Making risk a game-changer

PRICEWATERHOUSECOOPERS: WHILE THE rest of us are attempting to make good on our new year’s resolutions many of the world’s leading…

PRICEWATERHOUSECOOPERS:WHILE THE rest of us are attempting to make good on our new year's resolutions many of the world's leading companies will be coming to grips with a radically changed risk environment.

“We are seeing major structural changes in the approach to risk management,” says PwC risk management services partner Mike Sullivan. “We are seeing far more instances of chief risk officers being put in place. It is no longer a part-time role. Risk management is now a critical requirement for companies and the support functions it requires have to be given additional resources.”

Risk management is nothing new of course. “It has always been on the agenda in well-run organisations,” says Sullivan. “What we have been seeing is that it is moving up the agenda. Current economic uncertainty is impacting on every aspect of business. In our recent survey of chief finance officers 89 per cent of them said they were going to approach risk differently in 2012. Companies are having to look at risks now which previously would have been seen as remote possibilities. We are now seeing companies doing scenario planning around events like the disappearance of the euro.”

This is not to say that anyone actually expects this to happen, it’s just that they have to be prepared for the eventuality and its practical implications. “For example, companies with supply chains outside of Ireland have to explore what might happen if they are no longer using the euro. They have to engage in these types of ‘what if?’ exercises,” says Sullivan.

READ MORE

But it is not just prudence which is causing them to do this. “One of the other drivers is regulatory activity; particularly around financial services,” says Sullivan. “On a practical level this means that companies will have to review their risk management practices to ensure that they meet regulatory requirements.”

It’s not all negative either. “On a more encouraging note, companies are seeing good risk management as a positive differentiator in the market. If customers have a choice of who to do business with in today’s environment they are more likely to choose the organisation with the best risk-management practices. It’s not just price anymore.”

Knowing where to start is the issue for many firms who wish to move risk management up their corporate agendas and make their processes fit for purpose.

“You have to start at the top,” Sullivan says. “The audit committee plays a key role in the oversight and control of risk in a company and it is an absolute necessity to have a strong audit committee in place. One key action a company should take in reviewing their risk management processes and policies is to review their audit committees and highlight any additional focus or expertise which might be required.”

The next level is the internal audit function. “If you have a strong internal audit function in place it ensures that risks are managed properly and that adequate controls are in place,” Sullivan says. “But this area needs adequate skills, resources and training if it is to deal with the risks companies are facing now. These are not what they were. For example, cybercrime has now emerged as a major risk but this needs very strong technical skills and these are quite rare. Many companies may need help in addressing these new risks.

“Carrying out a fraud risk assessment is another important key step. The increased incidence of corporate fraud is quite worrying and the best way to fight this is to know your organisation’s weaknesses. Fraud is a fact of life and the current economic climate is making it even more of a risk. The better companies are more proactive in dealing with this; the others are more reactive and by that stage it’s usually too late.”

Sullivan’s other piece of advice for organisations is to accept that risk is a fact of life. “It is impossible to eliminate risk. In fact it would be unhealthy to do so. Risk has to be constantly on the agenda. Risk management is a never-ending journey; if you take the practical steps to manage it your organisation will be in far better shape. Organisations need to look at their risk policies and see if they match their current needs. More and more companies are struggling in the current climate, there is uncertainty over everything and there are very few safe havens left. Indeed, companies now have to look far more closely at political risks by looking at risk at a country level as well as at a corporate level.”

And central to all of this for many organisations will be the appointment of a chief risk officer but this might be easier said than done. “Experienced chief risk officers are not easy to get. They need regulatory skills, compliance skills, and good commercial instincts. They need to be able to look beyond processes. It takes time to get the right people in place and if companies don’t address this now they will struggle to get the right people in the future.”