Risk management is a crucial part of any company's strategic and operational focus. But how does it impact the bottom line? A recent PwC study, surveying senior executives, shares key insight.
A recent PwC survey found that almost three-fourths of more than 1,200 executives surveyed felt that risks to their companies are on the rise, but the survey also revealed that companies are generally not meeting these increased risks with improved risk management. But those companies that place a premium on risk management and executed such strategies effectively saw improved profitability.
Risk management practices
The study,"Risk in Review: Decoding Uncertainty, Delivering Value," also looked at the risk management practices of those executives surveyed and found that a large number of companies are not yet developing risk management strategies that link enterprise risk management to strategic imperatives. For example, the PwC study found that only 38% of respondents have a formal risk appetite framework that is clearly communicated across a company and defines the level of risk that the organization is prepared to accept in relation to its overall risk capacity. Only 36% of respondents said that their companies effectively monitor their risk appetite and related risk tolerances using key risk indicators and other monitoring tools. Less than one-third (31%) of respondents have a fully integrated risk management strategy that ties risk management to the strategic planning process. Only 14% say risk management and strategic management are fully aligned in their companies.
Risk management and profitability
The study further found that companies that lead in risk management take a holistic view of risk and involve risk management in the business at a strategic level and see risk management as an enabler of performance and growth. Over the past three years, 55% of risk management leaders recorded increased profit margins, and 41% achieved an annual profit margin of more than 10%, compared with only 31% of non-leaders, according to the PwC study.
“Risks are increasing dramatically and executives are constantly faced with making decisions to protect their businesses while also trying to improve their financial performance,” said Dean Simone, leader of PwC’s US Risk Assurance practice, in commenting on the study. “By integrating risk management into the business life cycle, these two objectives can easily come together to work in unison. Developing an effective strategy requires investment, but the payoff and competitive advantage can be enormous.”
Regulatory complexity was identified as the leading external force that represent the largest risk or threat to business performance or growth plans with 77% of respondents citing it, followed by data security and privacy (74%), cost pressures (69%), government policy changes (69%), and talent availability (66%). Respondents also reported reputation risk (58%) and emerging technology risk (53%) as concerns.
The PwC study also noted differences among functional areas in how well respondents thought that their company managed risk. For examples, 72% of board members and management said that their companies anticipated risks "very well" or "well" compared to only 57% of risk officers. Sixty-one percent of senior management felt that their companies' risk tasking was well aligned with their strategic planning function, but only 49% of risk officers did. The gap is most pronounced in aligning risk with external shareholders, with 41% or executives feeling that their risk profiles were aligned compared to only 29% of risk officers.
Elements of risk management leaders
According to PwC’s survey, risk management leaders distinguish themselves in four key areas (see Table I). First, risk management leaders understand how risks interconnect and impact business. The PwC’s study found that 70% of risk management leaders say they can see how risks interconnect and cascade, compared to only 23% of non-leaders. Risk management leaders are also far more likely to compile an aggregated view of risks when making business decisions compared to non-leaders (73% vs. 27%), giving them a clear and realistic understanding of operational issues and market opportunities.
|Table I. Elements of Risk Management Leaders
- Risk management leaders understand how risks interconnect and impact business.
- Risk management leaders have a strategic understanding of their risk appetite and are willing to take risks.
- Risk management leaders are more aligned across business units.
- Risk management leaders apply more sophisticated techniques.
Secondly, the PwC study found risk management leaders have a strategic understanding of their risk tolerance and are willing to take risks. Using a risk-informed perspective, the study found that risk management leaders are more likely to articulate a high or very high appetite for risk. Almost 90% of risk leaders are increasingly taking a risk-enabled approach to growth, examining both the risks and opportunities to help them understand where they should focus their efforts. The study examined appetite for risk in 12 areas relating to regulatory and compliance risk, human capital risk, technology risk, brand/reputational risk, financial risk, earnings and volatility risk. Comparing risk management leaders to nonlleaders, the variances that were most pronounced wither for accepting financial risk (31% for leaders vs. 21% for non-leaders), diversification and concentration risk (35% vs. 26%), regulatory and compliance risk (20% vs. 13%), earnings and volatility risk (27% vs. 20%), and culture and incentives risk (27% vs. 20%).
“Analyzing and assessing how different business risks affect one another is an essential step in achieving a holistic and accurate risk management perspective,” said Brian Schwartz, PwC’s US Performance Governance, Risk and Compliance Leader, in commenting on the study. “Undertaking a systematic review that determines what aggregated level of risk a company is willing to take on, and ensuring that all business units understand those limit, remains a central tenet of risk management leadership.”
Thirdly, the PwC study found that risk management leaders are more aligned across business units. The vast majority of risk leaders (90%) say their risk management program is fully or very aligned with their company’s strategic planning process, compared to just 36% of non-leaders. Risk leaders also demonstrate greater cross-functional alignment, particularly with finance (93% vs. 58%), internal audit (95% vs. 65%), and corporate compliance (93% vs. 55%). Risk management leaders are also more aligned operationally. Risk management leaders align their risk management programs with their business units more than non-leaders (87% vs 37%), with operations (86% vs 40%), and information technology (80% vs. 35%). Additionally, risk management leaders are more likely to involve risk analysis in the decision-making process (67% vs. 43% of non-leaders). This alignment helps risk leaders see the impact of risk across the organization to enable faster decision-making to neutralize threats and seize opportunities, concluded the study. “Business leaders see the landscape today as one of both threat and opportunity, in roughly equal proportions,” says Dennis L. Chesley, PwC global risk consulting leader, in a company release. “To survive and evolve in this environment, companies need to prepare their entire organizations to take advantage of big shifts ahead of the competition.”
Lastly, the study found that risk management leaders apply more sophisticated techniques compared to non-leaders. Among risk management leaders, 46% report spending more time calculating and preparing for risk than reacting to it, versus just 21% of non-leaders. They also use a variety of tools to effectively integrate their analysis, including identification and forecasting of emerging risks (96% vs. 59%), horizon scanning and early-warning indicators (81% vs. 33%), monitoring risk via key indicators (80% vs. 27%), scenario planning (77% vs. 33%), stress testing (75% vs. 30%), risk rating (96% vs. 62%), and building organizational resilience to risk (88% vs. 42%). Meanwhile, new analytics systems make it significantly easier to bring disparate data together for gaining insights. Tools include surveillance systems (which focus on a particular area), heat maps and dashboards (tools that allow board members and top management to regularly review key risk management metrics), and ad hoc analytics (used to ensure current surveillance systems and dashboards remain relevant.
The study concluded that risk is inevitable in any business, but suffering negative impacts from risk is not. According to the PwC study, the key to raising a business’s risk intelligence is a deliberate approach that links risk management to business and strategic planning, brings an understanding of the company’s risk interconnections and risk appetite, leverages consistent monitoring and reporting so that data can yield meaningful insights, and proactively addresses expanding and emerging risks to identify both threats and opportunities.