Deloitte Survey: While More Boards of Directors Responsible for Risk Management Oversight, Added Focus Needed on Less Traditional Risks

Enterprise Risk Management needs to be a major priority for Irish firms – wireless security found to be poor within Dublin business district

As risk management receives heightened scrutiny in financial institutions’ boardrooms, additional investment and management attention is needed, according to the fifth edition of Deloitte’s global risk management survey.

While executives at financial services firms rated their risk management processes as extremely or very effective in the areas of market, credit and liquidity risk (each between 70 and 80 percent), respondents acknowledge that they have not yet created effective processes and systems to manage less traditional risks. Only 47 percent considered their institution very effective in managing risks associated with business continuity/IT security, 43 percent each for operational and vendor risk, and 35 percent for geopolitical risk.

This occurs as more institutions increase their focus on risk management, by elevating the responsibility for risk management to the top of the organisation as a board-level oversight responsibility. The executives surveyed found that 70 percent of boardrooms now have this charge, an increase from the 59 percent reported in 2004 and 57 percent in 2002. In addition, the number of institutions with a chief risk officer (CRO) reached new heights, with 84 percent of institutions reporting that they now have a CRO in place, up from 81 percent in the 2004 survey, while another 8 percent said they plan to establish this position.

“Effective risk management is critical for financial institutions,” said Gerry Fitzpatrick, Enterprise Risk Services partner at Deloitte. “Expectations for financial institutions in this area continue to increase by an ever widening range of constituents including regulators, rating agencies, customers, counterparties, investors and legislators. While progress in the area of risk management has been real, a great deal more needs to be done to truly achieve a comprehensive approach that actively identifies, assesses and manages the full range of risks financial services firms face.”

Deloitte’s “Accelerating Risk Management Practices” report focused on the range of critical risk management issues facing financial services firms today. The report’s authors surveyed chief risk officers – or their equivalent – at 130 institutions across the globe. Institutions that participated were primarily commercial and retail banks, as well as diversified financial institutions; the aggregate assets of those surveyed totalled nearly $21 trillion.

The progress in implementing enterprise risk management programs illustrate both the progress and the remaining work to do in risk management in the industry. Only 35 percent of executives reported that their institutions had already implemented an Enterprise Risk Management (ERM) program, while almost a third (32 percent) are in the process of establishing one.

Where ERM programs have been created, they have yielded benefits— roughly three-quarters of executives from companies with ERM initiatives said the total value of their programs had exceeded the costs. However, this assessment of value is largely qualitative, as only 4 percent of executives said their institutions quantify the benefits of their ERM programs.

Commenting on the results of the survey, Colm McDonnell, Director, Enterprise Risk Services, Deloitte agreed that ERM programmes need to be prioritised in financial services companies in Ireland. “ERM is certainly becoming an increasingly important area for financial services companies in Ireland – and this is not a moment too soon. While carrying out a vulnerability assessment in Dublin late last year, Deloitte found 884 insecure wireless connections in the city centre. This means that potentially all information in companies with these insecure connections, including many financial services ones in the main business district of the city, is available to outside parties. The findings of this new global survey certainly re-iterate the importance of making security a top priority.”

Other findings from the global risk management survey include:

• More than 70 percent of executives reported that their firms had established formal enterprise-wide programs to implement Basel II. At the same time, many institutions still have significant work to do in reaching key Basel II qualification standards.
• Although more than 60 percent of executives reported that their institutions used value at risk (VaR) extensively for fixed income, foreign exchange, and equity, less than one-third said it was used extensively for a range of other instruments including asset-backed securities, structured products, credit derivatives, and energy products.
• In the area of operational risk, only about one in four executives said their operational risk management systems were very capable in terms of reporting and data gathering, and more than two thirds said they were at least somewhat capable in those areas. Lagging behind were exposure calculations and scenario model building.

“Institutions now confront a proliferation of more complex products, more volatile markets, increased regulatory scrutiny and external threats that include security breaches, natural disasters and geopolitical concerns,” said Gerry Fitzpatrick.

“In a challenging and changing risk environment, the bar on what constitutes effective risk management is constantly being raised. Most institutions have an unfinished agenda. Financial institutions that can understand risk holistically – managing the full range of risks they confront – can strategically use risk-taking as a means to strengthen their competitive position and create value,” concluded Fitzpatrick..

-- Ends --

About Deloitte

Deloitte Ireland is a world-class firm of expert business advisers, serving senior business leaders who are seeking to protect and create value in a complex, dynamic environment. Our objective is to help our clients succeed by anticipating tomorrow’s agenda with focused, insightful and fresh thinking borne out of our multidisciplinary strengths. We draw upon our specialist skills in audit, tax, consulting and financial advisory both within Ireland and across the Deloitte worldwide network. 

What’s different about Deloitte is our people, who focus on building long-term relationships and are determined to deliver measurable value for our clients’ business. With almost 900 people in Dublin, Cork and Limerick Deloitte is known as an employer of choice for our innovative human resources programmes and is dedicated to helping our clients and our people excel. 

'Deloitte' refers to Deloitte & Touche and any associated partnerships and companies established under the laws of Ireland. Deloitte is the Irish member firm of Deloitte Touche Tohmatsu. For more information, please visit the Irish member firm’s website at www.deloitte.com/ie.