While risk management is playing a more strategic role within organizations than ever before, many are not using the full potential of the function, according to a new report published today by Marsh and RIMS. Ninety-three percent of C-suite respondents to the 11 th annual Excellence in Risk Management survey indicated that risk management carries either some or significant impact on setting their organization’s business strategy with 76% confirming that their organizations treat risk management as a key strategic function. However, when asked whether their organization uses the risk management function to its fullest abilities, only 20% of C-suite respondents answered affirmatively. “There is little doubt that risk management has evolved over the past 10 years into a role that is much more aligned to an organization’s strategic planning,” said Carol Fox, director of the strategic and enterprise risk practice at RIMS. “While this evolution is encouraging there always is more to do and additional opportunities to be uncovered and seized.” For example, one way organizations can more effectively use the risk management department to its fullest potential is through the deeper use of analytics, the report notes. “C-suites and boards are asking risk professionals for much more than what insurance coverage is in place. They want to know what unexpected risks the organization may face, and where to invest capital most effectively,” said Brian Elowe, a managing director at Marsh. “If used properly, data and analytics can help organizations make better business decisions while at the same time increase the profile of risk management within the organization.” When asked to identify the top areas where organizations would benefit from improved use of data and analytics, C-suite respondents ranked risk mitigation and risk identification as their first and second areas respectively, while risk professionals ranked risk bearing capacity and risk quantification as their top choices. All four areas depend on an understanding of internal and external metrics, which are made available through the aggregation of data and deeper analytical capabilities, the survey noted.
Another way to more fully engage risk management is for risk professionals to act as “risk knowledge centers,” providing an “omniscient” view of how risks impact their organizations. This idea was advanced by various focus groups comprised of risk executives from numerous sectors, who contributed to the survey. One director of risk at a major business-to-business service organization said that serving as a sought-after, centralized resource for insights has led the organization to embrace the risk management function “rather than see it as ‘sales suppressors’.”Other findings from this year’s survey include:
- While 47% of risk professionals identified risk management execution as their primary role, only 16% of C-suite respondents agreed. Instead, a majority (39%) of the C-suite respondents identified the CFO as having that responsibility.
- Risk professionals identified cyber risk as their number one risk priority for 2014, up from number 12 in 2013. The risk is also gaining more consideration among the C-suite, moving from number 26 in 2013 to number 12 on their risk priority list this year.
- Seventy-five percent of the risk professionals and 69% of the C-suite surveyed said they believe their organizations manage risk effectively.