A recent study by Deloitte surveyed C-suite executives to better understand how they view their organizations’ capabilities in balancing risk and reward. The study showed an abundance of confidence in risk awareness and capabilities, but are they effectively using risk management as a tool in value creation?.

Nearly nine in 10 survey respondents believe value creation should be a key focus of risk management, yet only one in five are taking the steps needed to implement improvements to this end. So how can organizations use risk to create as well as protect value? DCAT Value Chain Insights examines what companies can do.

Riak or reward?
A new Deloitte Global report, Taking Aim at Value: Avoid Overconfidence and Look Again at Risk, surveyed board members and the C-suite to better understand how they view their organizations’ capabilities in balancing risk and reward. The report uncovered an abundance of confidence in risk awareness and capabilities, but are senior stakeholders overstating their organization’s risk prowess?

The results of this survey show companies can use risk management to not only protect value, but as a competitive advantage to power performance. In fact, nearly nine in 10 survey respondents believe value creation should be a key focus of risk management, yet only one in five are taking the steps needed to implement the obvious improvements. And three out of five say their organizations are susceptible to the forces of innovation and disruption which the global business landscape faces today. This report explores these gaps and how organizations can use risk to create as well as protect value. The study surveyed more than 300 C-level or board representatives,across the Americas, EMEA (Europe, Middle East, and Africa), and Asia/Pacific regions between November and December 2016. Key industries surveyed include consumer and industrial products, life sciences and health care, financial services, manufacturing, energy and technology, and media  and telecommunications. The survey sampled a range of companies from $1 billion in revenues and up, including 23% over $20 billion in revenues.  

“Historically, risk management has been a reactive or check-the-box exercise,” said Sam Balaji, Deloitte Global Risk Advisory Leader, in commenting on the study. “Companies are beginning to elevate and closely link the risk conversations to business strategy and drive superior performance; senior executives are now becoming more proactive and deliberate in assessing risks and utilizing them to differentiate and create value in addition to protecting value.”

In order for organizations to build closer alignment between value creation and risk, the role of the chief risk officer (CRO) should be elevated to increase synergy between boards, C-suite executives, and CROs, concludes the study. As the role of the CRO is increasingly seen as a business partner moving forward, 58% respondents say their CROs should spend significantly more time performing the strategist role in which they participate in setting the strategic direction of the company and align risk management strategies accordingly.

“CEOs are realizing the importance of risk and reputation and are relying on the CRO to provide insight into most strategic decisions,” said Chuck Saia, CEO of Deloitte Risk and Financial Advisory, in commenting on the study. “I’ve seen how effective risk management can be when the right people are in the right roles, meeting on a regular basis to talk about strategic and emerging risk issues.”

The study emphasizes that companies need to build closer alignment between value creation and risk. Organizations whose risk management philosophies and programs focus on value creation cite a range of areas where their actions are delivering significant benefits. These areas include customer loyalty, increasing operational resilience, improving cost effectiveness, and identifying and exploiting new business opportunities.

The study also points out that companies need to do more to establish and optimize the role of the CRO: A majority of business leaders surveyed – 63%–state that the firms they represent have a full-time CRO, with an additional 24% stating they believe the role is being performed by another executive. However, research suggests that organizations may not be defining this critical role accurately, or benefiting from it fully.

The study also points out that companies must forge responses to their most strategic risks and opportunities. Although companies say they are focusing on a wide array of both emerging and longstanding strategic and tactical risks, the key question is: are these the right issues? With only 17% of respondents citing cybersecurity and 9% viewing geopolitical issues in the top three risks to their business, it is crucial that organizations do not lose sight of these risks and opportunities at the perimeter, according to the study.

“Business leaders should recalibrate and fortify their risk management programs to ensure strong alignment with business strategy, linking them to value creation and differentiation. Given the pace of change and these findings, it is clear that a healthy dose of self-reflection accompanied by concrete action is imperative to harness the power of risk management to achieve market leadership,” said Balaji.