Poor risk management practices at major companies, especially financial institutions, have often been cited as a key contributor to the global economic crisis.
“Organizations were not completely successful in aligning risk perceptions and appetite of key stakeholders with that of individual decision makers, resulting in suboptimal business decisions being made,” says Tareq Al Sadhan – Partner and Chief Operating Officer, KPMG in Saudi Arabia – commenting on the deficiencies in risk management that led to the crisis.
Over the past 18 months, there have been a number of regulatory developments in the area of risk management with a focus to strengthening risk oversight processes at the Board level across several countries.
But regulation in some ways is part of the problem itself. Ashley Smith, KPMG Head of Internal Audit, Risk and Compliances Services, Europe, Middle East and Africa (EMA) concurred, “The key to effective risk management lies in untangling it from regulations and making it more useful to today’s business leaders as a strategic tool for effective decision making.”
Some of the key results that have emerged from the survey are set below:
• Risks have increased and become more complex, managing it have become imperative – Overall, post the global crisis, there is a consensus that anticipating and managing risks proactively is going to deliver tremendous long term value to organizations. Establishing a global footprint, cross border regulations, geo-political events and increased complexity in the value chain are leading to more risks.
• Expectation on risk officers has increased – In the context of making risk management a strategic tool, CEOs expect their risk officers to be more market and strategy oriented than be focused on the operations and processes. Risk officers who are able to transcend to a strategic role will deliver the greatest value to their organizations. While organizations are making progress in implementing risk management processes and structures, the biggest challenge is around integrating risk with strategy and the business. “There is a need to de-mystify risk and make it simpler for business managers to grasp and implement. A firm commitment at the top and training in the use of risk management tools and approaches is essential to overcome this hurdle. Otherwise, the benefits of risk management will continue to be fuzzy”, as highlighted by Khalid Yasin, Head Risk and Compliance Services, KPMG in Saudi Arabia.
• Perceptions on the role and responsibilities of Boards as watchdogs have become onerous – that of linking strategy, risks, rewards and executive compensation to ensure that there are no misalignments. How much risks are organizations taking on and are they taking the right risks are some of the key questions that Boards need to answer. Boards have the role of balancing majority and minority views and this is where their job becomes even more difficult. Risk oversight challenges faced by independent directors include their limited exposure of their Company’s strategy and inadequate information architecture about the business, industry and external factors.
• Current risk management practices indicated separation between risks and strategies – The survey also reveals that organizations have made little or no progress in actually linking up the dots. Responses / mitigation strategies are still developed in isolation rather than on the basis of more holistic views that takes into account multiple scenarios and potential events. The usage of economic models and technology is limited.
• Embedding a strong risk culture is still in its infancy – Few organizations look beyond 3 years while identifying and assessing risks, and aspects such as sustainability and climate change are given limited importance. Some companies are now adopting the practice of appointing Chief Risk Officers; even within the non-financial services sector. “Appointing a CRO is only part of the solution. Companies need to integrate risk management into day-to-day decision making and this requires (a) a holistic approach to risk management (b) forward looking risk information and (c) a strong risk culture” Altaf Dossa, Head of Forensics practice of KPMG Saudi Arabia pointed out.
In order to overcome these challenges and leverage risk management as a driver of enterprise value, the survey report suggests five key imperatives for companies, namely:
• Enhancing effectiveness of board oversight of risks by separating risk process and content – Companies need to get specialists to help the Board navigate through the strategy and improve their understanding of key risks. It is also important to bring in diversity and align the board composition to key business and strategic priorities.
• Integrating risk management into decision making by leveraging Key Risk Indicators (KRIs) – Key trends that can be predicted with the help of risk management tools could help organizations have a better grip on what is around the corner.
• Focusing on softer aspects: Companies need to focus on risk leadership, risk perception and behavior, and communication.
• Positioning the Chief Risk Officer as a strategic business advisor – A CRO should be someone who can independently validate the strategy with the help of a robust information architecture.
• Integrating the company’s risk management efforts at an enterprise-level – Companies need to marry the top down and bottoms up views on risks.
Monday, June 6- 2011 @ 17:15 UAE local time (GMT+4) Replication or redistribution in whole or in part is expressly prohibited without the prior written consent of Mediaquest FZ LLC.