Internal business changes intended to address dynamic market shifts have created a more complex risk landscape for businesses around the globe, according to a PricewaterhouseCooper (PwC) survey.
The report found that 84 percent of organizations surveyed said they plan to create a risk-aware culture, making risk management a priority for people at all levels of the organization.
Results indicated improving competencies is an important step in closing capability gaps, with survey respondents making or planning to make broader changes in the next 18 months. However, concerns remain.
For example, the survey suggested collaboration among the three lines of defense (business units, risk and compliance and internal audit) in identifying, monitoring and effectively managing critical risks is still not deep enough, with 60 percent of survey respondents concerned that a lack of collaboration could be exposing their company to capability gaps.
"Executives are working to close the capability gaps they’ve identified, and agree that close collaboration between risk-related functions is vital to ensure a shared view of business risks across the enterprise," Brian Schwartz, PwC’s U.S. risk assurance governance risk and compliance leader, said in a statement. "However, they may be missing a key issue - a sharp disconnect between top management and the risk and compliance functions. Not only are they disagreeing on the type and degree of key risks facing a company, but also about the organization’s capabilities."
PwC’s survey respondents reported being the most satisfied with their auditing non-financial performance (61 percent) and their risk identification, tracking and monitoring processes (60 percent).
"Continuing business transformation and the capability gaps created by heightened external and internal change make it urgent that organizations improve their risk management maturity. Risk management is about sustainability; making sure the odds favor the company’s survival. This means continuing to look forward and becoming ever more sensitive to emerging and complex risks," Simone said.
More than eight in 10 (82 percent) of respondents said they plan to develop processes to identify and monitor risks, including non-traditional risks, 79 percent plan to conduct more non-financial audits to ensure that emerging threats like cyber-security are being addressed, and 79 percent plan to integrate risk and business strategies, ensuring that risk is factored into all strategic decisions.
Becoming a "risk leader," or a risk-mature firm, involves creating a risk-aware culture and improving risk processes and skills by upgrading and leveraging risk tools and systems.
The report noted risk leaders have made significant progress in developing the capability to identify and track risks across the organization, conducting more non-financial audits and devoting more attention to monitoring emerging risks.
According to PwC’s survey, risk leaders are 59 percent more likely than others to be improving analytic tools, building an integrated risk data warehouse (52 percent) and upgrading regulatory and tracking systems (44 percent).