Monday 20 August 2012

Deloitte and Forbes - the new world of Risk Management

This Deloitte/Forbes paper is sub-titled "Aftershock", which makes anyone of my age immediately recoil at the though of the world's most repulsive bar shooter - it is in fact a pretty decent stab at running on from the kinds of financial services-specific research which came off the back of the 2006-2008 mega-turbulence (these were mostly titled "We've broken the World, what are we going to do" :-( )

At 192 respondents it is a decent sample size, though is US-centric and non-Finance organisations, so not a great all-rounder for you global readers. However, the central message that risk management programmes and frameworks remain in a state of flux (hence the aftershock motif) is a worrying one when one examines the stats behind it:
  • 91% are reorganising and reprioritising approach to risk management in next 3 years, citing continued market volatility.
  • Only 37% had plans to provide additional training in that respect
  • Centralisation cited as more efficent way of bubbling risks to the top - interested to know if that is everyone's experience?
  • Around 50% retain primary responsibility for the "risk management approach" with CEO or CFO, with the CRO in third at 20% - should we be expecting that percentage to be moving up or down at this juncture (in particular, does a CRO need a seat at the top table to be responsible for ERM approach?).
  • Example cited of ERM being managed in the corporate strategy department, which I thought was an interesting development.
  • Biggest challenges included; 26% stating that incentives are not rewarding 'risk based decisions'; 22% struggling with the misalignment of the business operating model and the ERM model, and 23% suffering a lack of information to make risk based decisions. These three (there are of course more in the list!) struck me as common issues when preparing for Solvency II, so handy stats in that respect.
  • Staggeringly, Social Media is equal fourth on the list of "most important risk sources over the next 5 years" - equal with Financial Risk! Not to underplay the emergence of social media and its multiplier effect on reputational risk, but seriously?
  • Most "risk types" are monitored either periodically or continuously, though strategic and reputational risks seem to be most likely to be measured on an ad-hoc basis (something which you ORSA consultants out there will sympathise with!)
     
I say "worrying" at the top here from a professional perspective - is it reasonable after events as seismic as those experienced in the last 5 years for the risk profession to still be sliding in a mass of new parts into the ERM machine, as opposed to tinkering under the bonnet?

Bearing in mind this doesn't include the financial services industry, maybe the timelag is rational, as the other industries have had plenty of time to learn what not to do!

No comments:

Post a Comment