Generating value within the Risk Ecosystem | Strategic & Reputation Risk | Deloitte


Generating value within the Risk Ecosystem

Risk powers performance

Disruption and volatility are impacting today’s business climate. Chief Risk Officers and risk executives function in a Risk Ecosystem, where addressing strategic and tactical risks can lead to significant opportunities and value generation. Which roles do they play, and what impact do they have?

Turning risk into a performance lever

By understanding risk more precisely at every level of the organisation, businesses can exploit these new market dynamics and create a distinct advantage, turning risk into a value proposition.

This publication provides a framework to address the issues, trends and questions CROs and other risk professionals may encounter within their eco-system.

Generating value within the Risk Ecosystem

Key questions for risk leaders

CRO and enterprise risk strategy

  • Do we need to transform our strategic risk management capabilities? Do we have the right risk culture in our organisation? 
  • What types of disruptions are we likely to face? What threats or opportunities do these disruptions pose? 
  • How quickly could we recover when faced with a crisis situation? 
  • Do we have effective risk monitoring in place at all levels? Are we prepared for any external or internal risks that require a quick response?

Board and C-suite

  • How can we break the cycles of over-compliance and non-compliance? 
  • Is our organisation setup to monitor and manage risks cross-functionally? Are we effectively tracking meaningful key performance indicators? 
  • Do we effectively communicate the need for change and the risk of not changing?


  • Do we have an accountability framework in place to address the most relevant risks?
  • Do our performance evaluation and reward systems encourage appropriate risk appetite and risk control? 
  • Do we have the right level of organisational readiness to collaborate across the business? 
  • Do we understand our critical data and application and how they are protected?

Global subsidiaries

  • Has our organisation completed a comprehensive third-party risk assessment and, if so, what are the most significant risks we are facing?
  • How can we proactively identify, assess, prioritise and manage risks across the whole organisation? 
  • Do you have the structure in place to trust your subsidiaries?

Corporate culture and behaviour

  • Are we open to and allowing innovation? 
  • Does our culture nurture the right level of risk taking? 
  • What is our level of risk intelligence? 
  • How do we move from policies to principles? 
  • Have we implemented risk awareness effectively?

External environment

  • How might external uncertainties disrupt your organisation? 
  • What are the key trends and uncertainties that will shape the future of our industry? What risk will they present to us? 
  • Do we have the right relationships with our external stakeholders to ensure early awareness of potential risks?

More information?

For more information contact Jeroen Jansen, Evert van der Steen or Mark van Rijn.

Vond u dit nuttig?