Survey Says Key Risks Not Being Continually Monitored

A new Deloitte and Forbes Insights survey reveals that fewer than 25 percent of executives report that their organizations continuously monitor risk. While the majority of respondents anticipated that the global economic environment will remain the greatest source of risk through 2015, more than one in four (27 percent), predicted that risks posed by social media would play an increasingly important role.

Forty-one percent of respondents said that they saw the global economic environment as the most important source of risk over the next three years, and nearly one-third put government spending and budget into that category. Regulatory changes were of concern to 30 percent of respondents and both social media and financial risk were seen as a concern by 27 percent. The top areas of concern regarding increased volatility over the next three years included financial risk (66 percent of respondents), followed by strategic risk (63 percent) and operational risk (58 percent).

"Social media wasn't even on the radar a few years ago, and we're now seeing it ranked among the top five sources of risk, on the same level as financial risk," said Henry Ristuccia, partner, Deloitte & Touche LLP and co-leader of Deloitte's Governance and Risk Management services. "The rise of social media is just another contributor to the volatile risk environment companies are being forced to navigate. The current marketplace seems to require that organizations be nimble in their risk assessment approach, whether it's dealing with what employees post on social networks, or how they're coping with regulatory changes or taking advantage of the opportunities rewarded risks can create."

More than 50 percent of executives believe that regulatory, technological and geopolitical risk will increase in volatility, and 55 percent of executives surveyed reported that their organizations will revamp their risk approach within the next 12 months; roughly nine in 10 (91 percent) reported that they plan to reorganize their approach to risk management in some form or other over the next three years.

When asked how they planned to accomplish this, the majority (52 percent) said that they would elevate the profile of risk management throughout their organizations. Other areas viewed as key included reorganizing risk management processes (39 percent), additional training for staff (37 percent), incorporating new technology (31 percent) and integrating risk into strategic planning (28 percent).

Despite advances in risk-related technologies as well as concern about unstable risks, the survey found that automation tools and tools used for continuously monitoring risk are underutilized. Most monitoring is done periodically, on a monthly, quarterly, biannual or annual basis.

"Based on the findings of this survey, and our interactions with clients, we believe technology has the potential to play a breakout role in the management of risk, but many companies are still behind the curve in this area," said Mark Carey, partner, Deloitte & Touche LLP and leader of the U.S. Governance and Risk Strategies services for commercial and public sector industries. "It is encouraging, however, that more than half the respondents said their companies were planning to invest in continuous risk monitoring, and the tools that are available should not only help them with risk management overall, but also increase efficiency and decrease costs over time."

The companies that participated in the survey were from three sectors: life sciences and healthcare; consumer and industrial; and technology, media and telecom. When it comes to risk management, there is no "one-size-fits-all" model. Survey respondents disclosed varying perceptions of risk as well as diverse beliefs with regard to the allocation of resources and organization of the ERM processes.

Additional Survey Findings:

Risk viewed as C-suite issue. Risk management has become a C-suite issue. Twenty-six percent of those surveyed said that the main responsibility for overall risk management belongs to the chief executive officer, with 23 percent assigning this responsibility to the chief financial officer or treasurer. Interestingly, the chief risk officer or head of risk came in third place, with 19 percent.
Automated risk management systems and processes. Dashboard reporting for senior stakeholders, data analysis and self-assessment are most often a mix of manual and automated processes. Twenty-eight percent of respondents said that their companies were in the process of automating their risk reporting.
Budgeting for risk expected to remain stable. Respondents indicated that strategic risk and technology risk were the two areas where budgets will increase the most. Around 50 percent of respondents said they expect minimal change to risk management budgets across the board. Fewer than 15 percent of respondents across all risk areas said risk budgets would decrease over the next three years.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.