“The number of respondents using the low-tech approach to managing risk surprised us, particularly when most organizations have placed such an incredible focus on their Enterprisewide Risk Management (ERM) processes after more than a decade of complex regulatory change and financial crises,” said Greg Bell,
a U.S. principal at KPMG and the Global Information Protection and Business Resilience Leader.
Bell said 64 percent of respondents described their ERM programs as manual, while 20 percent said they utilized data warehousing. Yet, 40 percent cited regulatory requirements or expectations as most strongly influencing their organization’s interest in ERM, followed closely by risk mitigation (38 percent) and improving business performance (10 percent).
Further, the respondents were largely from industry sectors that are highly regulated and most heavily dependent on technology: financial services, 47 percent; technology and telecommunications, 19 percent; and healthcare and pharmaceuticals industries, 9 percent, Bell said.
Deon Minnaar, a KPMG partner and national leader for Governance, Risk and Compliance (GRC) services, said the research results demonstrate that many companies still struggle with how to best manage the methods by which they monitor their risk functions.
Given the volume of risk information, technology remains central to their oversight functions, by aligning and integrating risk-related information. IT also provides new opportunities as they begin to understand how to use analytics to better leverage the universe of data, both internal and external, to gain a competitive advantage in risk management and elsewhere in the organization, Minnaar said.
Other findings of the KPMG survey include:
- Organizational or geographical silos and politics were cited by 50 percent of respondents as the main impediment to effective ERM, followed by lack of resources (19 percent); conflicting priorities (12 percent); unclear benefits (11 percent); the cost of ERM software (4 percent); and Board or Executive resistance (4 percent).
- Few organizations (17 percent) have a formal ERM training and/awareness program; 40 percent had a “somewhat” formal training and awareness program, while 43 percent had no training process.
- Two-thirds of those polled said their organization formally aligned ERM with strategic initiatives either “extremely well,” “good” or “moderate,” compared to slightly more than one-third that rated their organization’s ability as either “poor” or “extremely poor.”
The KPMG poll was conducted during the 2012 RSA Archer GRC Summit in Chicago, June 5-7, 2012.
About KPMG LLP
KPMG LLP, the audit, tax and advisory firm (www.kpmg.com/us), is the U.S. member firm of KPMG International Cooperative (“KPMG International.”) KPMG International’s member firms have 145,000 people, including more than 8,000 partners, in 152 countries.