Getting Risk Management Right: Making the Case for Risk Maturity
Learn how to make the business case for investing in risk maturity in today’s uncertain climate, and how to address deeply imbalanced risk management practices to address the risks most likely to result in significant value losses. Download the full Strengthening ERM: A Key to Success in a Volatile Environment whitepaper below, and watch the on-demand webinar recording to hear AuditBoard’s Anand Bhakta go deeper into concrete steps to develop more mature risk programs.
As the magnitude and complexity of business risks grow, organizations face mounting pressure from Boards and investors to develop their enterprise risk management (ERM) plans. But not all business risks are created equal.
According to a CEB/Gartner study, 86% of significant market capitalization declines from 2004-2014 — characterized by a 40% or more drop in share price in a year — were caused by strategic risks, such as product/services competition or declining demand for a core product.
Deloitte’s Value Killers study found the triggering risks behind the largest company value loss events of the last decade (~40% of their value lost in a month) were strategic and external risks. Notably, 90% of companies were hurt by several of these risks working in concert, even if there was a single triggering risk event. There is much to be gleaned from these historical patterns in our current times. For example, an external risk, such as the COVID-19 pandemic, could couple with a strategic risk to set off a cascade of negative outcomes in an organization, leading to significant value losses.
A Dangerous State of Imbalance: Focusing on Risk in All the Wrong Places
In light of this information, current risk practices are greatly imbalanced. A CEB/Gartner study found that organizations spend a shockingly insufficient amount of time on strategic and external risks. In particular, audit departments spend only 6% of their risk management time on strategic risks, compared to 81% spent on operational and financial risk management activities (though operational and financial risks comprise only 11% of value loss drivers).
Moreover, a 2018 study found that only 22% of organizations with ERM programs in place described their risk management programs as “mature.” Such stark numbers illuminate the greater overarching issue of risk maturity and its effects on organizational success.
Risk Maturity’s Impact on Business Success
A tell-tale sign of misguided risk management and low risk maturity is an organization whose leadership team places more focus on risk than reward by applying risk prevention attitudes appropriate for financial and operational risks to strategic risks, creating a culture of risk aversion that hinders growth opportunities.
On the other hand, effective business leaders understand that organizations must take risks in order to be successful in a competitive business landscape. This is why leading companies with mature risk practices have C-Suites who link risk to overall corporate strategy, and view every decision as a risk. The latest research reveals higher levels of ERM program maturity — characterized by robust executive engagement, Board engagement, and a risk infrastructure built upon viewing ERM as an important strategic tool — provide the most value to businesses.
Further, according to the Risk Maturity Index developed by Aon and the Wharton School of the University of Pennsylvania, higher risk maturity ratings are linked to better stock price performance, lower market volatility (and reduced insurance premiums), higher market valuation, and greater organizational resilience in response to key market events.
In short, focusing on building risk maturity is the key to effective risk management. Download the full Strengthening ERM: A Key to Success in a Volatile Environment whitepaper below to learn more strategies for balancing risk management infrastructure and developing mature risk management programs.
Fill out the form below to get your free copy of Strengthening ERM: A Key to Success in a Volatile Environment
Anand Bhakta is Sr. Director of Risk Solutions at AuditBoard and a cofounder and Principal of SAS. He has over twenty years of audit and advisory experience. Anand spent 8 years at Ernst & Young prior to SAS, and has served as a trusted advisor for numerous internal audit and management executives. Connect with Anand on LinkedIn.
