Buffeted by global competition and the continuing aftermath of the financial crisis, European companies are prioritising risk management as never before, although some weaknesses remain.

These findings come from research on risk management leadership conducted with risk managers from the Federation of European Risk Management (FERMA) and the public sector associations PRIMO by Harvard Business Review Analytic Services sponsored by insurer Zurich.

In their responses, more than 200 executives at major European organisations emphasise how top management and the board are increasingly setting direction and taking tighter control of risk management, integrating it with overall company strategy and embedding it deeper into corporate culture.

In 2014, FERMA will conduct its pan-European risk management benchmarking survey which will delve further into some of the issues highlighted by these results.

The current survey indicates that, at 35% of organisa­tions, either a CRO or a risk manager has direct responsibility for risk management. At 27%, either the CEO or the CFO/treasurer has direct responsibility, while the board itself is responsible at 14%.

In all cases, companies emphasise the importance of board engagement. FERMA board member Jo Willaert, Corporate Risk Manager of Agfa-Gevaert, said “You need the support of the board. If you do not have the support of the board, it will not work.”

The majority of companies have education and review processes in place to keep the board and the senior executives informed about their risk exposures. Key risks are communicated to the C-suite regularly at 70% of organisations.

More than half the organisations surveyed, 56% said, they have increased the resources devoted to risk-related education and training over the past three years for chief risk office level and above, at the least.

Making these processes work requires a conduit for risk information: 75% cited the risk function as a channel by which information, intelligence and advice on risk reaches senior management.

However, only 17% of respondents described communication between the C-suite and the CRO as being com­prehensive or nearly so. More than one in four, 29 %, expressed concern about a ‘good news culture’ that meant management did not receive unvarnished information on risk.

And 40% said their organisation has not yet set up a broad-based, cross-func­tional risk committee– despite the crucial role the risk committee plays in making sure that risk data are discussed thoroughly and passed on to the board.

The survey also found that companies have been slow to adopt risk-based incentives as part of compensation. Only 12% said they align risk management with executive pay.

Jo Willaert

Jo Willaert

Jo Willaert commented said: “These are not essentials for a successful risk management strategy but they show risk management has room to grow in the C-suite.”

Companies aspire to forge closer links between risk management and strategic planning. Roughly half said their risk management process is closely or very closely aligned with their overall strategy and budget. At the same time, there has been less progress at bringing the risk function’s resources to bear on transformative business projects, such as mergers, acquisitions and divestments. Only 20% described the risk function as a tool for making more effective strategic decisions and investments.

Priority risk areas

These were the risk categories to which respondents ranked as of greatest concern:

Strategic                                              63%
Financial                                              55%
IT/data privacy                                     44%
Legal and regulatory compliance        44%
Brand/reputation                                  42%
Market/competition                              42%
Technology                                          41%
Systemic                                              37%
Political/geopolitical                              35%
Workforce                                            33%
Natural disasters                                  20%
Terrorism/violence                                10%

Further research

The report is available : Leadership in Risk Management report

The results are available here

For more information, visit the page