-- Boards need to more frequently evaluate their organization's risk profile
-- 77% of businesses only evaluate their risk profile annually
-- 46% of organizations still do not utilize a governance, risk and compliance technology
LONDON, Sept. 24, 2015 /PRNewswire/ -- Ninety-seven percent of organizations have made progress in linking their risk management and business objectives, however, a staggering 85% haven't created closer links, according to EY's global governance, risk and compliance (GRC) survey 2015 "There's no reward without risk".
The survey of governance, risk and compliance management (GRC), which is based on the responses from 1,196 C-suite leaders, board audit committees, and assurance and compliance executives across all major industries in 63 countries also cited that 66% of organizations risk management has limited involvement in business decision-making today. Eighty-eight percent of respondents indicate that their Board or their Board committee provides oversight of the organizations risk management activities. However, their Board's ability to provide oversight could be enhanced by more frequent evaluations of the organizations risk profile. Seventy-seven percent of the respondents only evaluate their organizations risk profile on an annual basis, limiting their ability to adjust their business strategy based on changes to their risk landscape.
The global survey finds that organizations are making progress in improving the way they manage risk in response to changing landscape. However, organizations also indicated that there is still further room for improvement and opportunities to be seized.
Paul van Kessel, EY's Global Risk Leader, says:
"Organizations today are challenged with managing a rapidly changing risk landscape, as a result of market volatility, geopolitical crisis, wide-spread economic changes, regulatory reforms and cyber threats. While this creates many challenges for organizations, it is important to think, manage and respond to risk differently: find where there's opportunity in risk and protect against the risk you would like to avoid. With the knowledge that risks are a never-ending challenge and new risks will be encountered every day, a stepped approach to risk management is required in order to build a risk-aware organization."
Linking risk strategy and business performance
Organizations are able to clearly identify the key risks to "own" that not only result in negative consequences, but also those that generate value, enabling a direct linkage between risk and business performance. Eighty-five percent of the respondents indicated opportunity exists to further improve the linkage between risk and business performance and 90% of respondents indicated their company's risk profile slightly or significantly influences their capital allocations.
Effective operating model for better risk control
Respondents clearly recognized the value of a well-coordinated operating model; 67% expected activities to be well-coordinated within three years. However, only 56% of respondents' organizations have created a chief risk officer position to provide oversight over risk management activities.
Leveraging technology and frequent risk communication to efficiently manage risk
Organizations must view technology as a way to more efficiently and effectively execute, as well as sustain, their response to risk. The survey found that 46% of the respondent organizations still do not utilize GRC technology. Leading organizations prepare scorecards, dashboards and other forms of reporting for their Board and executive management, enabling management to adapt the organization's business strategy as appropriate. However, 78% of the survey respondents only prepare management dashboards annually or quarterly indicating further opportunity exists to provide decision-makers with vital risk insights more regularly.
Matt Polak, EY's Global Risk Transformation Leader, says:
"Clearly, organizations are making progress in understanding the myriad of risks they face, but there is still a lot of work to be done to make risk a more integral part of strategic discussions. Better identification of risks, clearer risk ownership processes, more structured and frequent risk communications to decision-makers and better use of technology are all essential to bridge the gap between understanding and execution."
For further information and to download the 2015 report, visit: click here
Notes to editors
EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.
EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com.
This news release has been issued by EYGM Limited, a member of the global EY organization that also does not provide any services to clients.
About the survey
Our global governance, risk and compliance survey 2015 was conducted between February 2015 and March 2015: it asked how well organizations are managing risk and what they need to do to better manage the risks that drive performance. Almost, 1,200 members of the C-suite, board audit committees and various assurance and/or compliance executives participated – representing major industries in 63 countries around the globe. The majority of the survey responses were collected during face-to-face meetings.
EY Global Media Relations