IN BRIEF:
• Board surveys reveal a pressing need for more effective risk management, with several boards recognizing room for improvement.
• The strategic empowerment of CROs is essential to navigate the complex risk landscape and capitalize on emerging opportunities.
• Implementing a connected risk approach and embracing technology are key steps to advancing risk management practices and driving organizational value.
In an era where risk landscapes are rapidly evolving, the role of Chief Risk Officers (CROs) has never been more crucial. The 2023 EY Global Board Risk Survey revealed a stark reality: 60% of boards agree that emerging risks are insufficiently addressed in risk management. Looking ahead, the survey suggests that boards need to strengthen their governance structures, processes and knowledge to improve oversight of both risks and opportunities.
The survey further echoes the urgency for robust risk management, identifying various risks poised to severely impact organizations in the upcoming year. From geopolitical events and supply chain disruptions to cyberattacks and changing customer demands, the array of threats is diverse and daunting. Notably, while certain risks such as changing customer demands have decreased in perceived importance since 2021, others like misaligned culture and increased remote working have surged in significance.
EMPOWERING THE CHIEF RISK OFFICER
Successful risk management lies in the empowerment of the CRO. In many non-regulated sectors, this role is not formally recognized within the C-suite, despite the intense demands on risk leaders. As the complexity of the risk environment evolves, the need for CROs to collaborate closely with executive management and the board becomes paramount.
Boards now expect executive management to identify risks and uncover the opportunities they may present. For example, a competitor’s new joint venture could be seen as a threat, but from a strategic standpoint, it might also represent an acquisition target or potential partnership. Additionally, boards are calling for a deeper understanding of interconnected risks and their second-order impacts, such as the multifaceted challenges posed by climate change.
CROs must be fully integrated into the business strategy and kept abreast of emerging megatrends that could affect the organization. Their insights are invaluable for mitigating downside risk and seizing “upside” opportunities. To be effective, CROs need clear and open communication channels with other senior executives and should be involved in regular management reporting, including strategies, business plans, and investment proposals.
Successful risk stewards are characterized by their ability to break down organizational silos and work across all lines of defense. They understand the cultural risk appetite and can motivate leaders to adopt a common risk definition. Their experience in prioritizing risk outcomes is crucial for organizational performance.
CONNECTED RISK APPROACH
A connected risk approach leverages improved data access to risk taxonomy, implements dynamic risk assessment methods that adapt to the changing business environment, and coordinates risk response and reporting across all Three Lines (e.g., management, risk and compliance teams and internal audit). This approach unifies data on a common platform, offering continuous refresh capabilities and creating value through analytics and dashboards for better risk management planning.
To execute a connected risk approach, an integrated risk taxonomy is essential. It provides a single view of risk by connecting data from traditionally siloed functions across the Three Lines. This enables rapid identification and assessment of risks that matter. Building a dynamic risk assessment is a collaborative effort that must be comprehensive and flexible, incorporating new data and market changes for agility.
The dynamic risk assessment process includes orienting the mandate to manage risk, identifying risks through data-driven inputs, prioritizing current risks, and responding in a manner that fits the organization’s risk posture. It incorporates qualitative assessments, quantitative metrics, risk performance leveraging a common taxonomy, and external data to challenge internal risk assessments.
TECHNOLOGY-ENABLED RISK MANAGEMENT
The 2023 EY Global Board Risk Survey indicates that only 31% of boards say their oversight of risks related to digital transformations is very effective, while 19% say it is slightly or less effective. Traditional risk management, which relied on professional judgment and manual processes, must evolve to take advantage of automation and data analysis capabilities.
Integrated Risk Management treats risk and compliance activities as an enterprise-wide responsibility, promoting transparency and better decision-making. Automation technology can process low-value manual tasks and free up management time to enable them to focus on emerging risks, while data collection and monitoring can be automated to occur in real time to flag issues earlier. Cloud and AI technologies can execute complex scenario analyses and reveal insights into risk interdependencies.
An integrated risk platform is foundational for connected risk capabilities, storing and modeling relationships between various data sources. This unified technology solution provides better insights, enabling a common risk ecosystem, consolidating risk management activities, and managing customer expectations through informed risk-taking.
FOSTERING RESILIENT RISK LEADERSHIP
To be risk resilient, the boards need to understand the full spectrum of current and emerging risks that could impact the organization. CROs can swiftly generate value by aggregating risk registers to form a comprehensive risk landscape and conducting collaborative sessions to unify risk definitions across the organization. This establishes a centralized framework and common taxonomy, essential for integrating risk management with strategic and operational planning. By embedding risk considerations into decision-making and employing technology for automation, CROs enhance the organization’s proactive risk posture, turning risk management into a strategic asset for resilience and success.
As organizations strive for resilience amid escalating risks, empowering CROs is essential. They must break down silos, foster collaborative interactions, adopt a connected risk approach, and harness technology to modernize risk management strategies. The strategic empowerment of CROs is not just beneficial — it is imperative for safeguarding and driving value.
This article is for general information only and is not a substitute for professional advice where the facts and circumstances warrant. The views and opinions expressed above are those of the authors and do not necessarily represent the views of SGV & Co.
Christiane Joymiel C. Say-Mendoza and Joseph Ian M. Canlas are business consulting partners of SGV & Co.
