• Date: 1/2/2014

Integration and comprehensiveness 

There are two main reasons why companies are being outfoxed, says Steven Briers, Partner, KPMG in South Africa. First, “companies have only addressed two or three key processes of enterprise risk management and are not linking it to the company’s financial framework.” They may conduct an enterprise-wide assessment once a year, but the way in which risk is measured doesn’t correspond to the company’s financial imperatives. “The heart of the problem is that even huge companies address and measure risk very simplistically. It’s not connected to the real-world finances and operational targets of the group,” he adds.

Briers suggests the second reason as: “Risk management is incorrectly positioned as a compliance function or a governance obligation. Management will go along with a one-day workshop on risk, but the whole exercise is seen as a paper chase.” He states that risk management is regarded as a mechanism for describing risks and communicating them to the Board, but it is not seen as a strategic function, and is not part of the business planning cycle. According to Briers: “It is not considered an essential piece of strategy formulation. It exists in a parallel universe.”

Risk management considerations

View larger chart image 

Risk management, therefore, needs to be brought down to earth. Paolo Mantovano, Partner, KPMG in Italy, believes that: “Given the fast-changing environment, it is essential that the risk function is embedded in the business and is always kept updated about organizational, strategic, business changes or decisions, as well as about external changes that could expose the company to emerging unknown risks."

There is no doubt that executives are aware of the need to manage risk; it is clearly seen as a high priority among ENR companies surveyed, however, only 65 percent of respondents build it into strategic planning decisions often or constantly. “Things are done intuitively, but not systematically,” says Wilson. “The process should be about presenting options and monitoring the hurdles faced in reaching strategic objectives.”

Briers states that: “Companies mistakenly think they can gradually implement a program of enterprise risk management and do so in a piecemeal fashion.” But instead, he thinks they should try to get all the pieces of the risk management puzzle in place in 12 months or less. “Companies assume that the more difficult things, like measuring risk in dollar terms, can wait until some other time, but there has to be a complete system of enterprise risk management put in place right away,” he adds.


Share this

Share this