Many UK organizations are struggling to manage the threats they face because of inconsistencies in the way different teams communicate, share and interpret information. Although most organizations have a good understanding of the potential hazards they face, KPMG’s ‘Global Risk Survey’ reveals that a lack of skills, combined with a relaxed approach to ‘raising the alarm’, is increasing the risk to business operations.
More than 1 in 5 respondents to KPMG’s survey (21 percent) suggest that poor lines of communication between risk management teams and senior executives, combined with weak reporting processes, are to blame. A similar proportion (22 percent) argue that not all business units fully appreciate enterprise-wide threats, and that the resulting lack of a ‘big picture’ is a major challenge to handling day-to-day business risks.
Many of those questioned also suggest that their organization’s ability to spot, weigh up and manage emerging risks is not where it needs to be. For example, just 28 percent claim that their front-line teams are very effective at identifying potential problems and only 33 percent believe that these teams can adequately deal with new threats.
David Eastwood, KPMG’s UK head of Corporate Risk and Regulation, says: “Whether an organization operates across global networks or closer to home, the growing regulatory framework, coupled with political or technologically driven changes, is creating a landscape where risk management should be second nature, rather than second choice. It seems, however, that some organizations are dominated by a culture where raising concerns is either not possible because the right structure isn’t in place, or not preferable because focusing on risk management isn’t recognised as a valuable use of time.”
44 percent of UK respondents to the Global Risk Report agree that the primary weakness in addressing the threats facing organizations is an approach to compensation which fails to reward diligent risk management. One-third (33 percent) of C-suite business executives questioned also admit that there is no formal link between the two.
The data suggests that some organizations lack the appropriate structure to handle risks as they emerge. Respondents highlighted a lack of co-ordination when it comes to collecting and analysing risk-related data and the diverse range of platforms used to collate information (30 percent) as key contributing factors to organisational weaknesses in preparing for and tackling risk.
However, a significant proportion also recognises that weak processes and incompatible technology are not the only culprits. Rather, 18 percent admit that their organization ‘does not promote risk management as a value creating tool’ and 15 percent accept that there is a lack of expertise within businesses for dealing with risk related problems. A small proportion, 9 percent, also accept that they need to hire more people, specifically to help improve adherence to the changing regulatory framework.
•Date: 28th August 2013 • UK •Type: Article • Topic: Enterprise risk management