By Daniel Hunter
Over the last decade companies around the world have made substantial investments in personnel, processes and technology to help mitigate and control business risk.
Historically, these risk investments have focused primarily on financial controls and regulatory compliance, however new evidence suggests that can they can also play a strategic role within the enterprise financially.
Turning risks into results, a report released by Ernst & Young today, has identified that the level of risk investment can impact on the financial performance of an organization. The study identified that companies in the top 20% of risk maturity, where maturity was defined by the number of risk management practices applied, generate three times the level of Earnings Before Interest, Taxes, Depreciation and Amortization (EBITDA) as those in the bottom 20%.
Previously, senior executives may not have perceived risk management as strategic to the enterprise, or lacked sufficient confidence in their ability to identify and address the risks that could impact the financial performance, or even the viability, of their organization. This is no longer an option.
“Making a move from being risk-averse to risk-ready may require a significant shift. Ultimately, risk management is about changing the culture of the business. It is about changing the lens through which leaders view the decisions they make,” Gerard Gallagher, Ernst & Young Advisory Lead Partner for Markets, said.
Using a global, quantitative survey (based on 576 interviews with companies from sixteen countries and information from 2,750 analyst and company reports), the study assessed the maturity level of risk management practices versus financial performance.
The study identified the leading risk management practices that differentiated the various maturity levels, and organized them into specific risk components.
The results revealed that while most organizations perform the basic elements of risk management, top performers do more; and certain risk practices were consistently present in the top performers:
Enhance risk strategy
For effective strategy and governance, proper oversight and accountability at the board and executive levels is critical. Ownership of risk throughout the organization is also needed and at the management level, executives play a crucial role in assessing and managing risk.
Embed risk management
Organizations that embed risk management practices into business planning and performance management are more likely to achieve strategic and operational objectives. Conducting an enterprise risk assessment can help to prioritize and identify opportunities for improvement.
Optimize risk management functions
By aligning and coordinating risk activities across all risk and compliance functions, organizations can reduce their risk burden (overlap and redundancy), lower their total costs, expand coverage and drive efficiency.
Improve controls and processes
By optimizing controls around key business processes, harnessing automated versus manual controls and continuously monitoring critical controls and key performance indicators by leveraging GRC (Governance, Risk management and Compliance) software tools, organizations can improve performance and reduce the cost of controls spend.
Enable risk management, communicate risk coverage
Moving an organization from being risk-averse to risk-ready requires executives who lead by example and tone-from-the-top support. For maximum benefit, regular and open communication with all stakeholders, third-party assurance and the leveraging of technology are required.
“Companies that succeed in turning risk into results will create competitive advantage through more efficient deployment of scarce resources, better decision-making and reduced exposure to negative events. Now is the time for senior business executives to begin applying a broad ’risk lens’ to the business,” Gerard Gallagher, Ernst & Young Advisory Lead Partner for Markets, concluded.
Join us on