The current economic downturn has caused companies everywhere to question their risk management process and investigate ways to upgrade their risk management efforts.  In this article, published by Ernst & Young, a survey was conducted to provide a view of the current risk environment and to understand how the attitude of organizations toward risk management.

In the aftermath of the current economic crisis, several companies were faced with a financial crisis they were nowhere near anticipating.  This made several organizations realize that their risk management efforts might not be positioned to help understand other emerging risks.  In the survey, respondents were more comfortable with their ability to effectively manage compliance and financial risks than strategic and operational risks.  This is reflective of a historical focus on compliance and financial risks, which are required by law or enforced through the Sarbanes-Oxley Act of 2002. 

The leading organizations have expanded the scope of their risk assessments by examining their entire value chain and looking at the broader business environment.  A majority of these organizations have:

  • Aligned their risk management efforts with business strategy and objectives.
  • Leveraged information technology to support the company’s risk efforts.
  • Aligned their risk management efforts with performance management.
  • Embedded risk and control activities throughout the organization.

These organizations recognize that creating a more mature risk management process is not just an end goal, it is an ongoing process.  Respondents have indicated that risk management activities have created significant benefits within their organizations including:

  • Better identification and understanding of key risk areas,
  • Improved compliance with regulations,
  • Overall improved business performance,
  • Protection of existing business value,
  • Better decision-making, and
  • Reduced costs.

One of the significant opportunities created by risk management is better communication about risk within different functioning “silos” in an organization.  A majority of the respondents reported that their organizations had overlapping coverage with two or more risk functions and gaps in coverage between risk functions.  The opportunity to improve to one line of communication within risk management is significant.

It is surprising that while 96% of the respondents believed their risk management programs could be improved, 61% plan to maintain their current risk investments.  This means that additional pressure will be placed on risk management individuals within the organizations to broaden their focus with the same resources.  There is also an emerging trend among organizations to “outsource” key risk management activities when an internal solution may not be as effective. 

The results from this survey have shown the future state of risk is one that includes the alignment and coordination of risk and control activities within an organization.  The keys to making this work include an aligned mandate and scope, coordinated infrastructure and people, consistent methods and practices and common information and technology.  Organizations that follow these key steps will not only be more prepared for emerging risks, but can improve their business performance and decision-making as well.

Click below to read the full article.