In the wake of the worst global financial meltdown since the Great Depression, most corporations are turning the spotlight on their risk management practices and company culture. But, new research suggests that many enterprises have a long road ahead of them as they work to develop robust risk strategies and improve disclosure.
For instance, in a recent analysis of proxy statements from the Standard & Poor's (S&P) 500, filed in 2010, Deloitte found that only 22 percent cited that the company's chief executive officer had any involvement or responsibility for risk management.
What's more, Deloitte also discovered that among the 398 companies it studied:
Only one-third (34 percent) of companies disclosed that risk oversight and/or risk management were aligned with corporate strategy.
11 percent disclosed how the board is involved with regard to corporate risk appetite.
Five percent mentioned that the board has oversight with regard to corporate culture.
Just one percent of proxy statements noted the significance of tone at the top.
Although these results are somewhat discouraging to those of us who are keeping an eye on risk management policies and procedures, Deloitte expects that new federal legislation will help enhance risk management strategies and disclosure.
"New legislation not the smallest of which is the Dodd-Frank bill will change proxy disclosures, even if just for a small percent of corporate America, in the beginning," said Henry Ristuccia, partner, Deloitte & Touche LLP and U.S. leader of governance and risk management services. "While those new rules will affect the largest investment banks first, we often see a trickle-down effect when more highly regulated industries' practices become quickly adopted by other Risk Intelligent Enterprises."
As would be expected, regulations have a significant impact. Within Deloitte's analysis, industries with higher regulatory demands tended to more clearly disclose details on board members and C-suite executives' involvement in overseeing and managing risk. Financial services company disclosures were four times more likely than average to have a separate risk committee on its board (16 percent), nearly three times more likely to mention a chief risk officer (31 percent), twice as likely to separately address reputational risk (30 percent) and twice as likely to mention board oversight with regard to corporate culture (10 percent). Energy and resources firms were nearly twice as likely to disclose the presence of a management level risk management committee (36 percent).