Only 35% boards and directors highly involved in risk management says Deloitte Survey

Last Updated: Wed, Sep 12, 2018 13:42 hrs
Asia Markets

Stepping out of the comfort of your home and walking in the rains could be a risk.

You could take a stroll, get drenched in the rains and absorb the beautiful experience or catch a flu- get bed-ridden, causing unease and probably needing some medical attention.

Walking out of one's comfort zone without an umbrella in management parlance is a risk.

Now, imagine the same situation- pouring rains, walking out the comfy four walls, and a near-dear one spots you walking out without an umbrella. This could be mother, wife, husband, father, brother, sister, the person is immaterial, but the ensuing dialogue is certain- Where are you going... What time will you be back... Why aren't you taking an umbrella... Is the visit even needed?

The questioning arises out of concern, but signifies involvement.

If one were to go with the observations of Deloitte's survey, 35% organisations observed such a high involvement from boards and directors in the area of risk management.

The inverse of the survey is important and worth pondering. 65% boards or directors may not be highly involved with risk management.

Should that ring a bell?

In a world driven by keywords such as VUCA (Volatile, Uncertain, Competitive, Ambigious), and IoT (Internet of Things) and the constant availability of information; boards or directors not actively participating in the risk management process is akin to a mother not asking where her kid is heading to or even prompt a question.

A disconnected board rarely pulls business teams, and cannot proactively initiate earth-shattering innovative processes. Neither can it practice sound business practices, corporate governance and even lead to better customer experience.

Obviously the bigger question is how much of a board-room questioning is sufficient.

Brett King, author of the book Breaking Banks: The Innovators, Rogues, and Strategists Rebooting Banking talks of PayPal and the opportunity it saw in a risk.

King says, PayPal was a security and risk company that stumbled onto Payments.

To quote from King, "It was to find safe ways of facilitating payments between people who were buyers and sellers who couldn't interact in person or were interacting online. What you had at the time, as the Internet boom started, was all these businesses that were forming and selling online, and they didn't have any physical assets-they only had digital assets."

"If you had a small business that had just started a website, looking to sell something on eBay, for example, and you went to the bank and said, 'Could you underwrite me, and allow me to accept electronic payments?,' there was simply no way that these financial institutions could."

PayPal in 2018 posted revenues of over $13 billion with 244 million users.

Other Notable Findings:

The report says that there is a growing demand for a Chief Risk Officer, although the survey says that 64% organisations already had one.

39% of the organisations mentioned that risk management is the responsibility of each business/function and there was no separate CRO role.

The findings also suggest that 12% organisations did not have a well-defined risk management strategy and 27% were unsure of the same.

The survey with 100 top company executives, identifies other factors such as cybersecurity and technology disruptions, as risks besides factoring on compliance to regulatory policies as the key risk.

But even as organisations and Chief Risk Officers noted compliance to regulatory policy as a key risk, respondents were divided on the viewpoint of risk management amongst Indian organisations.

While 44% businesses harnessed risks to find future opportunities and drive returns, 36% used risk management and mitigation with an aim to drive compliance and prevent losses.

This insight is further substantiated with the fact that regulatory risk with 44% leads amongst the top three risk areas in the country, followed by cybersecurity with 31% and technology disruption at 25%, the study added.

The survey says that three years from now, there could be an expected shift in the trend. Cybersecurity is expected to lead with 36% among the top three risks for businesses, followed by technology disruption risk with 33% and regulatory risks at 31%.

"The changing trend demonstrates that with digital transformation, organisation will now need to redefine strategies as they become susceptible to multiple threats emerging through technology disruption," said Rohit Mahajan, President, Risk Advisory at Deloitte India.

He further added that volatility and complexity of each of these risks will continue to increase.

"This essentially means that there needs to be shift from being risk-averse to risk aware, with the power of innovation," said Mahajan.

More from Sify: