Australian Chief Risk Officer model leads world’s top organisations in managing risk: Deloitte Global survey
- An Australian strategic CRO model is a best practice example of how business and risk management should interact that is scalable to any size organisation
- 90% of Boards and CEOs say risk management should focus on value creation not risk avoidance
- But only 17% of world’s top 300 organisations actively harness risk to drive value
- Tick the box risk management cannot work as 60% of organisations face disruptive innovations.
22 May 2017 — A new Deloitte Global report released this week: Taking aim at value: Avoid overconfidence and look again at risk, surveyed boards and executives from more than 300 companies across the world, to better understand how they balance risk and reward.
The survey shows that these companies, with revenues ranging from US$1billion, with 23% at more than US$20 billion, believe they should use risk management to protect value and power performance.
“Given nearly nine in 10 survey respondents across all sectors think value creation should be a key focus of risk management, it is of concern that only one in five are actually implementing the necessary improvements,” said Dave Kennedy, Deloitte Managing Partner, Risk Advisory Australia.
“Historically, risk management has been a reactive or tick-the-box exercise. But as companies begin to link the risk conversations to business strategy and superior performance, senior executives are becoming aware that customer loyalty, increasing operational resilience, improving cost effectiveness, and identifying and exploiting new business opportunities are inextricably linked to how they manage risk.”
Peter Harmer, IAG Managing Director and CEO, one of the CEOs interviewed said: “Business is all about risk and reward, so strategy and risk are two sides of the same coin. Strategy discussions in the firm very quickly turn into conversations about risk.”
Deloitte Risk Transformation leader Peter Matruglio said: “By being more proactive and deliberate in assessing risks, organisations are able to use their new understanding to differentiate and create value, not just protect it.”
Elevating the CRO to a business partner
In order for organisations to build closer alignment between value creation and risk, organisations agreed the role of the Chief Risk Officer (CRO) should be elevated to increase synergy between boards, C-suite executives and CROs.
The IAG model, whereby the CRO reports to the CEO and the risk subcommittee of the Board, was called out as a best practice example of a business and risk management interaction that is scalable to any size organisation.
It is the interaction of the business with the CRO and team that is regarded as best practice, with 58% of global survey respondents saying their CROs should spend significantly more time performing the strategist role and participating in setting the strategic direction of the company, aligning risk management strategies accordingly.
Given that 87% of the world’s top organisations believe risk management should drive value creation as defined by the nine areas in Figure 1, only 18% are actively doing so.
“However almost half (49%) of those surveyed are actively taking steps to harness risk to drive returns,” said Matruglio. “With 20% yet to take steps and fortunately only 13% believing that the purpose of risk management is to prevent losses.
“The top three areas of focus are improving customer loyalty, increasing operational resilience and identifying and exploiting new business opportunities.”
Disruption as an opportunity
Three out of five organisations say they are susceptible to the profound forces of innovation and disruption which the global business landscape faces today. The Deloitte report explores these gaps and how organisations can use risk to create as well as protect value. See the report for more examples of how these new processes are bringing dynamic and new learnings into the organisation.
Key themes revealed by the survey include:
- Companies need to build closer alignment between value creation and risk: Organisations with risk management philosophies and programs that focus on value creation cite a range of areas where their actions are delivering significant benefits including customer loyalty, increasing operational resilience, improving cost effectiveness, and identifying and exploiting new business opportunities.
- Companies need to do more to establish and optimise the role of the CRO: A majority of business leaders surveyed – 63% - state that the firms they represent have a full-time CRO, with an additional 24% believing the role is being performed by another executive. However, research suggests that organisations may not be defining this critical role accurately, or benefiting from it fully.
- Companies must forge responses to their most strategic risks and opportunities: Companies say they are focusing on a wide array of both emerging and longstanding strategic and tactical risks – but are these the right issues? With only 17% of respondents citing cybersecurity and 9% viewing geopolitical issues in the top three risks to their business, it is crucial that organisations do not lose sight of these risks and opportunities at the perimeter.
In such a volatile and uncertain era, Deloitte believes that companies cannot afford overconfidence. “Business leaders should recalibrate and fortify their risk management programs to ensure strong alignment with business strategy, linking them to value creation and differentiation. Given the pace of change and these findings, it is clear that a healthy dose of self-reflection accompanied by concrete action is imperative to harness the power of risk management to achieve market leadership,” said Kennedy.
About Taking aim at value: Avoid overconfidence and look again at risk
Forbes Insights, on behalf of Deloitte Touche Tohmatsu Limited, surveyed more than 300 C-level or board representatives excluding CROs across the Americas, EMEA and Asia/Pacific regions between November and December 2016. Key industries surveyed include Consumer & Industrial Products, Life Sciences & Health Care, Financial Services, Manufacturing, Energy & Resources and Technology, and Media & Telecommunications. The survey sampled a range of companies from USD$1 billion in revenue and up, including 23 percent over USD$20 billion. Interviews were conducted with three CEO/board level executives as well as a CRO to provide editorial perspective and interpretation of the survey findings.
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/au/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms.
Deloitte provides audit, consulting, financial advisory, risk advisory, tax and related services to public and private clients spanning multiple industries. Deloitte serves four out of five Fortune Global 500® companies through a globally connected network of member firms in more than 150 countries bringing world-class capabilities, insights, and high-quality service to address clients’ most complex business challenges. To learn more about how Deloitte’s approximately 245,000 professionals make an impact that matters, please connect with us on Facebook, LinkedIn, or Twitter..
About Deloitte Australia
In Australia, the member firm is the Australian partnership of Deloitte Touche Tohmatsu. As one of Australia’s leading professional services firms, and winner of both the Australian Financial Review/CFO Audit Firm of the Year and Accounting Firm of the Year awards 2013, Deloitte Touche Tohmatsu and its affiliates provide audit, tax, consulting, and financial advisory services through approximately 6,000 people across the country. Focused on the creation of value and growth, and known as an employer of choice for innovative human resources programs, we are dedicated to helping our clients and our people excel. For more information, please visit Deloitte’s web site at www.deloitte.com.au.
Liability limited by a scheme approved under Professional Standards Legislation.
Member of Deloitte Touche Tohmatsu Limited
© 2017 Deloitte Touche Tohmatsu