Evolving regulatory complexity and efforts to mitigate risk strongly influence risk-management programs, according to new research from KPMG LLP. But just 16% of the 100-plus executives polled at the 2012 RSA Archer GRC Summit in Chicago described their risk-management processes as automated, despite the availability of technologies to help manage risk.

Of note, respondents were mainly from highly regulated, technology-dependent industries: financial services, 47%; technology and telecommunications, 19%; and health care and pharmaceuticals, 9%.

“The number of respondents using the low-tech approach to managing risk surprised us, particularly when most organizations have placed such an incredible focus on their enterprise-wide risk management [ERM] processes after more than a decade of complex regulatory change and financial crises,” says Greg Bell, a U.S. principal at KPMG and Global Information Protection and Business Resilience leader. 

Bell says 64% of respondents described their ERM programs as manual, while 20% said they utilized data warehousing. Yet, 40% cited regulatory requirements or expectations as most strongly influencing their organization’s interest in ERM, followed closely by risk mitigation (38%) and improving business performance (10%).

Deon Minnaar, a KPMG partner and national leader for Governance, Risk, and Compliance services, says the results demonstrate that many companies still struggle with how to best manage the methods by which they monitor risk functions.

Given the volume of risk, information technology (IT) remains central to oversight functions, by aligning and integrating risk-related information. IT also provides new opportunities as analytics is used to better leverage internal and external data and to gain a competitive advantage in risk management and elsewhere in the organization, Minnaar notes.

Other findings include:

•    Organizational or geographical silos and politics were cited by 50% of respondents as the main impediment to effective ERM, followed by lack of resources (19%); conflicting priorities (12%); unclear benefits (11%); the cost of ERM software (4%); and board or executive resistance (4%).

•    Few organizations (17%) have a formal ERM training and awareness program; 40% had a “somewhat” formal training and awareness program, while 43% had no training process.

•    Two-thirds of those polled said their organization formally aligned ERM with strategic initiatives either “extremely well,” “good,” or “moderate,” compared to slightly more than one-third that rated their organization’s ability as either “poor” or “extremely poor.”

http://www.kpmg.com/US/en/IssuesAndInsights/ArticlesPublications/Press-Releases/Pages/Despite-Increased-Corporate-Focus-On-Risk-Processes-Around-Risk-Management-Remain-Largely-Manual-KPMG-Poll-Finds.aspx


[This article was posted on July 17, 2012, on the website of ABA Banking Journal, www.ababj.com.]          

TrackBack URI for this entry