A company’s decision around whether or not to appoint a chief risk officer (CRO) is driven by many factors such as its industry, business model, structure, culture, and stakeholder expectations, not to mention the nature and complexity of its risks and the extent of any fragmented silo activity within the organization. Once the decision is made to establish a CRO role, both the board of directors and management – not to mention the company’s shareholders – have a stake in that executive’s success. Now is the time for the organization to consider a fundamental question: Is the CRO (or equivalent executive), as well as risk management in general, positioned to be successful within the organization? This issue of Board Perspectives: Risk Oversight discusses this topic, including elements of poor positioning of the CRO.