Australian organisations along with the rest of the world have issues when it comes to managing operational risk, according to the latest Deloitte survey of global financial services organisations.

This was confirmed by 70% of the Australian Chief Risk Officers and Senior Risk Managers in a spot poll of 50 top 100 ASX and government organisations last week. 

They rated their organisations as having insufficient risk training (58%), inadequate risk integration with normal management activities (65%) and not enough monitoring and reviewing of their risks (48%).

And as Deloitte’s global risk management survey, Accelerating Risk Management Practices also reveals, additional investment and management attention is needed.

Paul Franks, Deloitte Financial Services and Risk Advisory Partner said most respondents acknowledged that they have not yet created effective processes and systems to manage less traditional risks.

“Only 47 percent of the global sample considered their institutions to be very effective in managing risks associated with business continuity and IT security, rating only 43 percent each for operational and vendor risk, and 35 percent for geopolitical risk.” 

 “However when it comes to market, credit and liquidity risk, Australian financial institutions benchmarked well globally, rating their risk management processes as very effective (70 to 80%),” he said.

On the plus side Franks said most institutions have increased their focus on risk management and lifted the responsibility for risk management to the top of the organization, to board-level:

• the survey found that 70% of Boards have oversight over risk management, a healthy increase from the 59% reported in 2004 and the 57% in 2002
• the number of institutions with a Chief Risk Officer (CRO) reached to 84%, up from 81% in 2004, while another 8% said they plan to establish this position. 

Warren Green, leader of Deloitte’s Financial Services, said effective risk management is critical for financial institutions. 

“Expectations for financial institutions in this area continue to be driven not only by an increasing number of regulators, rating agencies, counterparties, investors and legislators but most importantly these risk management expectations are driven both by and for the customer,” Mr Green said.

“While progress in the area of risk management has been real, a great deal more could be done to achieve a comprehensive approach that truly identifies, assesses and manages the full range of risks financial services firms face.”

The global report’s authors surveyed CROs – or their equivalent – at 130 institutions across the world, focusing on the range of critical risk management issues facing financial services firms today. Institutions that participated were primarily commercial and retail banks, as well as diversified financial institutions.

The aggregate assets of those surveyed totalled nearly US$21 trillion.

Mr Franks said the progress in implementing enterprise risk management (ERM) programs illustrates ‘how far the industry had come’ and ‘what’s yet to achieved’ in risk management in the industry. 

Only 35% of executives reported that their institutions have implemented an ERM program, while almost a third, 32%, were in the process of establishing one. 

Other findings from the Australian poll reveal that data quality was an issue. Forty-one percent of the Australian sample did not think that risk management information is stored and reported in a way that is easy to work with and understand. Although 59% agree that the risk management process assists in making informed decisions and of those organisations with a risk management framework, 72% agree that is easy to understand and apply.

So for Australia the issues revolve around inadequate data storage and reporting, insufficient training, integration and culture change.

Where ERM programs have been created, they have yielded benefits roughly three-quarters of executives from companies with ERM initiatives said the total value of their programs had exceeded the costs. However, this assessment of value is largely qualitative. Only 22% of executives in the global survey said their institutions quantify the benefits of their ERM programs.

 Other findings of the global risk management survey included:

• more than 70% of executives reported that their firms had established formal enterprise-wide programs to implement Basel II. At the same time, many institutions still have significant work to do in reaching key Basel II qualification standards
• although more than 60% of executives reported that their institutions used value at risk (VaR) extensively for fixed income, foreign exchange, and equity, less than one-third said it was used extensively for a range of other instruments including asset-backed securities, structured products, credit derivatives, and energy products
• in the area of operational risk, only about one in four executives said their operational risk management systems were very capable in terms of reporting and data gathering, and more than two thirds said they were at least somewhat capable in those areas. Lagging behind were exposure calculations and scenario model building
• more than two-thirds of the executives reported increases in risk management expenditures over the last 24 months. In looking ahead, 30% of executives in North America foresaw substantial budget increases in this area during the coming 24 months.

“Institutions now confront a proliferation of more complex products, more volatile markets, increased regulatory scrutiny and external threats that include security breaches, natural disasters and geopolitics,” said Mr Green.

“In a challenging and changing risk environment, the bar on what constitutes effective risk management is constantly being raised.

“Most institutions have an unfinished agenda. Those that understand risk holistically – managing the full range of risks they confront – can strategically use risk-taking as a means to strengthen their competitive position and create value.”

Related links
Download Global risk management survey
Listen to Accelerating risk management practices podcast