Few would argue the increasingly critical role risk management plays in keeping a company competitive, and in response many organizations have developed some sort of risk management program. However, many lack breadth, focus on compliance or are little better than fire-fighting tools to address immediate needs. That's not good, notes KPMG LLP, in a new report. As new and unexpected risks continue to emerge, the advisory firm says developing a comprehensive, strategic response grows increasingly important and so too does the development of a dedicated risk executive.
What is a risk executive? "His or her key purpose is to help prepare the organization to respond to change and the risks that emerge in changing times, and to turn those efforts into opportunities that benefit the organization," writes KPMG in its report "The Business Case for a Risk Executive: Leading Efforts to Avoid Surprises, Maneuver through Challenges, and Add Value."
Without a risk executive, risk management roles tend to exist in silos, the report says. Procedures are developed by leaders in specific areas and are shared only within that area. As a result of this structure, "an overall perspective on organizational risk is not possible," the report authors note. "A risk executive managing ERM [enterprise risk management] would be empowered to establish a common approach and enforce the discipline that allows aggregation, prioritization, quantification, analysis, and reporting of risk at the enterprise level."
Critical to driving a strong enterprise risk management strategy is choosing the right person to act as the risk executive. KPMG suggests that the risk executive can come from various departments within an organization. More important are the skills the person brings to the job. A risk executive must possess the skills to drive the organization's risk management effort to the next level. He or she must be a strategic thinker. Also, the right person must have the breadth of industry and institutional knowledge to be credible. Finally, the report notes, the best risk executive must be an independent thinker who can gain the trust of C-level executives and one who is an experienced project manager.
The KPMG paper also outlines key questions the risk executive, along with the board and management, should be addressing in their efforts to create a more robust risk management approach. Among those questions: Does our existing risk profile accurately capture our risks, and is it regularly reviewed and updated so we can avoid surprises given the velocity of economic change and the business environment?
The complete report is available online in pdf format at The Business Case for a Risk Executive.
Interested in information related to this topic? Subscribe to our weekly Continuous Improvement enewsletter.