According to auditing and consulting firm Ernst & Young, a large number of enterprises today possess misaligned and fragmented risk functions, and that is substantially hampering their business performance. Citing the findings from their firm's global Future of Risk study -- which came out of a survey conducted June through July this year, and involved the interview of more than 500 senior executives (chiefly those at the 'C' and Board levels at enterprises with presumably annual global revenue figures going beyond US$1 billion) across the globe, 29 per cent of whom from the Asia Pacific region -- Ernst & Young executives said that 96 per cent of organisations believe they have an opportunity to improve their risk management functions, and almost half recognise that committing additional resources to risk management could give them competitive advantage moving forward.
The study apparently showed that their organisations had gained from current investments. Among the benefits they gleaned from greater investment in risk management over the past year, as cited in the Future of Risk report were those due to: improved business performance (according to 99 per cent of respondents); protection of business value (98 per cent); better decision making (98 per cent); and improved compliance with regulations (98 per cent). Respondents to the survey also expressed their willingness to invest more on enhancing their risk management capabilities.
However, the global economic recession has hit budgets all round, including those associated with risk management: 61 per cent of Future of Risk survey respondents admitted to having no plans to increase investment in risk management in the next 12 to 24 months, and two per cent actually said they planned to decrease it.
In any case, greater investment does not necessarily mean better risk management, Ernst & Young executives warned. In fact, if not done methodically, it could mean higher risks. "Although many organisations have boosted the size and reach of their risk management functions, this does not always equate to an increase in effectiveness," said global advisory leader at Ernst & Young, Norman Lonergan. "In fact, too few organisations can claim that shared reporting, data exchange and coordination consistently occur among their various risk management functions. In the end, this only leaves the organisation more vulnerable to the threat of risk."
Certainly, the "lack of coordination among risk functions is a threat," said Ernst & Young in a statement. "[Results of the Future of Risk survey indicate that as] the number of risk management functions has increased to keep with compliance requirements...the coverage and focus of these multiple risk functions have become increasingly difficult to manage, and is compounded by a lack of alignment." More than 70 per cent of respondents to the survey said they had seven or more risk functions; 67 have overlapping coverage with two or more risk functions; and, 50 per cent admitted to having gaps in coverage of their various risk functions.
Global risk leader at Ernst & Young, Gerry Dixon, attributed this to the commonly isolated and divergent objectives and starting points of the different risk management functions. "[They] often exist in silos that are disconnected from one another and the wider business strategy," he said. "As a result, risks identified in one area may not be communicated or recognised by another. Moreover, different areas within an organisation may have different views on the severity or importance of certain risks."
As such, Ernst & Young executives have put forward the case for the enterprisewide alignment of risk and control activities as the key to delivering improved risk coverage, as well as the decreased costs and increased value of risk functions. This effort, they said in a statement, should include "having an aligned mandate and scope, coordinated infrastructure and people, consistent methods and practices and common information and technology."
And they should do so immediately, Dixon advised. "Leading companies are creating a competitive advantage by using the economic downturn as an opportunity to make practical yet valuable improvements to the way risk is managed," he said. "More than ever, organisations need to have a comprehensive and coordinated risk management approach with strong executive oversight and board of director governance. The opportunity to make those changes is now."
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.