Risk management is playing a more strategic role but businesses are failing to use the function to its full potential, according to RIMS and Marsh

Risk

Risk management is playing a more strategic role within businesses than ever before but many are not using risk management to its full potential, according to RIMS and Marsh 11th Excellence in risk management survey.

Ninety-three percent of chief executives said that risk management carries some or significant impact on setting their organisation’s business strategy, with 76% of respondents confirming that their organisations treat risk management as a key strategic function.

However, when asked whether their company uses the risk management function to its fullest abilities, only 20% of C-suites said this was the case.

Carol Fox, director of the strategic and enterprise risk practice at RIMS said: “There is little doubt that risk management has evolved in the past 10 years into a role that is much more aligned to an organisation’s strategic planning.

“While this evolution is encouraging, there always is more to do and additional opportunities to be uncovered and seized.”    

Brian Elowe, managing director, global risk management at Marsh added: “C-suites and boards are asking risk professionals for much more than what insurance coverage is in place. They want to know what unexpected risks the organisation may face and where to invest capital most effectively.

“If used properly, data and analytics can help organisations make better business decisions while, at the same time, increase the profile of risk management within the organisation.”

When asked to identify the main areas where businesses would benefit from improved use of data and analytics, executives ranked risk mitigation and risk identification as their first and second areas respectively and risk professionals ranked risk bearing capacity and risk quantification as their top choices.

All four areas depend on an understanding of internal and external metrics, which are made available through the aggregation of data and deeper analytical capabilities, the survey found.

Another way to more fully engage risk management is for risk managers to act as “risk knowledge centers,” providing an “omniscient” view of how risks affect their organisations, the report stated.

Other findings include:

  • although 47% of risk professionals identified risk management execution as their primary role, only 16% of C-suite respondents agreed. Instead, a majority (39%) of the C-suite respondents identified the chief finance officer as having that responsibility;
  • risk managers identified cyber risk as their main risk priority for 2014, up from number 12 in 2013. Cyber risk is also gaining more consideration among the C-suite, moving from number 26 in 2013 to number 12 on their risk priority list this year.
  • seventy-five percent of the risk professionals and 69% of the C-suite surveyed said they believe their organisations manage risk effectively.

The Excellence in Risk Management XI survey, produced collaboratively by Marsh and RIMS, was compiled from online responses received in February 2014 from almost 600 risk professionals, C-suite executives, and others involved in risk-related functions.