Enterprise Risk Management in the doldrums: If you’re only watching what you’ve been watching, you won’t see anything new...
This is the fourth post in a series where I bring you findings, questions and insights related to Enterprise Risk Management (ERM), derived from an extensive ERM survey conducted by the AICPA in conjunction with NC State University. I highly recommend reviewing the findings, which are available in the “2023 The State of Risk Oversight: An Overview of Enterprise Risk Management Practices - 14th Edition” by AICPA and NC State University, found at https://erm.ncsu.edu/library/article/2023-risk-oversight-report-erm-ncstate-lp.
Risk Identification and Assessment capabilities among Financial Services Companies exhibit low levels of maturity and sophistication.
Risk Identification and Assessment Processes: Infrequent, Narrow and Qualitative
- Only 40% of respondents update Key Risk Inventories annually; 24% don’t perform updates at all.
- Although the current Risk “usual suspects” (including IT and Legal and Regulatory / Compliance) had more than 70% of respondents saying that they were addressed “Mostly to Extensively” the corresponding numbers for Market, Strategic, and Operational risks were below 50%.
- Although decision-makers prefer to use quantitative data to support decision-making, less than 30% of respondents claimed that they use a quantitative or mostly quantitative approach to Risk Assessment.
Risk Identification and Assessment Processes are at the heart of any Enterprise Risk Management program. As baseball great Walter Johnson (RHP – Washington Senators) once said “You can’t hit what you can’t see.” And according to the survey, companies have a lot of work to do on the “seeing” part of Risk Management.
One of the issues that the survey uncovered is that a significant majority of Financial Services respondents said that their companies rarely, if ever, update their Risk Inventories. In the world of the 2020’s,with emerging risks such as Climate Change, InsurTech adoption and GenAI, just to name a few, emerging at an accelerated rate, this is inadequate in terms of staying safe and having an early warning system that actually warns you. One can justifiably ask: “Do these companies even have a working ERM process?”
Not surprisingly, most respondents mentioned that their Risk Management processes cover the risk categories that are “top of mind” such as IT (downside risk is spectacular) and Legal / Regulatory / Compliance (whole departments usually manage these) quite well. But in a continuing theme, less than 50% say the same thing about Market, Strategic or even Operational risks, all of which can quickly strike a significant blow to the company’s fortunes.
And finally, there is the issue of actually developing and deploying risk measures and indicators that are quantifiable vs. more qualitative in nature, as the latter are more difficult to define and rate consistently, whether it’s across business functions or across time. And here, roughly 70%of the respondents reported that they use a mostly qualitative approach (which is better than nothing) or No Formal Assessments at all (which is nothing!)
What this all points to is that Financial Services companies have work to do in terms of updating their Risk Inventories such that they capture and manage emerging risks, broaden their focus beyond the usual Risk “Categories of Interest” and try to quantify most risks such that can be measured, analyzed and help decision-makers take action. Companies making these investments will collect Risk Management dividends for years to come.
And even more importantly, these findings indicate the simple absence of a credible risk culture or sense of risk ownership that extends beyond a handful of individuals within the organization. They are symptoms of a much bigger problem that organizations appear reluctant to address. The CEO, CFO, and CRO must take ownership of ERM and make it a corporate priority. It is always a good time to save your company.
In further posts, we will continue our discussion of the key elements needed to build your risk culture. Please share your comments, reactions, and observations so we can help you accelerate your ERM evolution.
Book a Free, 45-min. ERM Strategy Session Now!
If you’re a CRO, CEO, CFO or COO, please fill out the form below with your name, title*, email, Company name, and phone number. We'll give you a call some time between 8:30AM - 5 PM ET, Monday thru Friday to schedule the session.
*Appointments limited to Senior Managers with Risk Management Responsibility only.
Emphasize your product's unique features or benefits to differentiate it from competitors
In nec dictum adipiscing pharetra enim etiam scelerisque dolor purus ipsum egestas cursus vulputate arcu egestas ut eu sed mollis consectetur mattis pharetra curabitur et maecenas in mattis fames consectetur ipsum quis risus mauris aliquam ornare nisl purus at ipsum nulla accumsan consectetur vestibulum suspendisse aliquam condimentum scelerisque lacinia pellentesque vestibulum condimentum turpis ligula pharetra dictum sapien facilisis sapien at sagittis et cursus congue.
- Pharetra curabitur et maecenas in mattis fames consectetur ipsum quis risus.
- Justo urna nisi auctor consequat consectetur dolor lectus blandit.
- Eget egestas volutpat lacinia vestibulum vitae mattis hendrerit.
- Ornare elit odio tellus orci bibendum dictum id sem congue enim amet diam.
Incorporate statistics or specific numbers to highlight the effectiveness or popularity of your offering
Convallis pellentesque ullamcorper sapien sed tristique fermentum proin amet quam tincidunt feugiat vitae neque quisque odio ut pellentesque ac mauris eget lectus. Pretium arcu turpis lacus sapien sit at eu sapien duis magna nunc nibh nam non ut nibh ultrices ultrices elementum egestas enim nisl sed cursus pellentesque sit dignissim enim euismod sit et convallis sed pelis viverra quam at nisl sit pharetra enim nisl nec vestibulum posuere in volutpat sed blandit neque risus.
Use time-sensitive language to encourage immediate action, such as "Limited Time Offer
Feugiat vitae neque quisque odio ut pellentesque ac mauris eget lectus. Pretium arcu turpis lacus sapien sit at eu sapien duis magna nunc nibh nam non ut nibh ultrices ultrices elementum egestas enim nisl sed cursus pellentesque sit dignissim enim euismod sit et convallis sed pelis viverra quam at nisl sit pharetra enim nisl nec vestibulum posuere in volutpat sed blandit neque risus.
- Pharetra curabitur et maecenas in mattis fames consectetur ipsum quis risus.
- Justo urna nisi auctor consequat consectetur dolor lectus blandit.
- Eget egestas volutpat lacinia vestibulum vitae mattis hendrerit.
- Ornare elit odio tellus orci bibendum dictum id sem congue enim amet diam.
Address customer pain points directly by showing how your product solves their problems
Feugiat vitae neque quisque odio ut pellentesque ac mauris eget lectus. Pretium arcu turpis lacus sapien sit at eu sapien duis magna nunc nibh nam non ut nibh ultrices ultrices elementum egestas enim nisl sed cursus pellentesque sit dignissim enim euismod sit et convallis sed pelis viverra quam at nisl sit pharetra enim nisl nec vestibulum posuere in volutpat sed blandit neque risus.
Vel etiam vel amet aenean eget in habitasse nunc duis tellus sem turpis risus aliquam ac volutpat tellus eu faucibus ullamcorper.
Tailor titles to your ideal customer segment using phrases like "Designed for Busy Professionals
Sed pretium id nibh id sit felis vitae volutpat volutpat adipiscing at sodales neque lectus mi phasellus commodo at elit suspendisse ornare faucibus lectus purus viverra in nec aliquet commodo et sed sed nisi tempor mi pellentesque arcu viverra pretium duis enim vulputate dignissim etiam ultrices vitae neque urna proin nibh diam turpis augue lacus.
.webp)