StrategicRISK’s latest benchmarking survey indicates that, while many organisations are seeing the benefi ts from enterprise risk management, a signifi cant number still have some distance to cover before it is fi rmly embedded in their corporate culture
A lack of support from senior management is the main thing that stops businesses properly implementing enterprise risk management (ERM), according to StrategicRISK’s latest reader poll. The 100-person web survey also identifi ed “unclear ownership and responsibility for implementation” as well as “lack of tangible benefi ts” as other signifi cant barriers to successful ERM execution.
Unsurprisingly in the current cost climate, the respondents added that a lack of capital to invest in risk management was also negatively affecting their ERM efforts. The study was designed to give a snapshot of how ERM is being implemented across organisations so that risk managers can benchmark their efforts with peers.
A third of the respondents indicated that their ERM programmes were suffi ciently mature that they could identify, measure, manage, report and monitor their major risks, adding that their policies and techniques had also been clearly defi ned. A quarter of the respondents described their ERM programmes as slightly less mature – in other words, they had limited capabilities to identify, assess, manage and monitor their main risks. And fewer still (19%) were in the initial stages of ERM.
Only a handful of respondents had ERM programmes that were either consistently applied at an operational level (10%) or at an advanced level (13%). This indicates that risk managers still have some way to go to fully embed ERM within their organisations.
Encouragingly, over half (57%) had identifi ed their organisation’s risk appetite, defi ned as the sum of assets that the organisation is willing to put at risk in pursuit of its corporate objectives.
Although many of the risk management standards state that organisations should understand their risk appetite, the application of the concept remains diffi cult. Successfully identifying an organisation’s risk appetite is an essential part of effective risk management.
Making an impact
Even more positively, almost three-quarters (70%) of the survey participants said that their ERM programme does improve business decision-making.
Over a quarter (28%) said that their ERM programme also has a “signifi cant” infl uence on their organisation’s strategic planning. More than one in 10 (15%) said that it has a “very signifi cant” impact on strategic planning.
But, equally, a similar proportion (14%) said that it has “very little” infl uence. The biggest proportion of respondents (36%) said that ERM only “partially” infl uences their strategic planning.
In a connected fi nding, ERM is only moderately successful at helping organisations achieve their objectives, according to almost half (46%) of the respondents. Over a quarter (28%) reported isolated success with this. Only 20% of respondents said that their ERM programme is “very successful” at helping them achieve their commercial objectives.
Only a small number (10%) of the respondents said that their organisation (including all its employees and senior management) “entirely” understands the objectives of ERM. Around a fi fth (21%) said their organisation understands the ERM objectives “signifi cantly”.
The biggest proportion (64%), however, said that their organisation only “partially” understands the overall objectives of ERM. Complementing this fi nding, over half of the respondents (54%) said they were only partially successful embedding ERM into the corporate culture so that everyone in the organisation clearly understands their risk accountabilities. This goes to show that embedding a risk culture is an ongoing challenge for many fi rms. Just 17% of the respondents said that they had achieved this “entirely or signifi cantly”, indicating that at least some firms are confi dent about their risk management cultures.
The biggest ‘prime sponsor’ of ERM is the chief fi nancial offi cer, according to our survey. Next in line is the chief executive, followed by a risk management director, and then the board. Neither the company treasurer nor the internal audit department are popular sponsors of ERM, according to this group of respondents.
Overall, the fi ndings of our survey indicate that there is work to be done in terms of establishing ERM as standard business practice. Encouragingly, though, the survey shows that many organisations are past the initial stages of ERM programme development and a number of organisations have already been successful in embedding a culture of risk management and infl uencing strategic decisions through the use of ERM. ¦
- PDF, Size 1.54 mb