Companies Must Revisit Risk Management Strategies
By Samuel Greengard
Over the last decade, enterprise risk management has become critical. Cyber-threats, social media, political upheaval, global competition, and increasingly complex business and skill requirements are forcing executives to re-examine their strategies and how they approach information technology.
"Risk management is being pushed up the list of organizational priorities by external factors, states Steve Culp, global managing director of the risk management consulting group at Accenture."At a time when the rules of the game are increasingly changing, it is important for risk leaders to assess where they're at today, what they need to do and then plan the course ahead."
There's good news and bad news. A newly released Accenture report, "Risk Management for an Era of Greater Uncertainty," notes that 98 percent of respondents consider risk management more important now than two years ago. Also, 96 percent of the responding organizations have a chief risk officer (CRO), compared to 78 percent in 2011.
Nevertheless, the survey discovered that many organization face steep challenges. "There are large gaps between senior management expectations for risk mitigation outcomes and the risk function's performance," Culp says.
Although 58 percent of the respondents indicated that they had added staff to their risk management team during the last two years, 54 percent reported a shortage of candidates who had the right skills to help them navigate an increasingly uncertain risk landscape.
These talent shortcomings are hindering organizations as they attempt to execute business objectives, Culp notes, adding: "It is critical to leverage technology and data to support the risk management function." For example, 95 percent of the people surveyed identified the importance of reputation management, but only 28 percent said their risk team had provided support in that area.
A shortage of analytics skills in risk management compounds the problem. In fact, 61 percent of the respondents reported deficiencies in this area. Fifty percent said they lack skilled staff to develop analytical models; 44 percent have difficulty embedding risk analytics in management processes; 44 percent are using outdated legacy systems; and 42 percent said systems integration is lacking.
In addition, 60 percent of the respondents indicated that they had encountered obstacles in finding qualified risk technologists: a group of specialists with a wide range of analytics skills that can be directly plugged into risk management. The demand for these skills is growing amid rising external pressures related to natural disasters, political instability in places such as Egypt and Syria, and an evolving online and social media environment.
"Those who excel tend to nurture a range of analytics skills that are specialized in the various aspects of risk management," Culp notes.
What can enterprises do to confront these challenges and boost results? So-called "riskmasters"—about 8 percent of the respondents—placed a greater emphasis on finding and training the necessary talent. They also tend to include risk considerations in the decision-making process in areas such as strategy, capital planning and performance management. Finally, they do a better job of integrating their risk organization into operations by establishing risk policies based on their enterprise's appetite for risk, Culp says.
Organizations should focus on four primary issues, he advises. First, Culp says, "Treat risk as a 'people game' by developing risk staff with business acumen." Second, look ahead to spot new types of risks and work to develop capabilities that are forward-looking and addresses tomorrow’s risks.
Third, Culp adds, "Manage regulation through a transformation lens," and, finally, "Focus on insight—not just data and analytics—and develop the human element of risk technology."