between the needs to protect the company and the needs to run the business.
I’m at odds here, because you have to read very carefully everything that is being said, and I agree with most of it. Here’s the breakdown of right and wrong (LC = Lawrence Cunningham commenting on Buffet’s views, WB = Warren Buffet):
WRONG: LC: “This whole new industry…within corporate governance has installed this new person to be in charge of all risk activities.” – Where this is happening, it is an inappropriate implementation of a CRO role.
RIGHT & WRONG: LC: “Buffet just declares this an abdication of responsibility. And a terrible mistake.” Where it has been inappropriately implemented he is absolutely right. He is wrong because he is stating this as the definition of a CRO. It is not.
RIGHT: LC: “You can’t delegate risk to this [CRO] and leave it there.” Of course you can’t. Anyone doing this, doesn’t have a CRO. They have a scapegoat.
RIGHT: LC: “[Risk information] has to come to [the CEO’s] desk. [Buffet] is emphatic about that.” And a good CRO does that. It is their job.
RIGHT & WRONG: WB: “I believe that a CEO must not delegate risk control.” – This is right because it is absolutely true. It is wrong, because it made in the context that a CRO is delegated to make risk decisions. They are not.
RIGHT: WB: “If Berkshire gets in trouble it will be my fault. It will not be because of misjudgements made by a Risk Committee or a Chief Risk Officer.” – Absolutely true. I don’t know anyone who would suggest otherwise.
WRONG: WB: “When you have a company as large as Berkshire and all the obligations we have…I have to be the Chief Risk Officer.” – This is just final confirmation that Buffet does not understand what a CRO does. Probably because he doesn’t have one and is offended by his own perception, so he has never interviewed a true risk professional.
WRONG. DEAD WRONG. WB: “I should be the best person to do that because I have this overview of the whole operation and I understand risk …” – This statement implies that all CEOs should be responsible for knowing every critical detail of their organisation. It minimises the idea that a risk department could gather information, weigh options, and make recommendations regarding risk.
Well, I congratulate him for having this level of oversight, but I’m willing to guess most CEOs could use a little help.
So here’s the bottom line. I’ll bet you that Warren Buffet and I agree on every single point written here. This is speculation because I didn’t run this by him before publishing. I’ll bet he has teams of people who regularly gather and report information to help him make informed risk decisions. What I truly disagree with then is the way this all reads as he puts it out there in the marketplace of ideas.
Organisations are struggling because they do not have a good view of the risks facing them. They need organisation of this information reported in a business context to support business decision making. I know organisations need this because I see it every day.
I wish he wasn’t out there giving executives a reason to say they don’t need risk departments or CROs.
Paul Proctor is a vice president, distinguished analyst, and the chief of research for security and risk management at Gartner.
Call 1300 880 160
Start a chat
Schedule a call
