Last month during the G20 Summit in Pittsburgh, leaders discussed the need for greater global regulation of the financial system. The high-profile nature of the G20 Summit once again puts risk management, as well as the sister disciplines of governance and compliance, at the forefront of the corporate agenda. It is afforded this prestigious status because many agree that shortcomings in risk management practices where too many companies were blinded by short-term gains and opportunities, and took on excessive risk helped trigger the financial crisis and subsequent economic downturn. In the aftermath of the financial crisis, companies need to seriously rethink their approach to risk management by giving it a more strategic focus, dismantling unintegrated risk silos, and using IT tools and applications to help define the appropriate processes to govern, comply and manage risk.
The need to improve risk management practices stretches beyond the boundaries of the financial sector
One consequence of the financial crisis is that it has reaffirmed that existing approaches to risk management where organisations took a siloed view of risk across their operations were often ineffective, disparate and costly to maintain. The G20 Summit has focused its risk management reforms (such as a proposal for linking bank pay to a banks capital and liquidity position) within the financial sector. But the need to improve risk management applies equally to other industries.
Pressure to improve risk management practices not only comes internally within the enterprise; it also comes from external stakeholders such as regulators, investors and credit agencies. In the latter case, Standard and Poors assessment of creditworthiness which takes into account the quality of risk management practices has now been extended to nearly all industry sectors including retail, automotive, and entertainment and media. As risk management practices start to influence the credit ratings, we expect more enterprises to look closely at how they anticipate, manage and mitigate risk to their business.
Breaking down the silos remains the biggest challenge
Removing risk management silos is one such area where companies are looking to improve risk management practices. Risk silos occur when individual business units become responsible for identifying, assessing and managing risk factors with their own set of tools, models and applications. The net effect is that risk factors are assessed in isolation, often with little or no regard for other related risk areas. An example of this occurred when financial traders that were experts in market risk found themselves trading instruments that were loaded with credit risk.
Having a more coordinated approach where companies place a more strategic focus on risk management efforts and integrate separate risk silos for instance, by linking strategic, financial, operational and regulatory risk initiatives can improve visibility across the organisation. This also requires senior management involvement in defining the appropriate processes to govern, comply and manage risk across the business.
Sign up for CIO Asia eNewsletters.