Risk management is evolving, shifting away from a purely protective mindset, according to ‘Risk in review: Managing risk from the front line’, a new report by PwC.
The report says that in the old paradigm, risk was managed traditionally by the ‘second line’ of defense / defence in an organization. However, leading companies are increasingly moving risk management decisions to ‘first line’ business units. Companies doing this most effectively (‘Front Liners’) are more likely to project higher revenues and profit growth. Yet this innovative group is in the minority: out of more than 1,500 executives across 30 industries and over 80 countries surveyed, only 13 percent qualify as Front Liners.
Additionally, the report underscores an alarming paradox: although cybersecurity is identified as a universal growing risk, only nine percent of respondents score highly on cyber risk maturity, suggesting many have not adopted leading practices to prepare them for online threats.
“The key to growth isn’t in avoiding risk; Front Liners make risk management a mandate for the board, the C-suite and perhaps most importantly, among crucial business unit decision makers,” said Dean Simone, leader of PwC’s U.S. Risk Assurance practice. “This year’s survey tells us that leaders must make risk management a more collaborative, measurable and strategic function. We also see great alignment on the biggest growing risk factors, such as cybersecurity, but a lack of maturity in terms of preparing for and planning around the biggest risks facing executives today.”
According to the report, Front Liners are more likely than other respondents to effectively manage across all 12 surveyed risk areas: financial, regulatory and compliance, earnings and volatility, operational, reputational, strategic, environmental, cybersecurity, technology, human capital, third-party, and culture and incentives. For example, among companies that have suffered a disruption due to operational risk, 63 percent of Front Liners reported recovering effectively versus 46 percent of other respondents.
The report outlines five ‘Front Line’ steps companies should consider taking to build a collaborative, effective risk management approach:
- Set a strong organizational tone focused on risk culture modeled and measured by leadership and the board.
- Align risk management with strategy at the point of decision-making so risk management is embedded into planning and tactical execution.
- Recalibrate the risk management program across all three lines of defense so that the first line owns business risk decision making, the second line monitors the first, and the third line provides objective oversight.
- Implement a clearly defined risk appetite and framework across the organization.
- Develop risk reporting. Tracking risk is critical to keeping business decisions within the agreed risk appetite.