Risk management: Where Do You Start?
By all indications, risk management companies are about to face some of their biggest challenges and needs to build strategic capabilities while moving on through digital channels. The importance of managing complexities has forced them to make long term plans for enterprise-level risk management. Privacy and security risks are one of the leading factors deciding the pace of technology adoption. A study published by North Carolina State University and the American Institute of CPAs (AICPA) found out how most executives see the risk factor rising in the current business environment. Business leaders have also suggested that most of the steps taken by organizations are seemingly inadequate to address the real factors related to financial and market risks.
70 percent of large, public, and financial service company respondents reported that the risks they face are increasingly complex and numerous compared to five years ago. At the same time, less than 50 percent of those organizations – and only 25 percent of all respondents – described their risk management processes as mature or robust.
“What this study reveals is that there is a huge disconnect between corporate challenges and how organizations are responding to them,” says Mark Beasley, co-author of the report, director of the ERM Initiative and the Deloitte Professor of Enterprise Risk Management in NC State’s Poole College of Management.
“If risk management isn’t advancing strategic goals, it’s hard to show its value,” Beasley says. “And that means risk management can easily slip down an organization’s list of priorities.”
According to the report, only 42 percent of respondents said their organizations have a designated Chief Risk Officer (CRO) or equivalent senior risk executive. This figure is an increase of 10 percentage points over 2015 and 2014, showing that organizations are moving towards strengthening risk leadership. The study cites growing cyber security threats and global events such as Brexit and the U.S. presidential election as possible explanations for the noticeable increase in CRO designations.
The report also found that pressure is increasing for business leaders to embrace a more direct role in risk oversight. Sixty-seven percent of respondents report that their board members are calling for increased senior executive involvement in risk oversight.
“This report tells us that there is a significant need for enterprise risk management given the complexity of the risks businesses are facing – and that boards of directors are calling for it,” said Ash Noah, CPA, CGMA, vice president of CGMA external relations at the AICPA. “Organizations that adapt and implement a big picture approach to risk are better positioned to identify and capitalize on risk taking opportunities, providing them a competitive advantage in the market.”
“ERM can be a valuable tool because it essentially calls for executive leadership to look at all of the potential risks an organization may face and develop plans to address those risks from the top down,” Beasley says.