Top Eight Risk Management Imperatives for the C-suite in 2013
A dynamic is evolving: A surge in complexity and uncertainty surrounding organizations as they search for innovative ways to expand into new markets, faceoff against increasing competition and pushing the envelope on technology. Yet these challenges are building faster than most organizations’ abilities to manage with agility, knowledge and a resilient risk-aware culture. Thus, the gap is widening and we are at a turning point – warranting an even stronger capability to master and optimize risk. Stakeholder expectations on an organization’s risk management sophistication continue to grow, yet capabilities are not keeping pace.
This Executive Summary, based on a global survey, conducted in December 2012 by the EIU, sponsored by KPMG International, explores how effectively companies are integrating a holistic governance, risk and compliance (GRC) framework throughout their enterprise.
The principal findings of the survey, which create the basis of this report, are as follows:
Risk Management is viewed as making a key contribution to the business; however, organizations need to improve how they measure risk management’s return on investment, and how they communicate its processes, value and effectiveness to key stakeholders
Executives continue to struggle with assessing enterprise-wide risk exposures
The C-suite sees risk management as critically important but few organizations are articulating their risk appetite
Regulatory pressure and changes in the regulatory environment is the issue posing the greatest threat to respondents; global economic and political instability is seen as the greatest risk scenario threat
Respondents believe business units are more adept than risk management departments, compliance and internal audit in assessing and managing risk
Lack of human resources/expertise impedes convergence of risk and control functions
Weak incentive structures impede risk-based decision-making
Spending to enhance risk management will continue to increase over the next three years
The survey included responses from more than 1,000 C-suite executives from around the world. Of them, 28% are CEOs, 18% CFOs, and 7% board members with the remaining C-suite executives comprising operations, risk, legal, technology, compliance and internal audit executives. More than half (54%) of respondents’ companies have annual global revenues of US$500m or more, with 37% reporting revenues of US$1bn or more, and 14% over US$10bn. The survey primarily focuses on five industry clusters accounting for more than three-quarters of all respondents: financial services; technology, media & telecommunications; diversified industrials; healthcare; and energy & natural resources.
The survey questions centered around priority areas for assessing the evolution of GRC:
- Operationalizing/embedding the risk management program and linking it to organizational strategy
- Ensuring accuracy of the risk profile
- Clarity of roles and responsibilities through the “three lines of defense” structure
- Converging the risk and control functions across the organization
- Enhancing the aggregation and analysis of data to create an enterprise-wide view of risk
- Increasing transparency with enhanced reporting and communication tools
- Adapting to an evolving regulatory environment
For a more in-depth view of the survey findings, the full report will be made available in February 2013, providing a more detailed look at the principal findings.