Читать книгу The Failure of Risk Management - Douglas W. Hubbard - Страница 26

Writing about the “current state” of anything in a book that gets a new edition once a decade may seem like a very low-resolution picture of reality. But the (unfortunate) slow pace of change makes the current state of risk management easier to capture even with such infrequent updates.

To get a finger on the pulse of the current state of risk management, we could rely on the anecdotes of my network of connections in risk management. And I do to some degree. But the best tool we have is structured surveys of various levels of management in organizations. My firm, Hubbard Decision Research (HDR), collaborated with The Netherlands office of the consulting firm KPMG to survey 283 organizations and risk experts from fifty-three countries across many industries. Organizations ranged in size: eighty-four had less than one hundred employees and seventy had more than ten thousand employees. Respondents represented analysts, risk managers, CEOs, and many levels in between. Our focus was to investigate details about how organizations and risk professionals actually assessed and managed risks and what the effect of those efforts were.

In addition to this survey, I have updated a summary of three major sources of surveys mentioned in the first edition of this book. We will look at some surveys conducted between 2007 and 2018 by The Economist Intelligence Unit (EIU),¹ Aon Global Risk Consulting,² and Protiviti.³ And I will throw in some related observations from two other smaller surveys conducted by HDR, which asked risk management–related questions: a 2015 survey of 173 cybersecurity experts and a 2018 survey of eighty project managers. All of the surveys included responses from organizations around the world, from small to Fortune 500 companies in many industries as well as large government agencies. Here is a summary of findings:

 Growth in risk management was fast but may have cooled off: In 2007, the Aon survey said 50 percent reported having a formal risk management function and 88 percent said the board was engaged in risk issues. The growth was apparently fast, for a while. The Aon 2017 survey says that 66 percent now have a formal risk function—down slightly from 2015. These numbers don't quite align with the findings of the HDR/KPMG survey, which found that of those who currently have a risk management function, 65 percent say they implemented it since 2007. (That difference could be a difference in the respondent population.) Furthermore, growth in the number of staff in those departments has leveled off according to the Aon survey.

 There is support for risk management—mostly: The 2017 EIU report states that lack of support from senior management was a concern of only 21 percent in the previous year and only 15 percent expect it to be a concern in the next year. However, the HDR/KPMG survey finds that a higher proportion (31 percent) believe there is “no recognition by top management in the importance of risk assessment.”

 Influence of risk management is not as high as it could be: Regarding influence, the HDR/KPMG survey finds that 67 percent say risk assessment is used to provide “some guidance” or “significant guidance” in “major decisions” whereas the 2017 EIU finds that only 47 percent say the risk function plays a role in strategic decisions.