What cannot be measured, cannot be managed
In today’s challenging reality, organizations often have a lower tolerance for “surprises” and a greater need to manage risk holistically.
Most major organizations monitor financial, operational, regulatory, reputational, and other risks specific to the business. Risk sensing - the (evolving) state of the art - incorporates these risks to perform informed strategic decision-making. Sensing emerging strategic risks can position an organization not only to avoid and mitigate risks, but also to generate risk-powered performance. The latter creates value from risks by moving early to address nascent market movements and customer needs, harness benefits from emerging technologies, and block competitors’ efforts to gain first-mover advantage.
Based on our experience in the market, we can see that there is no “one size fits all” solution to risk management. Deloitte has designed the Deloitte’s Risk Intelligent Enterprise framework, a proven methodology founded on nine fundamental principles of risk intelligence touching upon Risk Governance, Risk Infrastructure & Management and Risk Ownership.
To address the challenges of today, Deloitte advices clients on the following perspectives:
- Develop a detailed understanding of the organization’s vision, strategy operating model, organizational structure and culture to be able to build and implement a tailored and capable Enterprise Risk Management (ERM) program.
- Strategic focus on the top risks, a positive risk culture, opportunities and key risk indicators facing an organization through the development of ERM processes, that are benchmarked against international standards such as ISO31000 and COSO ERM - providing sound principles for effective management and corporate governance.
- Integrate ERM into businesses-as-usual to enhance the reliability of processes throughout the organization, respond to and mitigate risks more appropriately, and take or exploit risks that can create value, all based on a risk intelligent culture.
- Develop a common approach and language for addressing risks and integrating the many different functions, such as strategic planning, internal audit, compliance, anti-fraud and others that focus on ERM every day.
- Leave behind a self-learning organization that can adjust its capabilities and train its resources to manage the development of the risk profile and other internal and external changes.
- Assist leading companies selecting & implementing Governance Risk and Compliance Systems (GRC Systems) to enable and automate risk & control processes and risk transformation in various business areas such as Financial Reporting, IT Security (ISO2700x), Enterprise Risk Management, Contract Management, SOX Compliance, Data Privacy, Anti-Bribery and Anti- Corruption, Third Party Assessments, Health and Safety and AML.
Risk sensing employs human insights and advanced analytical capabilities to identify, analyze, and monitor emerging risks to the organization’s business model, long-term viability, and ability to create value. The relevance of risk sensing is reflected in the results of a survey, which targeted companies with revenue of at least US$1 billion. To assess the state of risk sensing in large organizations, Forbes Insights, on behalf of Deloitte Touché Tohmatsu Limited, conducted a survey of 155 executives from companies representing every major industry and geographic region. Surprisingly, results show that Companies apply risk sensing, but less often strategic risks.
Read more about Risk Sensing and the results of the survey here.