NEW YORK, April 18, 2016 /PRNewswire/ -- Risk agility has the ability to maximize growth in the near-term, but aligning agility with risk resiliency will give companies the greatest competitive edge in the long-term, according to a new study from PwC US entitled, Risk in review: Going the distance. Based on a survey of nearly 1,700 participants, the findings are made up of responses from senior executives, board members, and risk professionals from across 23 industry segments, including one-on-one interviews.
"Companies today that leverage risk management as both an offensive and defensive tactic are leading the way in maintaining long-term success," said Dean Simone, leader of PwC's U.S. Risk Assurance practice. "Finding that right median will come differently to companies and industries across the board, but the key is to strike a balance that allows for growth at a comfortable pace, relevant to the risk appetite and tolerance levels set by management and accepted by the board."
The study categorizes respondents into four quadrants, two of which are identified as "high performers" and "faster movers." High performers are companies that have mastered both, high risk agility and risk resilience. They are better qualified to launch business-continuity plans following a disruption and mobilize the internal resources needed for effective communication response efforts to stakeholders. Faster movers are highly agile, but not as resilient, and rely heavily on the strength of their brand name to combat adversity rather than investing more in key risk management tools and techniques.
"Chief Risk Officers (CROs) and Chief Compliance Officers (CCOs) will be the drivers in helping their companies become both risk-resilient and risk-agile. Their roles uniquely position them at the crossroads of risk resilience and agility, giving them an important platform to drive needed organizational change," continued Simone.
Seventy-eight percent of CCOs agree their company's senior management wants them to adopt a more forward-looking view on compliance risks, but only 35 percent say they have adopted such an approach and less than half feel they have the capabilities needed to address the changes in their compliance risk profile. More troubling is that only 27 percent of CCOs say they have ample budget and resources to protect their company from compliance risk.
To help companies achieve long-term growth, PwC outlines ten leading practices that companies can implement to build both a risk-agile and risk resilience infrastructure:
- Align risk management with strategic planning. It's critical for companies to understand its strategy from its earliest development phase, to move from an enterprise risk management to strategic risk management.
- Hold business units accountable for managing and monitoring their risks. Business units should be your company's first line of defense against risk. If this responsibility is solely put on risk management, the company may be focused too much on defense.
- Define your risk appetite. Executives need to understand the extent to which their companies can withstand risk and then aggregate risk across the organization. And communicating that risk appetite across the organization is equally important.
- Invest in data analytics to take a forward-looking view of risk. Software tools are becoming more powerful and predictive, allowing for more transparency across the enterprise. Companies that can integrate these new techniques will have a clear advantage.
- Establish a set of key risk indicators (KRIs) that are relevant to your business, and then align them to your company's key performance indicators (KPIs). Companies that are good at both, tracking KPIs and figuring out what risk events could arise in the future, will succeed.
- Appoint a CRO or similar role, if you don't already have one. The person overseeing risk must have a seat at the strategy table and promote active alignment across the organization. In many large companies, it is a critical C-suite role.
- Develop flexible governance, risk management and compliance technology platforms, and automated security processes across your IT infrastructure. Leading businesses are automating security processes, using advanced analytics to detect incidents quicker, and automating access management processes and risk and compliance management processes.
- Learn how to effectively partner with and leverage third parties. Companies need to learn how to separate core functions from auxiliary ones, and having strong "just-in-time" relationships helps companies find the right resources as the need arises.
- Ensure strong triangulation between strategy, risk management and business continuity management. All three are necessary to create long-term resilience that can then help a company become more risk-agile.
- Remember that risk management is about playing both defense and offense. Companies must change the perception that risk management is merely about keeping the company out of trouble, but also to help prevent roadblocks in order to keep it moving forward.
"Companies that are able to truly align their risk management activities with their strategic planning process and priorities are moving the needle from enterprise risk management to strategic risk management, positioning them for long-term growth and success," continued Brian Schwartz, PwC Partner and Risk Management and Compliance Solutions Leader.
To download a full copy of the report, along with additional related content, please visit: http://www.pwc.com/riskinreview
About PwC's Risk Assurance practice
PwC understands that significant risk is rarely confined to discrete areas within an organization. Rather, most significant risks have a wide-ranging impact across the organization. As a result, PwC's Risk Assurance practice has developed a holistic approach to risk that helps to protect business, facilitate strategic decision making and enhance efficiency. This approach is complemented by the extensive risk and controls technical knowledge and sector-specific experience of its Risk Assurance professionals. The end result is a risk solution tailored to the unique needs of the organization.
About PwC US
At PwC, our purpose is to build trust in society and solve important problems. We're a network of firms in 157 countries with more than 208,000 people who are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting us at www.pwc.com.
© 2016 PwC. All rights reserved. PwC refers to the US member firm or one of its subsidiaries or affiliates, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details.
SOURCE PwC US