Apart from the European government debt crisis, there is also a multitude of other risks that have gained in magnitude and complexity from a company perspective. These include factors such as volatility on commodities markets, volatility in currencies and interest rates as well as conformity with both global and national regulatory requirements. In this situation, companies have to be able to anticipate existing risks and understand their dependencies.
A qualitative study conducted by KPMG Switzerland in cooperation with the University of St. Gallen investigated the status quo and structure of companies’ monitoring and control functions which check target achievement and address risk documentation and reporting. These include in-house functions such as Internal Audit, Risk Management and Compliance as well as financial statement auditing conducted by the external auditing firm. Collectively these terms are referred to as “assurance.”
As can be seen in the diagram above, 100% of those companies surveyed have an Internal Audit function. A Risk Management function is also present in nearly all cases (96%). Assurance functions such as Compliance (88%), Internal Control System Coordinator (85%) as well as the functions summarized under “Other” (85%) which deal with issues including sustainability, security and health have not yet been fully implemented and developed on a broad scale, not even within large corporations.
The 33 qualitative interviews conducted at 26 corporations stemming from a wide range of different industrial sectors have shown that the various assurance functions are essentially well developed. Effective risk management, however, must also be able to account for the complex interactions that take place between different risk categories. A silo mentality in neatly-differentiated risk groups is no longer a valuable approach to provide effective assurance. Yet particularly when it comes to consolidating and coordinating the various corporate functions for monitoring risks, deficits do exist, and in some cases the study reveals some major shortfalls. To ensure that the various assurance functions can work together effectively and that an overall picture of results can be provided to the management and oversight bodies, there must be a central coordinating function which acts as an interface between the individual functions. As the study shows, however, less than half of the companies surveyed have actually created such a central function. And at companies with more than 100,000 employees, these tools are only available in 33% of cases.
While only 50% of those surveyed responded that they coordinated the activities of the various risk functions at least informally or within the scope of a project, just 26% conduct joint risk assessment. Companies that already coordinate their planning displayed a significantly higher level of satisfaction with their assurance functions. Moreover, the joint utilization of audit plans and methodologies as well as an assessment of the total cost of assurance (not present in 88% of the companies surveyed) would enable the companies to implement these more effectively and efficiently and, in doing so, to cut their overall assurance costs.
For further information, please contact:
Andreas Hammer Head of Public Relations & Public Affairs
Telephone: +41 44 249 48 20
Mobile: +41 79 335 75 06