Companies Fail to Recognize Impact of Risk and Compliance Failures

Most people would agree that the first step in solving a problem is admitting that yes, indeed, there is a problem.

So, how are companies going to implement effective risk and compliance management practices if they don't even realize the impact of risk or compliance failures on their organization?

A new report written by the Economist Intelligence Unit illustrates my concerns.

After a worldwide survey of 385 senior executives from the finance, risk, compliance and legal functions across six industries and the public sector, the data shows that few companies have the big picture' view needed for effective risk and compliance management. Even though they understand the importance of an integrated approach to these activities, many have short-sighted practices that end up becoming costly and complex burdens. What's more, these disparate responses often keep the "true" level of risk out of sight of the wider organization.

For example, the study found that:


Only 28 percent of survey respondents from the finance sector admitted to risk and compliance failures. (As EIU points out, this is particularly worrying, considering the economic turmoil of the past 30 months, which has seen businesses across the spectrum under pressure to tighten their fiscal oversight mechanisms.)



Just 37 percent of respondents overall said that their organization has suffered from one or more significant risk or compliance failure in the past three years.


Most risk failures occur at the business unit level and are addressed in isolation. More than one-quarter of respondents said they fix the problem within the unit, deliberately out of sight of the wider organization.

The research also found that companies can reap significant performance benefits from adopting a more holistic approach to risk and compliance management. Among those polled, high-performing companies were more likely to have a consistent risk appetite across functions in the organization. Less than a third of those in the lower-performing group (those in the bottom 60 percent of their industry) offered the same assessment.

Clearly, companies need to fully appreciate the growing importance of an integrated approach to risk and compliance management. Then, they need to translate this increased awareness into action using strategies designed to help them comply with today's evolving risk and compliance landscape.

The report, Ascending the maturity curve: Effective management of enterprise risk and compliance, is available at www.businessresearch.eiu.com/ascending-maturity-curve.html.