Survey: Risk Management Often Marginalized

Risk management operations for financial sector companies are often not fully integrated with the rest of the business, according to a new study.

That finding was made in a survey of executives by PricewaterhouseCoopers and Economist Intelligence Unit, both based in New York.

According to the companies, respondents told them risk management has yet to deliver the full value they expect.

Survey findings indicate that risk management remains defined largely by regulation and not as a strategic discipline embedded throughout and across the business, the researchers said.

Their report warned that with focus on regulatory reforms such as Basel II and Sarbanes-Oxley waning, businesses could be left exposed.

The study, titled "Creating Value: Effective Risk Management in Financial Services," found that the risk management function, despite considerable investment, is often disengaged from the rest of the business.

Only 46 percent of respondents said there is astructured assessment of risk around strategy development, andjust 40 percent said risk management is formally involved inbudgeting and financial reporting.

Risk managers often are not involved in key business activities such as alliances and M&A, pricing, recruitment and compensation policies, those surveyed said.

Sixty-six percent of the 400 respondents said they believe that their organizations need to view risk management as a more strategic function in order to add greater value to their business.

Nearly a quarter of respondents were found to have increased their annual spending on risk management by more than 25 percent year over year for the past three years.

However, only half of the risk managers in the survey sample believed the function contributed substantially more value than it did three years ago. Even fewer executives in non-risk functions--23 percent--said there had been a substantial improvement.

"Even when directors of financial institutions insist on risk managers having their say, too little attention is paid to embedding risk managers in the individual businesses," said Shyam Venkat, a partner with PricewaterhouseCoopers.

Mr. Venkat added that this lack of attention "often makes it harder to get to grips with the intricacies of the business; it also slows down the speed with which risk officers can respond."

Among other the survey findings:

o Regulators have driven the risk management agenda in recent years.As a result, successful risk management is largely defined inregulatory terms.

o Seven percent of survey respondents believed that risk management is "very effective" at enablingmanagers to make better business decisions.

o Forty-seven percent of respondents believe that effectiverisk management burnishes their reputation with customers, while42 percent feel that it enhances their reputation among analystsand 32 percent think it improves their reputation amongshareholders.

o There are wide gaps between the risks that organizations find mostpressing and those that they manage most effectively. Respondents reported high levels of effectiveness for credit risk and market risk, but confidence levels dropped when it came to less traditional risk sources, such as business risk, risk to reputation and people risk.

The survey results did contain some promising news for risk managers. While survey respondents expect regulation to be the main driver of change for the risk function in the short term, more respondents expect risk management to play an increasingly important, strategic role over the next three years.

For risk management to contribute greater value, management needs to be engaged and committed, the firms said.