Читать книгу Implementing Enterprise Risk Management - Lam James - Страница 12

The numbers show that corporations around the world are recognizing risk management as a priority and moving toward integrated ERM. The 2013 Deloitte Global Risk Management survey indicated that 83 percent of all global financial institutions have an ERM program or are in the process of implementing one, up from 59 percent in 2010.

As a management framework, ERM has been more widely adopted than other management frameworks (e.g., reengineering, balanced scorecard, total quality management). Organizations with established ERM programs have realized and reported significant benefits. For example, 85 percent of financial institutions that had ERM programs in place reported that the total value derived from their programs exceeded costs.8 Three quarters of today's executives feel that their ERM programs provide significant value compared with merely half in 2008.

As ERM adoption has increased over the past several years, the CRO has grown in stature. The 2013 Deloitte Global Risk Management survey indicated that 89 percent of global financial institutions had a CRO or equivalent position. Moreover, 80 percent of the institutions said their CRO reports directly to the CEO and had a formal reporting relationship with their board, up from about 53 percent in 2010.

Outside the financial sector, it's a different story, however. A 2012 paper produced by McKinsey & Company9 pointed out that, unlike financial institutions, most corporates still do not have a CRO, leaving the de facto role of risk manager to the CFO. Furthermore, the goals for ERM improvement vary between the two sectors. Financial institutions are keen to improve their risk culture, IT, and data infrastructure while corporates focus on improving risk-related decisions and processes. Still, the frequency and heft of the CRO is growing throughout all sectors.

Board involvement in ERM has increased as well, particularly since the global financial crisis. Several surveys indicate that risk management has replaced accounting issues as the top concern for corporate boards. Approximately 80 percent of boards now review risk policies and risk appetite statements.10

Although ERM has made significant progress over the past decade, much remains to be done. In a sense, the global financial crisis was the ultimate risk management “stress test.” Many organizations failed, and even those with established ERM programs reported mixed results. Today, organizations appear to understand the need for change. Deloitte's 2013 survey reported that 94 percent of organizations have changed their approach to strategic risk management over the previous three years. Companies cite cultural issues and integrating data across the organization as the two biggest stumbling blocks to improvement.11