Company risk management programs require "substantial work," according to nearly half (45 percent) of audit committees surveyed by KPMG.
In addition, only one audit committee member in four is satisfied that their company is effectively managing risk around growth plans, said Mike Nolan, global leader, Risk Consulting, KPMG. "That means three in four are not," he said.
KPMG recently issued two studies on risk management. One surveyed audit committees; the other polled C-suite executives. Generally, he said, audit committees were more pessimistic on the quality of risk management, compared to a more optimistic C-suite.
An overwhelming majority of the C-suite survey respondents (86 percent) said risk management considerations are to some degree factored into strategic planning decisions. Still, fewer than half (44 percent) believe their organizations are effective at developing stakeholders' understanding of the risk program.
Communication, culture and an enterprisewide perspective are crucial, but too often, it's the business line managers that implement the strategy.
"The CEO and the board have to create a culture where compliance and risk are highly valued, but it's the tone in the middle that executes it," Nolan said. "It's people in the operations of the business, they really own the risk and make risk mitigation decisions every day."
Geographic dispersion, cost, technology and a general resistance to change are also barriers to effective risk management, he said.
All told, risk management looks like it needs to up its game.
--By Anne Freedman
May 1, 2013
Copyright 2013© LRP Publications