Press releases

India Inc. agree on top risks, but divided on how they are managed

Risk Survey 2018

  • Top 3 risks: Regulatory Risk, Cyber Security and Technology Disruption
  • Risk management to be a strategic imperative for India 

Mumbai, September 11, 2018: There exists a divide on the viewpoint of risk management amongst Indian organizations. According to the Deloitte ‘ Risk Survey 2018’, 44% of businesses harness risks to find future opportunities and drive returns (a value-focused approach) while others (36%) use risk management with an aim to drive compliance and prevent losses.

This insight further gets substantiated with the fact that Regulatory Risk (44%) still leads amongst the top 3 risk areas in India followed by Cyber Security (31%) and Technology Disruptions (25%). The core reason for this trend is the fact that CXOs are considering regulatory compliance as a critical value protector exercise.

Interestingly, 3 years from now, there is an expected shift in the trend and Cyber Security (36%) takes the lead amongst the top 3 risks for businesses, followed by Technology Disruptions (33%) and Regulatory Risks (31%).

“The changing trend demonstrates that with digital transformation, organisations will now need to redefine strategies as they become susceptible to multiple threats emerging through technology disruption. While there are no surprises on the top 3 risks, we believe that the volatility and complexity of each of these risk will continue to increase. This essentially means that there needs to be a shift from being risk averse to risk aware, with the power of innovation”, said Rohit Mahajan, President, Risk Advisory, Deloitte India.

With the changing dynamics and the speed of business delivery, there is a growing demand for a dedicated Chief Risk Officer (CRO) position, though 39% of the organizations mention that risk management is the responsibility of each business/function, and there is no separate CRO role.

“However, the survey results indicate a positive change in the industry where 61% of Indian organizations now have a designated CRO. The CRO not only mitigates crisis for a firm, but in turn transforms them into opportunities of business growth and stakeholder confidence”, Rohit added.

Highlights of the survey:

Top three risks for India Inc., both in present times and in a time span of 3 years from now, include Cyber Security, Technology Disruptions and Regulatory Risks;

  • Current state shows that Regulatory Risk (44%), Cyber Security (31%) and Technology Disruptions (25%) feature among the top risks; however,
  • Only 35% of the organisations had a high involvement of Board of Directors in Risk management. This shows that, even in the VUCA (Volatility, uncertainty, complexity and ambiguity) world, many organizations are traditionally conditioned to approach risks and risk management with a reactive attitude. This makes it essential that the Boards and the Management revisit their risk perception.

Acquiring and nurturing Risk Talent is an area of challenge for most businesses. 34% of the organisations surveyed had not reskilled their risk management team or moved personnel from business units into the risk management function to deal with the complex and rapidly changing business environment. Also, 40% of the organizations have less than 5 personnel as part of their risk teams.

Having a well-defined risk strategy is the first step in risk mitigation. However, our findings suggest that:

  • 12% of the organizations did not have a well-defined risk management strategy and 27% of the organizations were unsure of their risk management strategy.

Adoption of enablers in risk management programs:

  • 32% of the organisations have low investment in automation;
  • 34% of the organisations have low adoption of analytics;
  • 34% of the organisations have not reskilled or staffed their risk management teams adequately.
  • 44% of the respondents strongly consider harnessing risk to find future opportunities for the organization

Key Learnings for Indian businesses:

1. Risk and opportunity – a duality

Effective Risk Management is as much about Value Creation (opportunity) as it is about Value Protection (mitigating risk). Having the optimum Risk Framework and associated processes is important for developing the capability to recognize such opportunities.

2. Right-skill the function

For Indian businesses, there is a clear need to attract professionals with diverse skills, as also retrain and upskill the existing risk professionals.

Organisations also need to consider the role of external experts – academia, professionals, and experts, as well as the internal business teams, to augment risk related capabilities.

3. Use technology to enable the risk function

Indian businesses must have their risk teams adopt and invest in technology and analytical tools as transformation to digital demands a strong tech-focused approach. Analytical tools can help businesses scan vast amounts of data and convert that into meaningful and actionable insights.

About the Survey:

Deloitte India Risk Advisory surveyed more than 100 C-Suite stakeholders covering Board level executives, CEOs, CFOs, CRO, Business Leaders, and Heads of Internal Audit. To get a reasonable understanding of the risk culture in the Indian organisations, we have gathered responses from organisations belonging to a diverse set of industries that include both private companies and public companies with turnover ranging from less than INR 500 crores (15%), INR 500 – 2000 crores (23%), INR 2000 – 7500 crores (22%), to more than INR 7500 crores (40%). The respondents belonged to sectors including Consumer Business and Industrial Products (35%), Life Sciences & Healthcare (8%), Financial Services (16%), Government and Public Services (7%), Energy & Resources (5%) and Technology, Media and Telecom (29%) from different geographical locations.

About Deloitte

All the facts and figures that talk to our size and diversity and years of experiences, as notable and important as they may be, are secondary to the truest measure of Deloitte: the impact we make in the world.

So, when people ask, “what’s different about Deloitte?” the answer resides in the many specific examples of where we have helped Deloitte member firm clients, our people, and sections of society to achieve remarkable goals, solve complex problems or make meaningful progress. Deeper still, it’s in the beliefs, behaviours and fundamental sense of purpose that underpin all that we do.
Deloitte Globally has grown in scale and diversity—more than 263,900 people in 150 countries, providing multidisciplinary services yet our shared culture remains the same.

Notes to editors for reference purposes only

This press release has been issued by Deloitte India

Deloitte India herein refers to Deloitte Touche Tohmatsu India LLP.

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see for a more detailed description of DTTL and its member firms.

Media Contact:

Mou Chakravorty

Deloitte India

Cell: +91 8454042392


Click here to view the Deloitte India - Risk Survey 2018

Did you find this useful?