Home > Risk > Does the future hold a bigger and better role for risk management?

Does the future hold a bigger and better role for risk management?

A report from Accenture, The Changing Face of Risk Management, talks about how risk management within financial services firms (with a focus on insurance) is changing – and in a very positive way (IMHO).

Will other industries follow this lead?

Here are quotes from sections I liked:

  • Risk management continues to advance into the mainstream of business life. Until recently it was often positioned largely as a compliance necessity and viewed as a cost of doing business. Increasingly we see financial institutions (FIs) associating risk management much more with innovation and striving to enable sources of competitive differentiation.
  • 98% of respondents said that risk management is a higher priority today than it was two years ago. More than 80% of companies surveyed also consider their risk area to be a key management function that helps them deal with marketplace volatility and organizational complexity.
  • ..as businesses innovate and compete, by default they must take on more risk. So the only way for them to succeed in that high innovation environment is by having better risk management capabilities to enable the new ventures and extensions to be successful over the long term. Consequently, across industries there is a movement of Risk Management activities and focus from the back office to the front office, from compliance and cost control to differentiation. That creates a much more tangible, and ultimately healthy, connectivity between risk management, as a function, and the strategic growth drivers or business plans for the organization.

Historically, risk management has been a defensive discipline, but its movement into the mainstream means that it is helping the organization play offense more frequently as part of its role. In other words, businesses are beginning to do things with risk that add value rather than simply limiting it or protecting the business from “risk”. …. Taking risks are part of everyday business, taking unmanaged risks is where troubles arise.

  • Both CROs and Chief Human Resource Officers (CHROs) are becoming much more aware of the need to put measures in place around individual understanding and engagement and the overall level of risk awareness in organizations. As a result, there is often a need for training to be put in place to ensure that all employees understand their specific roles in managing risk in the organization.
  • It would be hard to find an industry or large-scale organization that does not see its business model today as more volatile and more complex than it was only three years ago. All firms are trying to discover where profitability and growth will come from in the future. To manage the business going forward they need the risk management capabilities to support scenario planning and risk mitigation and information based on more than just a finance or a process perspective. They need to be able to look at different markets, customers and product lines in a more sophisticated manner and ultimately to be able to adjust the dials as they try to take business forward in a more complex environment.
  • …businesses are starting to demand better information and insight in new dimensions, faster, and in a more predictive manner, and they need risk analytics to meet the complexities that they face.
  • … more than 90% of Latin American firms have existing ERM programs in place, compared to only 52% of European companies and 60% of North American ones.
  • There is a trend in risk management to use specific tools which are placed directly in the hands of business lines (e.g., front office decision makers). This falls in with the trend of moving the risk management responsibility and ownership to the front line and embedding it into day-to-day activities
  • In the wake of the recent financial crisis organizations are looking to transform the way that they manage risks. Pressures on margins, the high cost of technology and burgeoning regulation mean that firms are searching for competitive differentiation by moving from compliance to performance and adopting more effective and efficient risk management practices. Technology is playing a key role as an enabler for this transformation driving demand for new architectures and high performance computing. However, technology alone is not going to deliver the desired outcomes. Culture and collaboration are also critical success factors.
  • Ultimately, successful organizations will look beyond regulation and cost-reduction and view risk management as a strategic element of their value chain, delivering sustainable growth and innovation.

What do you think? Will organizations in all sectors and industries realize, sometime in the next decade, that risk management is about sustained, optimized performance? It’s not just about ‘playing defense’.

  1. April 10, 2012 at 7:08 PM

    Norman,

    An interesting post, and as usual I have some grouses with surveys because they simplify matters and project a one sided view. Now let me play a devils advocate out here : An organization realizing the advantages of leveraging strategic and operation risks for business, gives business users tools to manage risks. On the other hand, the organization is dysfunctional and senior managers are involved in frauds. None of the people who are involved in criminal activities are ever fired. Now in this case, it is playing offense without focusing on the defense. How will you handle this situation and where will you categorize the organization?

    Sonia

  2. Tripu Sudan Sapra
    April 11, 2012 at 1:28 AM

    It’s a reservior stirring for Risk perceptions and management. We need to be alert for the subject and a live wire system need be in place to protect our business and its growths. The professionals will have great time in days to come. However, the subject matter need be instilled in the groups of people who are entrusted with targets & they go ahead throwing all the barriers of RMS just to remain on top statistically.

  3. Deb
    April 11, 2012 at 11:52 PM

    Sigh… I seem to be in the wrong industry (and jurisdiction)!…

    To your question at the end: No (ever the sceptic!). A decade may be too ambitious a horizon for such huge changes to take effect. It’s dependent on a whole lot of contextual/ environmental factors.

    Just going back a bit, when SOX came in, most (all?) filers complied with it only to fulfill a compliance requirement (most in letter and maybe not so much in spirit). It’s only after a few compliance cycles that many organizations realized that while they were investing so much resources into the process, why not try & get some real benefits/value out of it. The ‘real value’ of SOX may still be open to question (just as the real value of IFRS adoption is hanging fire now), but the point is that the mindsets took quite some time to change.

    In an analogous way, in jurisdictions where ERM is still not ‘mandated’, there’s no ‘push’. Any ‘mandated’ doesn’t mean just reporting that an organization has “appropriate systems and processes of risk management in place… (blah, blah, blah)” – almost any organization can vouch for that formally (like the ‘true and fair’ certification by auditors, but then that’s a different story altogether). It should mean a mandate for someone to verify and certify (perhaps on the same lines as SOX) that appropriate ERM processes are in place, with penalties prescribed for wrong certification.

    Another compounding factor is the maturity of certain specific industries/businesses in a given jurisdiction – high level of maturity can actually act as a dampener to ERM adoption (“We’ve always done it this way…” syndrome), whereas new innovative businesses in sunrise industries may be more encouraging of appreciating the value of ERM. This factor, when coupled with the ‘driving force’ reality – the level to which a business is ‘promoter-driven’ if not majority owned – may play a big role in ERM adoption.

    Bottomline: I personally see a long struggle ahead for ERM adoption in certain ‘traditional’ minded jurisdictions with less than transparent governance structures. How would you expect Coal India (http://www.business-standard.com/india/news/presidential-decree-to-coal-india-not-in-public-interest-says-tci-/471039/) to adopt the best risk management frameworks?

  1. April 16, 2012 at 7:33 AM
  2. June 20, 2012 at 6:01 PM

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: