Risk management profession maturing as role of practitioners expands to address increasingly complex risk environment, while evolving from operational to more strategic focus.
Download here
Brussels, 21 October 2024 – Organisations must integrate a more holistic risk management framework aligned with overall corporate strategy to address both the immediate threats posed by cyber-attacks and geopolitical and economic uncertainty, plus the longer-term risks of technology shifts, regulatory developments and climate change, believes FERMA following the release of the Global Risk Manager Survey 2024 produced in partnership with PwC.
The global edition of the survey is based on responses from over 1,000 practitioners in 77 countries and was extended beyond Europe for the first time in 2024 and included members of risk management associations in the US (RIMS), Asia (PARIMA), Australasia (RMIA), Latin America (ALARYS), South Africa (IRMSA) and French-speaking risk managers via Club Francorisk.
Managing multiple risk timeframes
The results of the survey show that organisations are having to manage varying threats across different time horizons. The report found that over the next 12 months, the top five risks for companies include cyber-attacks, geopolitical uncertainties, uncertain economic growth, talent management and data breach.
Extending the period to 3 years, the top concerns shift to regulation and the speed of technological change, while the geopolitical environment continues to be a critical area of concern. While at 10 years, the study reveals an exclusive risk focus on environmental challenges, with climate change adaptation, carbon neutrality transition, and natural disasters listed at the top three risks for organisations.
“In a climate of polycrisis and interconnected risk, companies must adopt more integrated and unified risk management frameworks to manage such a spectrum of threats across multiple different timeframes,” said Charlotte Hedemark, President, FERMA. “As illustrated by the survey results, the risk manager’s role in this evolving context is becoming more strategic, with practitioners interacting more at Board level, as well as having increased responsibilities and greater input into corporate strategy and direction.”
Increasing strategic involvement
The report reveals the growing prominence of the risk management function at the strategic level, as well as a broadening of the scope of responsibilities undertaken by risk professionals, with 88% of respondents having responsibilities beyond risk management. However, the findings also demonstrate that there is more that needs to be done to establish a clear position for the risk manager within the Boardroom.
According to the findings, almost half of risk managers are either a permanent member of, or are invited to and participate in, Board and Executive Committees, compared to approximately one third in the Risk Managers Survey in 2022, showing the increasing importance of the risk management function at the decision-making core of organisations.
Analysis of the expanding focus of risk managers within the corporate strategy reveals evolving priorities, including:
- 70% of respondents work on strategic risks response, a 9% increase from 2022
- 53% analyse sustainability risks and impacts, up from 40% in 2022
- The discovery of opportunities related to strategic risks increased from 28% in 2022 to 47%
This shift reflects an improving alignment between risk management and corporate strategy, as organisations move towards fully embedded risk-based approaches to adapt business strategies and explore opportunities. Key areas that risk managers are providing input on include disruption risks (50%) , geopolitical risks (44%), and scenario testing for business plans (37%).
Risk management and ESG integration key area of investment
Risk managers also have a more prominent role in managing ESG risks, with 57% of respondents involved in assessing ESG-related risks, up 22% on 2022, reflecting the synergy in addressing sustainability and ethical practices alongside traditional risk management activities. As a result, integration between risk management and sustainability / ESG is listed as the main area of investment for both the next 1 to 2 years, and the next 3 to 5 years, showing the drive to mature in this area.
There is also a significant rise in respondents’ focus on risk analysis, framework definition and reporting, with practitioners also actively participating in ESG committees. However, the survey reveals that quantifying sustainability risks remains the number one ESG challenge for 58% of respondents, while 49% highlight the limited data available to support ESG analysis/monitoring and therefore quantify risk impact.
While climate change adaptation is the top long-term risk for organisations, the findings show it is ranked third among risks not considered to be “adequately treated”. As a result, evaluating climate risks and impacts remains a top priority, with 60% of organisations identifying climate change risks in their risk maps, while quantifying the physical climate change risks is a top three activity for risk managers.
“The fact that the focus of respondents is now on ‘adaptation to’ as opposed to ‘mitigation of’ climate risks is an important development,” says Typhaine Beaupérin, CEO, FERMA. “We have seen a similar shift of focus to adaptation by the European Commission, as companies look to transform their operating practices to address the unavoidable impacts of climate change.”
Leveraging the benefits of digitalisation
The survey also reveals that risk managers are increasingly leveraging new technologies and data, a development which is critical to their ability to quantify both current and emerging risks effectively – particularly in relation to ESG-related risks – which remains a challenge.
Investing in digital risk management tools is the second most important priority for risk managers within the next 1 to 2 years. As additional requirements are placed on risk managers, risk functions are employing new technologies, tools and data, particularly in areas such as risk quantification, to improve efficiency and strengthen the risk culture. The results show an increase in the use of AI to perform ERM activities from 9% in 2022 to 13% in 2024
“The application of practical risk-focused tools to enhance risk quantification, and the integration of AI capabilities into risk analysis processes to enhance efficiency, are becoming imperatives for risk managers as the scope of their role expands and the scale of data at their disposal increases,” says Xavier Mutzig, Vice President, Board Member and Global Risk Manager Survey lead, FERMA.
Risk identification and assessment continue to be the main technology-centred activities of risk managers, highlighted by 77% of respondents. Interactive visualisation of risk maps has more than doubled to 71% from 33% in 2022, closely followed by action plan monitoring up from 27% to 70%.
ERM models maturing, but room for improvement
The report shows that half of respondents’ organisations have the higher maturity score for their risk assessment approach, conducting an annual comprehensive risk assessment, including identification of emerging risks, and with specific monitoring of key risks.
In addition, 35% of risk managers say that their organisations have a comprehensive risk appetite framework in place with quantitative and qualitative indicators. However, the report notes that there is room for improvement in correlating risks, quantifying a better proportion of them, and performing deep-dive quantification for key risks.
About the Global Risk Managers Survey 2024
The data in this report was collected between January and April 2024 through FERMA’s 23 member associations and via international risk associations including RIMS (the Risk & Insurance Management Society), Alarys (Fundación Latinoamericana de Administracion de Riesgos), PARIMA (Pan-Asia Risk and Insurance Management Association), RMIA (Risk Management Institute of Australasia), IRMSA (the Institute of Risk Management South Africa) and Club Francorisk (the French-speaking risk network). In addition, the survey was shared with PwC’s global network.
Until now a European survey, this year the study was extended globally, and responses were gathered from 1041 respondents in 77 countries.