Our team reviews how organisations can revisit their business models whilst improving operation effectiveness and become more customer centric.

Integrating risk and strategy: We help our clients understand their portfolio view of risks, amplifying the implications of key risks across group, divisional and operational levels. Through this approach we aim to deliver a clearer understanding of the underlying risks that affect the achievement of strategy, and how strategic outcomes may vary under various operating scenarios.

Establishing and embedding risk appetite: Our team demystifies risks for senior management and helps them to incorporate risk strategy into business planning, decision-making strategies and operational risk reporting.

Fostering a risk-intelligent culture: We cultivate a risk-aware culture through communication to help employees anticipate the implications of risks on the business, while equipping them with the tools required to respond appropriately.

Defining risk management roles and responsibilities: The team clarifies roles and responsibilities for risk management across the business, to help enable agile decision-making.

Implementing risk management technology: By leveraging the use of technology and data our team helps enable a ‘Risk Intelligent Enterprise’.

Benchmarking maturity: We create a structured approach to enable assessment of the relative maturity of the risk management and governance frameworks.

Organisations are revisiting their business models to improve their operations, become more customer-centric, reduce waste and increase returns. Against this backdrop, many are also assessing their risk management capabilities and challenging chief risk officers (CROs) to analyse the value and cost of their risk management functions.

Risk management means raising the bar for monitoring, reporting and mitigating risks – to satisfy shareholders, regulators and financiers.

There is an opportunity for CROs to improve not only how they manage risk, but also how they manage capital and operations. This whitepaper presents the business case for risk transformation and the need for an integrated approach to risk management. It also covers the issues that organisations should address, such as:

• The key questions an integrated risk management approach needs to answer
• How risk transformation deals with scarcity of capital and the increased cost of regulatory pressure and legacy infrastructure
• How risk transformation enables shareholder value and organisational alignment.

Deloitte’s new global survey Exploring Strategic Risk offers insights into how companies view and manage the risks that affect their business strategies. 

The report includes opinions from more than 300 C-level executives representing the world’s major industries and geographic regions.

Key findings include:

• Eighty-one per cent of the companies surveyed now focus on managing strategic risks and embedding analysis of risk into their strategy planning
• Reputation is cited as the biggest risk – not just overall, but for most individual industries
• Strategic risk management is a CEO and board-level priority. Two-thirds (67 per cent) of companies surveyed say the CEO, board or board risk committee has oversight for managing strategic risk
• Technology enablers and disrupters, such as social media, mobile and big data, could threaten established business models, and 91 per cent of companies have changed their business strategies to accommodate those technologies.

Our strategic risk quiz is an 8–question benchmarking tool to help you see how your company stacks up against those companies around the world who participated in our study. It takes about 3 minutes, is totally anonymous.

The regulatory climate for organisations – as shown in speeches, working papers and draft or final legislation – is full of references to risk appetite and its benefits, uses and applications, as well as case studies of failed organisations.

When organisations are criticised for shortcomings in their risk governance and management, regulators often prescribe a risk appetite framework as the cure.

While the concepts discussed in this paper will be of interest to all financial institutions, it focuses on the banking sector. Our goals in this document are:

• To summarise the arguments in favour of risk appetite frameworks
• To highlight the emerging consensus on the core concepts of risk appetite between regulators and organisations
• To illustrate what we think ‘good’ looks like for a risk appetite framework
• To suggest ways to spot a genuine risk appetite framework by giving examples of the tough questions we would expect from regulators
• To suggest what risk appetite might look like in three to five years’ time, based on the trajectory of regulation and trends.
  

Culture plays a critical role in how an organisation manages risk. However, many people remain sceptical of something as intangible as culture – and, more importantly, they do not know how to understand and influence mindsets and behaviours across an organisation.

In Australia, the importance of risk culture has been the focus of speeches and presentations by regulators. This has culminated in APRA reinforcing the importance of risk culture in new proposed prudential regulations for financial services institutions.

This article explores the concept of culture in the context of executing strategy and managing risk. It also builds a case for organisations to understand their current risk culture before transforming their risk management capabilities. 

We explore how your organisation can gain a competitive advantage when employees understand what constitutes an acceptable attitude to risks in their day-to-day roles, even when they have no guidance from policies and procedures.

For an organisation to review and assess a risk management framework to ensure that is sound, the maturity assessment is often applied where it focuses on improving an organisation’s risk management practices.  

By putting this approach into practice, an organisation can understand where their company’s risk management process lies on this continuum and will subsequently inform the organisation whether it meets the current needs of the company and meets its expectation. 

At Deloitte, we develop and benchmarking maturity assessments across different industries using the four cornerstones of effective risk management across a continuum consisting of five distinct levels of maturity. This approach will assist the organisations to determine whether the risk framework meets the current needs of the company.