-Only 42% of large UK corporates have a dedicated CRO, despite volatile business environment and increased frequency of ‘Black Swan’ events;
-Lack of clarity on the role of the CRO indicates time for change.
Despite risk management and corporate governance ranking high on the corporate agenda, less than half (42%) of large UK corporates have a Chief Risk Officer (CRO) or equivalent, according to new joint research by Deloitte, the business advisory firm, and executive search specialists, Hedley May.
The report focuses on non-financial companies and surveyed 36 large corporates, including 30 of the FTSE 100 and representing around 70% of the Index’s market capitalisation excluding financial services firms. It found that while many organisations are on a ‘journey’ in terms of developing risk management capabilities, few had a clear view of their destination. Organisations highlighted a lack of uniformity on the role of the CRO and risk function, indicating a possibility that some boards and Executive Committee (Exco) level CROs may not be as well supported as they could be in terms of strategic risk management and risk-return evaluation. Similarly, several non-executive directors questioned whether time allocated by boards to debate risk is sufficient both at Audit Committee and main board level.
Interviewees believe there should be a shift in focus towards upside risks and risk-return trade-offs that have the greatest impact on business performance. Here, respondents highlighted the need to identify and build resilience to the emerging risks and high-impact ‘Black Swan’ events (Tsunami/Fukushima, Eurozone Crises, etc) that can seriously threaten business performance.
Hans-Kristian Bryn, risk partner at Deloitte, commented: “The findings of the report are encouraging in terms of the progress made to date in the areas of risk processes and controls. However, the focus on the downside of risk has prevented companies from maximising the value they can get from good risk management. There is a great opportunity for companies to increase the value of risk management by putting it in a more strategic context and incorporating risk-return more explicitly into decision-making.”
The survey also asked critical questions around the need and desire for an Exco level CRO role similar to those found in financial institutions, and whether such a role would strengthen strategic risk management and enable enhanced performance.
Nick Hedley, Co-founder Hedley May, said: “This is the first report to thoroughly explore the need for a dedicated CRO in corporates. While the responses suggest that companies do not feel they need to replicate the financial services model, it is clear they will need to cultivate and attract new talent to meet ever more demanding risk management challenges.”
Professor Ian Goldin, Director Oxford Martin School, Oxford University concluded: “It is clear that corporates are facing unprecedented challenges in terms of the scale, complexity and interconnectivity of the risk landscape. The report highlights approaches and solutions that address the critical competitive advantage and resilience issues that should be top of mind for Executive and Non-Executive Directors.”
Key findings
-The risk function is combined with internal audit in 73% of the organisations interviewed;
-CFOs play a key role in the more strategic aspects of risk management and are the de facto execution agents for risk-return management;
-Few companies consider risk management holistically as they tend to focus on downside protection and controls rather than risk-return trade-offs in key decisions;
-The interviewees recognised ‘room for improvement’ in current risk management practices;
-Future developments are likely to include actions to improve control effectiveness and enhance risk-return analysis to better inform decision-making;
-Companies need to embed new capabilities to scan for emerging risks and build resilience to the seemingly more prevalent ‘Black Swan’ events that can threaten business performance and survival;
-Non Executive Directors (NEDs) feel insufficient time is allocated to board debate on risk and recognise the need for greater analytical support. Current Financial Reporting Council proposals requiring all directors sign-off on corporate strategy, may drive this change;
-Embedded risk capabilities that better inform and support Exco/board decision-making and execution capacity may become a source of competitive advantage.
|