The 5 habits of top risk managers

Companies taking the lead in risk management practices are shifting away from protection mode, tying in risk management with strategic initiatives and decision-making, and placing more risk decision-making in the hands of business units.

PwC characterises these risk leaders as Front Liners in a new survey report, which gathered the opinion of nearly 1,600 corporate officers in 80 countries. The report singled out Front Liners as just 13% of respondents globally.

Front Liners are more likely to project revenue and profit growth in the next two years, and they are more resilient in the face of uncertainty. Front Liners say their companies view risk management as a catalyst rather than impediment for growth, and they are more likely to budget adequately for risk and embed risk management in day-to-day operations.

“Creating a viable risk culture may not necessarily mean fewer disruptions, but it will mean a faster bounce-back from risk events,” Brian Schwartz, PwC’s US Financial Services Internal Audit, Compliance, and Risk Management Leader, said in a PwC video accompanying the report.

Across five types of risk management best practices, Front Liners lead lower-performing peers by at least 12 percentage points. For example, 69% of Front Liners say that risk appetite and tolerance has been defined across a number of key risk categories, compared with 53% of others. Sixty-five percent say their company has a well-defined risk appetite statement and clearly communicated framework, compared with 49% of others.

Another report on risk management shows that some companies have a difficult time embedding risk management into strategic initiatives: Just 45% of companies say that risk exposures are considered mostly or extensively when evaluating new strategic initiatives, according to The State of Risk Oversight: An Overview of Enterprise Risk Management Processes, by North Carolina State University.

The goal of robust risk management is not to eliminate risk but to shrewdly adapt to it.

“We don’t want to stop the risk-taking; we want smart, informed risk-taking that’s done with eyes wide open, and within the overall risk appetite of the company,” Nick Hirons, senior vice president for global ethics and compliance at pharmaceutical giant GlaxoSmithKline, said in the PwC report.

About two-thirds of Front Liners said they recovered effectively from disruptions caused by changes in business models or strategy, compared with 48% of other respondents.

The report offered five steps organizations should take to meet the challenges of today’s risk landscape:

1. Set a strong organizational tone. This should start with the CEO and board and permeate the organization.
2. Align risk management with strategy at the point of decision-making. This helps to ensure risk management is embedded into planning and anticipation of business risks when setting tactical priorities.
3. Recalibrate risk management across all three lines of defense. The first line (senior management and business units) owns business risk decision-making. The second line (risk and compliance functions) monitors the first, and the third line (internal audit) provides objective oversight.
4. Implement a clearly defined, organizationwide risk appetite and framework.
5. Develop risk reporting that enables the C-suite and board to effectively carry out their risk oversight responsibilities.

—Neil Amato (Neil.Amato@aicpa-cima.com) is a JofA senior editor.