Room for improvement…
Only 38 percent of Fortune 1000 C-level executives surveyed in an independent study believe their companies are ‘very effective’ at identifying and managing all potentially significant risks that could negatively impact business, operational or financial performance. More than half - 54 percent - acknowledge there is more they can do to identify, quantify and manage the risks they face. "The corporate focus on risk management has changed dramatically over the last two years as a result of information technology advances, legal and regulatory issues, and myriad corporate governance reforms such as Sarbanes Oxley. Companies today are scrutinized more by everyone from the individual investor to major bond rating agencies," said Everett Gibbs, managing director for Protiviti. "Large companies, in particular, are more acutely aware than they have ever been of the risks facing their businesses and the serious consequences of not managing them effectively." According to the study, the most significant risks impacting companies relate to information systems and IT security, customer satisfaction, activities of the competition, and legal and regulatory issues. Faced with the potential negative effects of not addressing these and other risks properly, most companies are taking at least some steps to improve, according to the study. Sixty five percent of respondents report their companies are planning to make changes to their risk management capabilities during the next two years. These efforts include enhancing their organization's ability to identify potential risks through implementing better technology and hiring more qualified staff. "In today's rapidly evolving market, visionary companies have learned how to integrate risk management into their strategy-setting and use it not only for better internal control, but to improve business performance and communication among executives and board members," Gibbs noted. "Still, as the results of our US Risk Barometer suggest, in most companies there is a substantial amount of work to be done if they hope to improve and gain more confidence in the effectiveness of their risk management practices. Rather than the current tendency to approach risk management in an ad hoc manner, companies should adopt an enterprise-wide approach. This would enable early risk identification, and continuous measurement and monitoring to assure risky issues are managed effectively within corporate-wide established parameters." Among the key findings of the Protiviti US Risk Barometer are: * Companies are taking more risks but lack a high degree of confidence that they are managing them effectively - A majority of respondents said the overall level of risk their organizations face has changed significantly during the past two years. But only 32 percent of executives believe their companies are very effective at balancing control and protection of the business with entrepreneurial efforts to undertake new sources of growth and increased returns. Moreover, just 38 percent of executives report their organizations are "very effective" at managing their risk, and more than half acknowledge there is more they can do. * Not enough companies are employing best practices for risk management, which is why most are taking steps to improve their capabilities - Less than half of large companies currently deploy proven risk management practices enterprise-wide, including a risk assessment process (38 percent), oversight by a risk management executive committee (38 percent), and common language and uniform standards (39 percent). As a result, 65 percent of companies are planning to implement significant or moderate changes in their risk management efforts over the next two years. * Customer satisfaction, IT security and the current regulatory environment top the list of most significant risks - Not surprisingly, nearly half of respondents (49 percent) tie business success to client satisfaction, believing potential weaknesses in these areas pose a very significant risk. More significantly, executives noted numerous other risks that affect their company's ability to sustain customer satisfaction, such as operating performance, materials procurement, business continuity and fraud matters. Information systems and IT security were seen as potential areas of vulnerability by 45 percent of executives. Forty-three percent consider financial reporting and Sarbanes-Oxley Section 404 compliance to be very significant risks. Other risks viewed by senior executives as significant include technology innovation and threats to brand image.
•Date: 16th Feb 2006• Region: US • Type: Article •Topic: BC statistics |
