Report: Risk-Management Overhaul Needed

While the financial crisis has made risk management a hot topic in boardrooms and C-suites, most corporate executives say they need to overhaul their risk-management approach, according to results of a study by Accenture.

A survey of 260 chief financial officers, chief risk officers, and other risk executives found that only about half of those executives believed their company's risk-management approach was well prepared for the economic crisis. More than 85 percent indicated that changes in their risk-management capabilities must occur if the lessons from the economic crisis are to be learned and leveraged to produce better business results, according to Accenture's 2009 Global Risk Management Study.

When asked to identify the biggest challenges they face over the next two years as they develop more rigorous risk-management capabilities, respondents cited: Difficulty aligning with the overall business strategy (93 percent); the need for more effective collaboration with business units (89 percent); the need for greater integration in the firm's processes and culture (89 percent), and inadequate resources and talent (88 percent).

The survey results show integration of risk management and performance management is lacking. While the risk-management capability in most organizations plays an important role in strategic decision making, at this point it's less involved in objective setting and performance management, Accenture reports.

While nearly half the respondents said that their company's risk-management function is involved to a great extent in strategic planning (48 percent) or in investment and divestment decisions (45 percent), only 27 percent said the risk-management function was involved to a great extent in objective setting and performance management.

Common problems identified by respondents with their companies' risk-management functions include: Ineffective integration of risk, return and capital issues in decision making, and lack of alignment between the company's strategies and its risk appetite (each cited by 85 percent); insufficient enterprise-wide risk culture (82 percent); inadequate availability of timely risk, finance and business data (80 percent); and lack of integration and aggregation across all risk types and ambiguous risk responsibilities between corporate and business units, each cited by 78 percent.

The cost of risk management has increased significantly over the last three years, driven by increased business complexity and inefficiencies in systems, data, and processes, Accenture reports. For instance, 41 percent of respondents reported that their risk-management costs increased by at least 25 percent in the past three years, including 14 percent who reported a 50 percent rise in costs. Accenture says several factors are leading to the cost increases, including increased regulation and necessitating more staff and more investments in compliance monitoring processes. Other factors include poor data quality, inefficient reporting processes, fragmented systems, lack of a good infrastructure, and an inability to create and sustain an integrated risk-management approach.

The report notes that some companies are considering outsourcing certain risk-management capabilities to improve efficiency. Sixty-three percent of survey respondents stated that some portion of the overall risk-management capability can be outsourced, with application development, IT infrastructure, and hosting of risk-related reporting tools and data warehouses leading the way.

Cost considerations are the top reason for outsourcing, noted by 68 percent of respondents. Other reasons cited include the advantage of unified risk procedures across units of the same company (55 percent); process improvements and better turnaround time of risk responses (50 percent); improved ability to deal with regulatory requirements (46 percent); and enhanced scalability (45 percent).

Despite budget constraints, Accenture says firms are increasing their investments in their risk-management capabilities. More than 70 percent of respondents have either increased or are planning to increase investments to improve risk-management capabilities. Seventeen percent of the executives say the level of investment has already been increased, and another 23 percent expect such an increase in the next six months.