New Deloitte survey shows organizations where risk management has a seat at the table are more likely to have high-performing programs
The case for appointing a CRO is strong
New York, NY (Apr. 10, 2019) – Three-quarters (73%) of high-performing risk programs that have risk management represented in executive management meetings (most or all the time) are more likely to exceed performance goals and achieve higher growth, reveals a new risk management survey by Deloitte, The current state of risk management: struggling and succeeding. The survey findings support that an investment in risk management as well as representation in the C-suite, such as a chief risk officer (CRO), translates into better financial performance and achievement of strategic priorities overall.
“Many organizations have, to varying degrees, upgraded and restructured their risk management functions, yet there is ample opportunity for continued improvement,” said Chris Ruggeri, Risk Intelligence practice leader for Deloitte Risk & Financial Advisory and principal in Deloitte Transactions and Business Analytics LLP. “We found that the lack of awareness of risks, particularly strategic risks, and leaders not using the tools available to manage them, can greatly undermine the achievement of strategic goals.”
The lack of awareness of risks – particularly strategic risks – and leaders not using the tools available to manage them can greatly undermine the achievement of strategic goals.
Chris Ruggeri, Deloitte
In today’s disruptive environment, a proper risk management program can improve the organizations’ strategy, which can allow for more advancement and resilience. More than 90 percent of respondents believe that risk management is becoming more important to achieving their organization’s strategic goals, and given its importance, it makes sense to have risk management present in key C-suite and board meetings. Yet, only 38 percent of responding chief risk officers (CROs) and risk managers say that they have a great deal of input to C-suite or board decisions.
Appointing a true CRO to the C-suite recognizes that risk is a senior-level concern and with a CRO leading the program, higher levels of integration can be expected. However, only 35 percent of c-suite risk owners characterize their risk management programs as highly integrated indicating there’s still work left to do in helping the broader organization recognize risk management as more than a compliance and loss prevention function, but a strategic enabler that drives value. In addition, when risk management is present at board meetings always or most of the time, the likelihood that the function will have input increases dramatically—from 11 to 38 percent.
The survey results pointed to four central findings:
- Organizations that invest in, and integrate, risk management typically exceed performance goals and achieve higher growth.
- Risk management has become elevated—and more strategic—in many organizations.
- The case for appointing a CRO or equivalent who reports to the C-suite or board is strong.
- Organizations have clear opportunities to enhance risk management through technology.
“New technologies – such as advanced analytics, risk sensing, and automated controls – are becoming more integral to providing a clearer view of risk enterprise-wide,” said said Keri Calagna, a Deloitte Risk and Financial Advisory principal at Deloitte & Touche LLP. “As digital transformation takes hold of most organizations, the interconnectedness of an organization’s various ecosystems and the sheer volume of data it creates and processes makes leveraging these tech-enabled solutions crucial to risk management of the future.”
As digital transformation takes hold … the interconnectedness of an organization’s various ecosystems and the sheer volume of data it creates and processes makes leveraging these tech-enabled solutions crucial.
Keri Calagna, Deloitte
About the Survey
The survey polled a total of 500 C-level executives including 100 executives with the title of chief risk officer (CRO) or equivalent, 100 C-suite executives not primarily responsible for risk, and 300 executives in risk-related functions such as IT and operational risk. This sample was drawn from US companies with at least US$500 million in annual sales in a cross-section of industries.
Deloitte provides industry-leading audit, consulting, tax and advisory services to many of the world’s most admired brands, including nearly 90 percent of the Fortune 500 and more than 5,000 private and middle market companies. Our people work across the industry sectors that drive and shape today’s marketplace to make an impact that matters—delivering measurable and lasting results that help reinforce public trust in our capital markets, inspire clients to see challenges as opportunities to transform and thrive, and help lead the way toward a stronger economy and a healthy society. Deloitte is proud to be part of the largest global professional services network serving our clients in the markets that are most important to them.
SOURCE: DeloitteTags: Deloitte