With memories of the financial crisis fading a new report warns that the lessons from 2008 have not yet been learnt

Three years on from the financial crisis and it doesn’t seem like much has changed for financial sector risk managers.

At least that’s the finding of a new survey from the Economist Intelligence Unit (EIU), sponsored by SAS, which gleaned opinion from 315 executives globally.

The survey finds that risk management has reached a comfort zone placing it in jeopardy of another crisis, at least in the financial services sector.

Risk management is apparently being sidelined again because firms are too focused on profits and growth.

These are exactly the problems that, in the run up to 2008, allowed banks to build up dangerous concentrations of “toxic” assets without any regard for the dangers they were exposing themselves too.

It’s a worrying warning sign that lessons from the financial crisis have not been learnt.

The complexity of financial institutions, poor communication and increased reporting requirements are all identified as hampering the performance of risk managers, according to the report.

“While financial institutions initiated some risk management measures to address deficiencies exposed by the financial crisis, risk cultures are ill-prepared for current demands and have been overtaken by competing priorities that encourage growth and profitability without embedded risk strategies,” said the EIU.

A sluggish global economy, geopolitical shocks, political unrest in the Middle East and social unrest in Europe have made 2011 a very tough year for risk managers in financial services.

Yet only half (52%) of the respondents said that their risk management processes are capable of dealing with volatility in the financial markets as well as the complexity of their own organisations.

Silos are another thing that continue to hamper the risk management process. Although the risk function has been elevated, organisations still lack strong and open relationships between the risk function and lines of business.

Respondents cite these problems and poor communication between departments as a major barrier to effective risk management.

More encouragingly though boards are apparently more interested in risk management than before. Two in five respondents indicated a rise in the board's risk expertise and over half report boosted demands for risk reporting.

However, there’s clearly still a way to go before risk management in the financial services sector (where it is supposedly more advanced than other sectors) evolves from a technical support function into a strategic process.

The report’s sponsor, David Rogers, global product marketing manager for SAS, is clear about what’s needed: Which is "an assimilated and comprehensive risk culture, top-down, supported by a truly integrated risk framework, that provides both a holistic and specialised view of risk for each business level."

At the risk of sounding trite, I tend to agree with him.