Businesses 'overstating their risk awareness, capabilities'

Most businesses believe they manage risks well, with 61 per cent saying their approach to risk management is either "sophisticated" or "highly sophisticated".
Most businesses believe they manage risks well, with 61 per cent saying their approach to risk management is either "sophisticated" or "highly sophisticated". PHOTO: ST FILE

Global business leaders have an "abundance of confidence" in their management of risk but might be downplaying the significance of factors such as technology and cyber security risks, consulting firm Deloitte has said.

In a new survey report, Taking Aim At Value: Avoid Overconfidence And Look Again At Risk, the firm found that 82 per cent of respondents believe they are taking the right amount of risks.

Most also believe they manage risks well, with 61 per cent saying their approach to risk management is either "sophisticated" or "highly sophisticated".

Deloitte's global risk advisory business leader Sam Balaji said: "What we found is an abundance of confidence that, quite frankly, should be taken as a warning: Too many senior stakeholders are likely overstating their risk awareness and capabilities."

Certainly, most firms have lifted their risk management focus since the 2008/2009 global economic downturn, he noted.

"But undoubtedly, much of risk management seems to be a heads-down, check-the-box exercise. Which is particularly curious when considering the disruptive forces at play today."

For example, the report noted, amid so much uncertainty in the world today, only 9 per cent of survey respondents cite geopolitical risks as one of the top three forces exerting an impact on their business strategy.

Despite the rapid evolution of digital platforms and processes, only "relative minorities" included technology and cyber security risks among the top three factors affecting their business strategy.

...the report noted, amid so much uncertainty in the world today, only 9 per cent of survey respondents cite geopolitical risks as one of the top three forces exerting an impact on their business strategy.

And while 87 per cent of the respondents said a company's risk management strategy should drive value creation instead of merely avoiding risk, only 18 per cent said they were actually harnessing risk management to drive returns.

The survey polled over 300 C-level or board representatives globally between November and December last year.

Dr Janson Yap, the regional managing partner of Deloitte's South-east Asia and Asia-Pacific risk advisory, added: "Local boards and management have identified strategic and reputational risk as a key risk which most companies are least prepared to address.

"With the globalisation of our business landscape and the change in mindset towards risk, many are starting to recognise that it is not a matter of if, but when, these risks will take place."

Hence, there is an increasing need for local businesses to be open to innovation and create value from these risks, he said.

In order for organisations to marry risk and value creation, many companies are aware that the role of the chief risk officer (CRO) should be elevated, Deloitte said.

"As the role of the CRO is increasingly seen as a business partner moving forward, 58 per cent of respondents say their CROs should spend significantly more time performing the strategist role in which they participate in setting the strategic direction of the company and align risk management strategies accordingly."

A version of this article appeared in the print edition of The Straits Times on June 17, 2017, with the headline 'Businesses 'overstating their risk awareness, capabilities''. Print Edition | Subscribe