1 in 2 companies lack a risk management strategy
An international survey of more than 1,500 professionals conducted by DNV GL and the research institute GFK Eurisko shows that half of businesses lack a clear risk management strategy and only 43% set measurable risk control goals.
All organizations face factors that make it uncertain whether they will reach their goals. Risks that are not identified and managed properly may have a negative effect on companies and cause human, material, financial or reputational damage. While it is utopian to think that all risk factors can be controlled, companies that have a structured approach to risk management are better able to navigate troubled waters.
Compliance-driven
The survey shows that companies which have implemented a risk management strategy are primarily driven by a need for compliance (71%), company policy (64%) and demands from customers (63%). Half of the companies (55%) were motivated by financial benefits.
In daily operations, risk management was practised by 37% of board members, 46% of the top management teams and 40% of middle management. Larger companies with more than 1,000 employees naturally have a stronger focus on risk management than smaller organizations, with 77% stating they have a dedicated risk management team.
Several risk management standards, guidelines and frameworks exist in order to support the implementation of best practices in an organization. However, the survey indicates a low level of familiarity with these in that only 1 in 3 companies (36%) use at least one standard, guideline or framework (even partially).
Growing focus
However, companies are increasingly focusing on risk management and several report that this will play a crucial role in their overall business strategy and performance going forward. Of the companies surveyed, 45% plan to increase their investment in risk management over the next three years.
Most respondents (81%) think that basing their management systems on a structured risk management approach will bring added value to the organization and its stakeholders.
Luca Crisciotti, CEO of DNV GL - Business Assurance, comments:
“Leading organizations not only regard risk management as a necessity to manage threats or ensure compliance with rules and regulations. By being integrated with their overall business strategy, a proper risk management approach also enables them to detect upside risk and take advantage of business opportunities.”