As businesses start to implement their plans for a new year, we’ve taken a look back at 2017 to review how the handling and perception of risk management has changed. From our team’s vast experience of working with our clients and other organisations in the industry, we’ve found overall that there is a rise in the understanding, and use of formal risk practices. However, as always, there is still room for improvement.
The rise of the Risk Manager
Firstly, we have seen the continued rise of the Risk Manager. There has been a growing trend in risk management teams taking ownership of ERM within organisations. This means that more companies are focussing on risk, identifying and managing it, and implementing ERM frameworks.
In fact, The Risk Management Society’s (RIMS) 2017 benchmark survey found that 48% of respondents report having a partially integrated ERM program in their organisation (up from 6% in 2013) and 24% having a fully operational program (up from 4% in 2013). 62% of companies also reported that the risk management team was responsible for ERM in their company. Overall, this is an encouraging result which will help businesses become more competitive and efficient in managing resources and mitigating incidents.
Another positive step taken throughout 2017 is the belief that there is now much better collaboration across departments and with the Board to embed a risk management culture. Not only does the Board take lead on final oversight of risks, but there is a growing trend in more departments being involved in ERM planning.
This cross-departmental collaboration means that there is a better sight of risk across the organisation and therefore, also better implementation of plans to mitigate risks. If all departments feel a sense of participation and ownership of the company’s risk plan, then there is a better chance of a healthy risk culture being embedded in the business.
We are also seeing silos being removed through the use of more powerful risk management information systems (RMIS) and tools. We see our clients taking advantage of analytics and big data to manage their risk portfolios, as well as effectively using RMIS, RiskConsole Advance features to record reliable data.
Buy-in from the Board
As well as overseeing risk management plans, the Board sees risk management as reassurance that major risks are being identified and managed, and that it contributes to more effective operational planning and fewer losses. RIM’s survey found that 87% of executive management teams want ERM to effectively identify, prioritize, manage and monitor their organization’s risk portfolio.
There’s still room for improvement
However, there does seem to be a growing gap between companies managing risk management well and poorly. In many businesses there is still a lack of resource and senior level buy-in with a firm silo mentality entrenched in the culture. This adds to a lack of risk management information system and an official ERM program.
One area of frustration is the disparity between IT and Risk Management functions over ownership of risk management which has led to a lack of working together to monitor and control risks like cyber security.
These companies need senior level buy-in to move ERM forward. To get this, someone has to take responsibility for putting together a proposal with supporting data to show the Board how effective ERM would benefit the business and what the exec team needs to do to implement this.
It is not an easy task to get enterprise risk management started. However, the future benefits are great and really improve the competitive edge of a company.
Even in organisations where the Board oversees risk management and believes in the process, they have not yet fully bought in to the idea of using risk data to drive forward business planning and direction. This is where forward thinking businesses can take that next step in exploiting the benefits of good risk management.
Territory Manager, UK & Ireland
t +44 (0) 20 3817 7405 | m +44 (0) 7864 801399