A recent survey by Deloitte has highlighted a number interesting risk management trends. Deloitte interviewed over 190 CIO's in a wide variety of industries regarding their reaction to risk in the current highly volatile environment.
One of the most notable results was that a stunning 91% of respondents plan to reorganize and reprioritise their approaches to risk management over the coming three years. This seems to reflect a sense by the respondents that volatily in the markets is not set to decline, but indeed potentially worsen over the next few years due to the aftershocks still permeating through the global economy. This was particularly the case with financial risks, which two thirds of the group felt were of particular concern in the immediate future.
When asked how they plan to reorganize and/or reprioritize their risk management approach in the coming three years, the majority (52%) planned to elevate the profile of risk management throughout their organizations; the next most popular responses were reorganizing risk management processes (39%), providing additional training for staff (37%), incorporating new technology (31%), and integrating risk into strategic planning (28%).
Centralized vs Distributed Risk Management
The survey also showed a continued focus on a centralized approach to risk management, with 77% respondents already using a centralized model. Significantly more respondents emphasised the centralized approach than the distributed model. As noted, the centralized approach increases the likelihood that key risk issues "bubble" to the top leadership by analysis of data from risk champions in the field. However, executives also highlighted the importance of ownership and accountability remaining with business executives at a local level.
Strategic and Technology Risks see Budget Rises
Strategic risk and technology risks weere seen as the two main areas where their organizations were making significant increases in the risk management budget. However, around 50% of respondents said that they were seeking to maintain their current budget for their risk management activities, with a focus on better alignment and the use of new technologies where appropriate.
Use of Risk Management Technologies
Interestingly, only 25% of respondents utilized some form of automated risk monitoring to continously track within the business. The majority of risk tracking appeared to be done on a quarterly basis instead. Nevertheless, 28% of executives said that they were actively looking to introduce automated processes into their organization. While automation is not the answer to all risk scenarios, it is clear that in the case of measureable risks, such as financial risks, the ability to provide senior executives with automated risk dashboards is seen of increasing value.
As outlined in the report, this is something that seems highly specific to each organization, thus requiring technology solutions that are highly configurable to their specific needs.
Social Media Risks
One particular area of emerging risk was the use of social media, which CIO's ranked as important as finance risks over the next few years. Interviewees indicated that this risk is rising and relates to an overall concern over cyber attacks as well as exposure to unwarranted public attention.
What are the Key Challenges for CIO's
Given that there are no turnkey enterprise GRC solutions available that address all risk environments, CIO's are having to devise ways to adapt to the specific mix of risks that effect their organization and business sector. The good news is that flexible GRC platforms such as that provided by Xactium do have the flexibility to adapt to the complex risk environments that are being met by CIO's. Furthermore, many organizations are clearly beginning to see the importance that CIO's and technologies contribute in addressing their enterprise risk management initatives.
Given the outcome of this survey 2013 will undoubtedly bring a greater focus on the use of tools such as big data, dashboards and analytics within risk management activities.