Report casts doubt on how capably firms assess enterprise risk

A new report exploring the role of chief risk officers in managing risks has shown the majority of executives merely regard risk management should be value driven – with only 18% employing risk strategies to harness drive returns. Most companies surveyed felt relatively well positioned in terms of risk management, however, given the current global economic, technological and political environment, this might be a sign of complacency.

The world is in a period of key uncertainty, with a range of global existential risks on the horizon from potentially seismic changes in technology and culture. Aside from the potential upheaval of climate change, routinely put on the back-burner by governments in favour of short-term profitability – technology in particular represents a key existential danger for the human race, with advancing genetic engineering technologies set to create considerable ethical conundrums that currently have little to regulate them, while artificial intelligence, with little discussion of long-term risk, is being leading to an uncritical arms race between competing developers. Meanwhile these demographic changes could result in growing risks for growing population-centres, who could see knock-on effects hit food or water supplies they depend upon.

In a new report from accounting and consulting firm Deloitte, the authors explore how companies across the globe are managing their risks in the face of the rise of new technologies, customer behaviours and globalisation. Utilising responses from the C-Suite, although it excludes Chief Risk Officers, the paper aims to create a more “objective, external view of not only risk strategy but also of the risk management function itself.”

Examining survey data gathered in partnership with Forbes Insights, Deloitte’s analysed the opinions of 300 global senior stakeholders to better understand the role played by key executive stakeholders in risk and risk management, what risks are being considered in the current environment, and in how far risk and reward are being taken together.

What they found was that there were considerable divergences between the belief that risk management should drive value creation (82% of respondents) and the belief that risks instead should be actively harnessed to drive returns, at (a mere 18% comparatively). 49% of the executives not actively harnessing risks to drive returns said that they are taking steps to do so – with a further 20% saying they see the benefit of value-driven focus, but have yet to take any steps – while 13% said they believe the purpose or risk management is only to prevent losses.

In terms of the area in which risk management is delivering value, according to respondents, ‘improving customer loyalty’, takes the number one spot at 38% in the current climate and 34% in the near future. ‘Increasing operational resilience’ comes in second currently, although it drops past fifth in the near future. ‘identifying and exploiting new business opportunities’ takes third spot (on 30%), and is set to fall to fourth (25%) in the near future.

Other areas in which risk management is appearing to be delivering value include ‘exploiting the power of new technologies’ and ‘improving cost-effectiveness’, at 23% and 21% currently, although they are set to rise to 24% and 28% respectively in the near future.

Over-confidence

When it comes to risk taking behaviour, 82% of respondents claimed they were taking the right amount of risks, while the ability of being able to balance risk and reward was cited by 21% of companies as “well above average”, and by 39% as “above average”. 73% of companies said that their risk management programmes support their ability to develop and execute business strategy, with 82% stating higher levels of confidence that their risk management activities were optimising outcomes across the enterprise.

Deloitte also noted however that, while companies proclaim themselves to be relatively up-to-date on their risk taking behaviour, the current economic, technological and consumer environment mean businesses may in fact be overly confident about their risk management strategies. Only half of companies surveyed used sophisticated risk analytics (15% always; 36% usually) when making strategic business decisions, partially due to organisations lacking skills needed to understand and analyse any data gathered. The document states this failure to incorporate such essential tools “cast doubt on just how capably firms are assessing their risk profiles and optimizing their opportunities.”

The study further identified which risks are the biggest issues on current business agendas, as well as predicting what priorities will be in three years’ time. Sustainability/CSR takes the number one spot, at 34%, although it drops to second in three years time. Innovation/disruption is currently second, although it is set to fall to third in three year. Legislative/regulatory risks take the number three spot, although it too is set to fall over the coming three years. M&A comes third equal, but falls out of the top three within the next three years. The areas of least risk are geopolitical, at 9%, and brand reputation at 7%.

Deloitte’s analysis found that respondents expect their CROs to change their behaviour in a number of ways – with strategy set to become increasingly important.

As it stands, around 27% of the CROs time is spent on strategy, 27% on operations, 26% on stewardship and 21% as a catalyst. This is, accord to the respondents, set to shift heavily in favour of strategy, at 58% of total time spent, while operations and as a catalyst are set to fall to 8% and 11% respectively. Stewardship remains relatively stable at 8% of their respective time.