When I first read the Accenture 2011 Global Risk Management Study I was shocked. It seemed to say what nobody else, nor my personal experiences talking to hundreds of companies around the world, was indicating: that there had been a tectonic, positive shift in risk management practices and philosophy.
All of a sudden, risk management was broadly perceived as critical to optimizing and sustaining performance. A massive increase in acceptance and implementation of risk management had occurred since the last Accenture study in 2009.
But, a careful read shows that Accenture surveyed companies that either had an official Chief Risk Officer (64%), a senior executive who performed that role without the title (14%), or a manager who performs that role without the CRO title (6%). Only 16 percent of the respondents were at companies without a risk office. In addition, about half of the companies were large enterprises with revenues in excess of $5 billion.
Even with this caution, the results of the study are important and interesting. After all, even risk officers have been talking about protecting value rather than enhancing performance. They have also not been so positive about continued investment in risk management as this study shows.
Here are some of the highlights for me, but there is a wealth of information, especially if you access their referenced Risk Management Thought Leadership Library.
Executives understand that the challenges facing their organizations have never been greater. They are increasingly looking to risk management leaders to provide guidance on the path ahead, mitigating critical risks and enabling long-term sustainable growth.
What we are witnessing, especially as we compare the 2011 results with the findings from our last survey in 2009, is a clear maturation of risk management capabilities across all industries — a rapid march up the business value chain and the development of governance and organizational structures that give risk a voice at the executive table.
Risk management capabilities are more critical, more connected, more strategic and overall more valuable to enterprises as they execute their business plans. As a result, companies are spending more time and effort advancing their risk management capabilities as a business priority.
The executive mindset is broadening, and risk management is becoming both more comprehensive and more integrated — whether in decision making or in formalizing enterprise risk management programs or in the restructuring of the risk management organization and its leadership.
Companies have increasingly initiated comprehensive enterprise risk management programs and are more likely to have in place C-level executive oversight to ensure that risk is being managed at a more strategic level. In short, risk management capabilities are not only prevalent and a target of investments — they are also more strategic and aligned with growth strategies, and they are helping companies achieve their most important business priorities.
Beyond the immediate pressures of global markets, more demanding customers and dramatic industry change is a growing recognition that companies have an opportunity to drive competitive advantage from their risk management capabilities, enabling long-term profitable growth and sustained future profitability.
This means that risk management at the top-performing companies is now more closely integrated with strategic planning and is conducted proactively, with an eye on how such capabilities might help a company move into new markets faster or pursue other evolving growth strategies. At its best, risk management is a matter of balance — the balance between a company's appetite for risks and its ability to manage them.
"Key risk performance indicators and specific, focused risk analyses are now more often included in investment and strategic decisions."
Companies are increasingly concerned about the spectrum of risks — from supply chain to operations to regulation to reputation. Financial fraud and crime are on the rise.
Risk management needs to support positive business growth, not only protect against negative occurrences.
Organizational silos and outdated information systems prevent many enterprises from adequately sharing information that could mitigate risks more effectively.
Executives want risk management to be a driver for sustained future profitability, and they understand the importance of infusing a risk culture throughout their organization, but too few companies are achieving those goals.
The risk management organization needs to be included in activities such as strategic planning, objective setting and incentives, financing decisions and performance management processes.
It is vital to have in place mechanisms to create and distribute more broadly across the organization an awareness of risk exposure, detailed training and the means to mitigate risks.
Failure to link risk management to growth and value means leaving money on the table, and, consequently, the failure to achieve high performance.
"Risk is a higher priority for us than two years ago because business and risk complexity are changing — driven by regulation, competition, customer expectations, technology, processes, environmental issues and new products, as well as macroeconomic and market factors. Business and risk complexity are rising faster than the current risk management function can keep up. Hence, we are now enhancing our risk management capabilities to enable our organization to keep pace with those complexities."
"A high-quality and efficient risk management function is among the top strategic goals of the company, ranking second only to growth and profitability."
Almost all respondents felt that their risk management capabilities provide at least some source of competitive advantage, a finding consistent across industries.
Interesting geographical differences were apparent from the survey results. Companies in Latin America, for example, are especially likely to have ERM programs — an almost unanimous 99 percent of those surveyed. European companies were the least likely to have an ERM program at 52 percent; North America was also below the survey average at 60 percent.
Eighty-three percent of respondents see risk management investments (which includes salary and benefits for risk employees, professional services, technology costs, facilities and travel) increasing in the next two years.
Geographically, Latin American companies foresee larger risk management investments than other parts of the world: 90 percent foresee significant or moderate investment increases, compared to the survey average of 83 percent. Asia Pacific and North America are slightly under the average, at 82 percent and 81 percent, respectively.
I will close with this quote, just to please my masters at SAP (they have risk management solutions):
What do you think? Do the Accenture findings gel with your discussions with a) risk officers, and b) senior executives? Are there sections of the report that you like, but which I didn't reference?