Grant Thornton UK, in partnership with the Economist Intelligence Unit, recently released a report summarizing their survey of over 450 senior executives in the United Kingdom and Ireland, complemented by in-depth interviews, on the importance of risk management prior to and during the most recent global economic crisis.  The study’s findings suggest that many organizations are not focusing the proper amount of attention to their risk management efforts, with some believing that there is a danger that the pressure to improve risk management practices may diminish as the recession begins to ease. 

Uncertainty of Major Risks

As the recession began to significantly unfold in 2008, most organizations were not fully prepared for the impact it would have on their performance.  The majority of the organizations surveyed from the UK said that their risk management processes did not properly prepare them for the economic downturn.  Nearly half reported that their internal reviews of strategic risks prior to the crisis did not capture the extent of the impact of the recession on the strategies of the organization and only a third believed their risk management practices helped to minimize the impact of the economic downturn on the organization. This limitation in risk management practices had a major impact on how the organization was able to carry out business processes during these tough economic times.  Many are searching to find ways to help bolster risk management practices to ensure they better prepare the organization for the possibilities that things may not go as planned.

Reaction to the Risk

Because so many organizations were impacted harshly during the economic downturn, many are seeking to bolster their risk management processes.  The survey shows that most organizations are reviewing their processes and are beginning to quantify their strategic risks as well.  One thing that must be carefully assessed is whether some of these newfound risks are only temporary or if focusing on them will provide prolonged benefits in the business process of these organizations. 

While over two-thirds of respondents say their companies have changed how they value risk, there is some concern that organizations may only give risk management proper attention for now and then loosen up on it down the road as the economic condition turns around.  The report notes that if organizations aren’t shown what exact value risk management is contributing, then they may slide back to ad hoc risk oversight.

Organizations must also make sure to not only focus on one area, while allowing other areas of their core business to be left vulnerable to major risks.  Organizations tend to worry most about their financial risks, which could lead to greater risks in other areas of the enterprise due to a lack of focus on those risk issues. 

The survey also shows that in regards to risk appetite, most of these organizations could remain risk averse over the next 18 months, but there are a few areas where they may remain the same in their risk appetite or even increase it.

Value of Risk Management

The results of the survey clearly show that most organizations have not historically viewed risk management as a valued part of their business.  Most of them do not give risk management the proper attention it deserves and this leads to a lower population of organizations which manage risks at all levels of business.  Less than half of the respondents also admitted that they don’t consider risk management to have an influence on their major decision making process. 

These organizations need to begin to look at risk management in terms of using scenario analysis and other techniques to help show the value of risk management over time in their firm.  Incorporating a diverse range of relevant information, including qualitative assessments about the risk environment, will help strengthen the view of management about emerging risk drivers.

They must also remember to set their risk appetite to ensure that a definite value is added to their organization.  Risk appetite is something that must be done at the board level, which helps focus an organization on risk management and how to define their risk maturity level. 

The report also provides a framework that organizations can use to assess their organization’s relative risk maturity that involves consideration of these elements: 

  • Leadership
  • Risk Strategy and Policies
  • People
  • Processes
  • Risk Handling
  • Outcomes

Click the link below to download this full report.