A new global survey by KPMG International across multiple industries reveals a widening gap between stakeholder expectations for sophisticated and effective risk management and corporate capabilities to execute.
The survey of more than 1,000 C-level executives worldwide by KPMG International, ‘Expectations of Risk Management Outpacing Capabilities - It’s Time For Action’ was conducted by the Economist Intelligence Unit.
The survey focused on priority areas for assessing the evolution of governance, risk & compliance (GRC), and identified the challenges facing the enterprise. Key areas included operationalizing risk management and linking it to organisational strategy; ensuring accuracy of the risk profile; clarity of roles and responsibilities through the ‘three lines of defence’ structure; converging the risk and control functions across the organisation; enhancing the aggregation and analysis of data to create an enterprise-wide view of risk; increasing transparency with enhanced reporting and communication tools; adapting to an evolving regulatory environment; and aligning incentives with risk management objectives.
The growing regulatory pressure is perceived by C-level executives as the top risk while a global economic crisis and geopolitical instability are seen as the most threatening risk scenario across almost all industries.
Despite their awareness of the risk environment, most companies surveyed do not have a consistent way of assessing risk across the enterprise. While 20% of respondents say there is no process at their company to develop and aggregate a risk profile, another 38% rely on a self-assessment by the business units. Almost half express difficulties in understanding their enterprise-wide risk exposure.
Describing it as a case of outdated thinking being applied to a new world economy, KPMG International’s Global Leader for Risk Consulting, Michael J. Nolan explains that while best practices in GRC can serve as guidelines, corporations seeking to capitalise on emerging opportunities will have to rethink their approach to risk from every aspect of their business.
By ensuring that risk management is everybody’s business and not simply that of a single department, companies have a chance to rise to the challenge. Within the key areas covered by the survey, KPMG has outlined opportunities for savvy leaders to foster a risk-resilient culture within their organisations.
Define, operationalize and articulate risk management
It is essential that companies clearly define and articulate their appetite for risk, given today’s complex and changing risk environment. This will help them integrate risk management into the overall corporate strategy, making it an essential part of collaborative decision-making, discussion, debate and learning.
Improve communication across the enterprise
Companies can create a seamless flow of information through greater sharing that will benefit all lines by improving the quality and visibility of risk information. Effective communication to stakeholders will enhance their understanding of the risk program and positively impact value in the minds of the Board, investors and regulators.
Develop and reward your people
Technology is an enabler of the convergence of risk and control functions, but human skills are essential if companies are going to manage the complexity. Common goals for risk and compliance can only be set with sufficient numbers of people with the right skills. By including risk management as an important attribute for leadership with the ability to manage risk as part of regular performance reviews, companies can reward employees for prudent decision making, not just for aggressively hitting financial targets.
Clearly define Return on Investment
One clear trend in the survey is that companies are spending more to strengthen risk management despite their struggle to estimate its ROI. By understanding the link between risk management and corporate strategy and how identified risks threaten the achievement of business objectives, executives can move risk management from a theoretical exercise to a business tool.