Since CRO deals so often with GRC (governance, risk and compliance) issues, it's interesting to see the risk management component so out there, front and center, in the Societe Generale trading scandal.

Published reports claim that Societe Generale received several risk alerts about Jerome Kerviel's now-suspect trading, which ultimately led to a whopping $7.2 billion in losses, but took no actions after interviewing the trader and receiving reassurances.

The conversation might have gone something like this:

Societe Generale: “Jerome, we see you've been running up a few billion dollars in losses. What's up with that?”
Kerviel (sighing): “Don't worry guys, it was just a typo. It won't happen again.”

Meanwhile, Computer Sciences Corp., in El Segundo, Calif., helped Societe Generale develop “a single risk reporting tool” and began rolling out the first reporting mode in late 2006. The goal was to retire a decade-old reporting tool that needed to be replaced because of the financial institution's international expansion.

The CSC website lists the development and deployment of the Societe Generale tool as a case study.

Maybe it was.

The truth of what took place likely will take months to unravel, and it seems troubling, to say the least, that executives at a large financial institution could seemingly manually override all the risk assessment gear in place, if that is what happened. You know, just flip the switch and sort of turn off all of that GRC software.

Whoever turns out to be the culprit in this mess, whether it be the Societe Generale, the young trader, any co-conspirators, or vendors, the situation sure will turn out to be a case study in fiscal folly.