FERMA: European Corporates Step up Risk Management as Priority
Global competition and the continuing aftermath of the financial crisis has seen European companies prioritise risk management as never before, although some weaknesses remain reports the Federation of European Risk Management (FERMA.
The findings come from research on risk management leadership conducted with risk managers from FERMA and the European Public Risk Management Organisation (PRIMO) by Harvard Business Review Analytic Services sponsored by insurer Zurich.
In their responses, more than 200 executives at major European organisations emphasise how top management and the board are increasingly setting direction and taking tighter control of risk management, integrating it with overall company strategy and embedding it deeper into corporate culture.
At 35% of organisa¬tions, either a chief risk officer (CRO) or a risk manager has direct responsibility for risk management. At 27%, either the chief executive officer (CEO) or the chief financial officer (CFO) or treasurer has direct responsibility, while the board itself is responsible at 14%.
In all cases, companies emphasise the importance of board engagement. FERMA board member Jo Willaert, corporate risk manager of Agfa-Gevaert, said: “You need the support of the board. If you do not have the support of the board, it will not work.”
The majority of companies have education and review processes in place to keep the board and the senior executives informed about their risk exposures. Key risks are communicated to the C-suite regularly at 70% of organisations.
Fifty-six per cent of the organisations surveyed said they have increased the resources devoted to risk-related education and training over the past three years for CRO level and above, at the least.
Making these processes work requires a conduit for risk information: 75% cited the risk function as a channel by which information, intelligence and advice on risk reaches senior management.
However, only 17% of respondents described communication between the C-suite and the CRO as being com¬prehensive or nearly so. Twenty-nine per cent expressed concern about a ‘good news culture’ that meant management did not receive unvarnished information on risk.
Forty per cent said their organisation has not yet set up a broad-based, cross-func¬tional risk committee, despite the crucial role the risk committee plays in making sure that risk data are discussed thoroughly and passed on to the board.
The survey also found that companies have been slow to adopt risk-based incentives as part of compensation. Only 12% said they align risk management with executive pay.
“These are not essentials for a successful risk management strategy but they show risk management has room to grow in the C-suite,” said Willaert.
Companies aspire to forge closer links between risk management and strategic planning. Roughly half said their risk management process is closely or very closely aligned with their overall strategy and budget. At the same time, there has been less progress at bringing the risk function’s resources to bear on transformative business projects, such as mergers, acquisitions and divestments. Only 20% described the risk function as a tool for making more effective strategic decisions and investments.
Priority risk areas
Respondents to the survey cited the following risk categories to as of greatest concern:
IT/data privacy 44%
Legal and regulatory compliance 44%
Natural disasters 20%
FERMA said that it will conduct its pan-European risk management benchmarking survey in 2014, which will delve further into some of the issues highlighted by the research results.