Senior executives and risk professionals are more aligned than ever on their views of the role that risk management should play in strategic planning. However, the strategic value that risk professionals can deliver may not be fully tapped, according to findings from a survey released today by Marsh and RIMS.
A majority - 52% of C-Suite executives and 47% of risk professionals responding to the 10th annual Excellence in Risk Management survey agreed that the top reason why risk management is included in strategic planning and executive activities is to identify and assess risks arising from the strategic plan. Additionally, 46% of C-Suite and 40% of risk professional respondents agree that the function should provide strategic risk input to the strategic planning process.
Despite the clear role for risk management, however, only 15% of the risk professionals and 20% of the C-Suite respondents said the risk manager is a full member of the strategic planning and/or execution teams, suggesting that risk management has yet to be fully integrated strategically.
"This general move toward risk professionals adding more value to organizations' strategic decisions is encouraging," said Carol Fox, director of the strategic and enterprise risk practice at RIMS. "Yet, there is still much room for growth, and gaps remain between what senior leaders and risk professionals expect from the risk function in its delivery of strategic value."
The report notes that building organizational risk capabilities through education, providing greater risk input into strategic planning/execution, and establishing key risk indicators (KRIs) to guide the overall risk framework within their organizations are desired by the C-Suite.
One of the ways to achieve this is through the use of data and analytics, which risk professionals and senior leaders ranked as the number one and number three focus areas, respectively, for developing risk management capabilities in 2013, the report found. In fact, 74% of respondents said their organizations need to conduct deeper analysis on their risk-related data.
"Data analysis of key risk, financial, and performance indicators that will support the organization's overall risk strategy will help risk professionals close the gap between being an insurance cost center and a strategic thought center," said Marsh's Director of Client Engagement Yvette Connor.
Other significant findings from the survey include:
- The top risks for 2013 reflect shifting priorities as political, regulatory, and environmental conditions changed over the past year. C-Suite executives ranked business disruption as the biggest risk for 2013, while risk managers cited economic conditions as their top risk. In 2012, C-Suite executives and risk professionals ranked economic conditions and legal or regulatory shifts as their number one top risk.
- The risks related to data security and privacy breaches ranked number 12 for risk professionals and number 26 among C-Suite respondents, while exposure to technology and systems failures ranked number 16 and number 18 respectively. The findings are somewhat surprising given the coverage the topic has received in the media and other venues including the Davos World Economic Forum.
- 80% of C-Suite respondents and 75% of risk professionals say they do not aggregate risks at the portfolio level, demonstrating an immediate opportunity for risk managers to coordinate information into a portfolio view.
The survey was compiled from online responses received in February 2013 from more than 1,200 risk managers, C-suite executives, and others involved in risk-related functions. Those responding to the survey were from public and private companies (39% each), non-profit (12%), and the government (10%).
Findings from the survey were published jointly by Marsh and RIMS and released today at the RIMS 2013 Annual Conference & Exhibition. Copies of the survey are also available on www.rims.org.