Risk management results

Some interesting trends and global findings emerged from an Ernst & Young survey.

In the 2006 Ernst & Young survey, companies perceived a rising level of risk and planned to increase their investment in risk management over the following three years, but a lack of alignment with the strategy of their business meant many were not getting the full benefits from their risk approach.

The findings suggested that general managers do not always have a full understanding of the risk challenges in functional areas, such as tax and technology, and that greater communication is needed between senior executives and functional leaders. Only two-thirds of the senior executives questioned said that tax, technology, competitive and pricing risk are included in a formal risk assessment process.

Other key findings included:

Risk management challenges over the following three to five years included a more integrated and systematic approach, clarifying ownership, and embedding a risk culture in the organisation;
Risk management processes had positively affected working relationships by a factor of 6:1, leading to increased effectiveness in decision-making and communications, and better alignment of effort; and
Key areas for successful risk management were clear ownership of risk (77%), understanding throughout the organisation (76%), and internal mechanisms to communicate on risk (71%).

In the 2007 Ernst & Young survey, senior executives are responding to increased levels of risk with higher levels of investment. But a new survey from Ernst & Young reveals more needs to be done to extract the full value of this investment.

Companies perceive a rising level of risk and plan to increase their investment in risk management over the next three years. The challenge is to focus that increased investment where it will add most value. However, further alignment with business strategy will help companies to get the full benefits of their risk approach.

Key findings were:

Nearly four in ten companies do not have formal processes to align risk management with corporate strategy. This finding, more than any other emerging from our survey, suggests that companies still have some distance to go to gain full value from their risk management approach;
Further alignment is needed between risk management functions and line management, as well as across individual functions. The findings suggested again that general managers do not always have a full understanding of the risk challenges in functional areas, (for example, tax and technology) and that more communication is required;
There is definite room for improvement in risk coverage and formalisation. Forty-two per cent of our respondents admit there are gaps in their risk coverage; and
Investment in risk management will rise: 66% of companies plan to increase their investment over the next three years.

The 2007 US Risk Barometer study by Protiviti, which surveyed 150 senior-level executives, found that competitor risk is viewed as the top risk to these organisations. Competitor risk along with customer satisfaction, the regulatory environment, information systems and IT security, and changing markets make up the top five risks as determined by the study. Compare this to the previous editorial whereby we discussed the top risks identified in the Aon’s 2007 Global Risk Management Survey.

They were: damage to reputation, business interruption and third party liability, supply chain failure and market environment.

While competitor risk ranked highest overall, the Risk Barometer study found the top risk varied by industry groupings:

Manufacturing, distribution and technology – competitor;
Financial services and real estate – financial markets;
Healthcare and life sciences – regulatory environment;
Media, hospitality and services – customer satisfaction;
Consumer products and retail – competitor; and
Energy and utilities – regulatory environment.

Survey results show executives’ appreciation of the potential organisational impact of better risk management. In the 2006 US Risk Barometer study, lower insurance premiums were the top-ranked benefit of risk management. In 2007, however, “quicker identification of risk” was the most oft-cited benefit, followed closely by “better risk information and measures,” and “improvements in process performance.”

The human element fraud

Fraud remains an underestimated risk. The consequences of fraud and all related unethical behaviour, including bribery and corruption, can be devastating to a company.

The cost of fraud can be significant. If reduced only marginally, the programme for fraud risk control can be seen to deliver a positive cost/benefit for all stakeholders. It was stated in the Fraud Risk Mitigation survey that fraud risk management should be seen as a saving or investment, rather than a cost.

The survey reports that employees in Europe find their employers’ anti-fraud policies lacking. Many fear reprisals, and the overall findings show personnel see a disconnect between the perceived and real procedures on reporting improprieties.

Although all US -listed companies and their subsidiaries are required to have an anonymous whistleblower hotline for employees and third parties to report unethical behaviour, these hotlines are far less common in Europe. Only 38 percent of European respondents say their company has a hotline, while a little more than half of total respondents say they believe people actually use hotlines.

One in five respondents said people at their companies are afraid to speak up. More than 80 percent cite fear of reprisal as the reason they won’t come forward.

The differences as to the reason why an employee would call or not call had to do with the culture, legislation and regulation in each country.

Overall, 42 percent of respondents’ companies do not have any formal anti-fraud policies or procedures in place. However, most employees surveyed say they would rather work in an organisation that has a definite set of guidelines to help them make the best choice when faced with a difficult situation. The report concluded that some of the best practices in managing business fraud and unethical behaviour are establishing a unilateral code of conduct, training and awareness, and a trusted means of communication such as a hotline. A specific chain of reporting is also a key factor in increasing employee confidence in the organisation’s anti-fraud efforts.

Peter Smanjak is the CEO of Infinite Risk (www.infiniterisk.com) which operates in the corporate market on strategic and operational aspects of all risk related and health care programmes.