The FINANCIAL -- Almost ten years after the 2008 financial crisis, risk management is evolving, shifting away from a purely protective mindset.
In the old paradigm, risk was managed traditionally by the “second line” of defense in an organization. However, a new study from PwC, “Risk in review: Managing risk from the front line,” finds leading companies are increasingly moving risk management decisions squarely in the purview of “first line” business units. Companies doing this most effectively (“Front Liners”) are more likely to project higher revenues and profit growth. Yet this innovative group is in the minority: out of more than 1,500 executives across 30 industries and over 80 countries surveyed, only 13 percent qualify as Front Liners.
Additionally, the report underscores an alarming paradox: although cybersecurity is identified as a universal growing risk, only nine percent of respondents score highly on cyber risk maturity, suggesting many have not adopted leading practices to prepare them for online threats, according to PwC.
“The key to growth isn’t in avoiding risk; Front Liners make risk management a mandate for the board, the C-suite and perhaps most importantly, among crucial business unit decision makers,” said Dean Simone, leader of PwC’s U.S. Risk Assurance practice. “This year’s survey tells us that leaders must make risk management a more collaborative, measurable and strategic function. We also see great alignment on the biggest growing risk factors, such as cybersecurity, but a lack of maturity in terms of preparing for and planning around the biggest risks facing executives today.”
According to PwC’s new survey, Front Liners are more likely than other respondents to effectively manage across all 12 surveyed risk areas: financial, regulatory and compliance, earnings and volatility, operational, reputational, strategic, environmental, cybersecurity, technology, human capital, third-party, and culture and incentives. For example, among companies that have suffered a disruption due to operational risk, 63 percent of Front Linters reported recovering effectively versus 46 percent of other respondents.
The survey outlines five “Front Line” steps companies should consider taking to build a collaborative, effective risk management approach:
Set a strong organizational tone focused on risk culture modeled and measured by leadership and the board.
Align risk management with strategy at the point of decision-making so risk management is embedded into planning and tactical execution.
Recalibrate the risk management program across all three lines of defense so that the first line owns business risk decision making, the second line monitors the first, and the third line provides objective oversight.
Implement a clearly defined risk appetite and framework across the organization.
Develop risk reporting. Tracking risk is critical to keeping business decisions within the agreed risk appetite.
“The key to effective risk management is active engagement, placing responsibility for the various building blocks of an effective risk management program - strategic alignment, expertise, processes, assurance -- with the line of defense that is best prepared to execute them,” added Jason Pett, U.S. Internal Audit, Compliance & Risk Management Solutions Leader at PwC. “Clarifying the function of each line of defense and collaborating closely between the lines, enabled with technology, helps promote a free and welcomed flow of perspectives and ideas.”