Global risk management survey, ninth edition: Operating in the new normal
Published in: Business
Global risk management survey, ninth edition: Operating in the new normal from Deloitte United States
Transcript
- 1. Insights from the Global risk management survey, ninth edition Operating in the new normal: Increased regulation and heightened expectations Employed at 94%of responding institutions in the 2014 survey, the “three lines of defense” risk governance model has become very widely adopted. The prevalence of the CRO position continues to grow: 2014 2002 92% 65% 92%of 2014 respondents indicated their institution has an enterprise risk management program in place or is in the process of implementing one, up 33% since 2008. 92% 83% 59% 20142008 2012 75%of 2014 respondents reported that their institution has a written enterprise-level statement of risk appetite that has been approved by the board of directors, up from two-thirds in 2012. 85%of respondents reported that their board of directors regularly devotes more time to oversight of risk than it did two years ago. THE ERA OF SWEEPING REGULATORY CHANGE that began following the global financial crisis shows little sign of abating; across the financial services industry, regulatory requirements are becoming broader in scope and more stringent. Against this backdrop, financial institutions continue to make progress in many areas of risk governance and risk management . . . That said, our survey results also indicate a number of areas where challenges continue and continued close attention is warranted. Although up from 2012 results, it was somewhat surprising that ONLY 63% OF RESPONDENTS said their board of directors or board risk committee reviews incentive compensation plans to consider alignment of risk with rewards, particularly given regulators’ increased focus on conduct risk, risk culture, and ethical standards. 79%of respondents cited “increasing regulatory requirements and expectations” as being extremely challenging or very challenging. ONLY 60% OF RESPONDENTS said their boards of directors work to establish and embed the risk culture of the enterprise and promote open discussions regarding risk, while the remaining respondents said these were not among the board’s responsibilities. Although institutions are doing better in risk data and infrastructure than they were in 2012, significant work remains to be done to bring technology systems in line with stricter regulatory requirements for accurate, timely, consistent risk data aggregated across the enterprise. Percent reporting “effective/very effective”: Data management/ maintenance Data process architecture/ workflow logic Data controls/ checks 20% 39% 20142012 20142012 23% 35% 20142012 31% 33% © 2015. For information, contact Deloitte Touche Tohmatsu Limited. Graphic: Deloitte University Press | DUPress.com