Risk and Capital: Staying Ahead
At first glance, the challenge of risk and capital management doesn’t appear to be anything new. But even the best finance organizations have had to rethink their approach to risk recently. The scope, complexity, and interdependencies of emerging issues call for a different approach, especially in situations where
- Business strategy or organizational structure has undergone a major shift
- Complex financial instruments add unexpected risks
- Organizations don’t have an adequate plan for preserving existing assets in the face of risk
- Organizations are unable to properly respond to risks that occurred in the past
- There is not an integrated, company-wide Enterprise Risk Management (ERM) framework
- Risk management is not driven from the top down
- There are no direct links between risk and value
Enterprise Risk Management is an integrated, comprehensive approach to risk management, addressing all major risk types: compliance, financial, hazard, operational, and strategic. Perhaps most importantly, it gives companies a clearer understanding of how much risk makes sense in light of key business goals and expected rewards, so that they can optimize their organization’s risk-reward profile without compromising value creation. That’s what Deloitte calls “risk intelligence.” And companies looking to make sense of the new business reality need it now more than ever.
Risk intelligence: the warning signs
There is no avoiding risk. Instead, you need a clear understanding of the risks your organization is facing at any given moment. Just as important, you need to know how much risk the organization is willing to endure in order to continue on its growth path while preserving and protecting its capital assets. And that’s not easy. Here are a few indicators for companies considering whether their risk profile matches their tolerance for risk:
- Disregard the potential impact of multiple risks converging
- Overemphasize probabilistic modeling and bypassing scenario planning
- Isolate risk managers into silos
- Dismiss those who warn of risk as naysayers
- Maintain a single-minded focus on making the quarterly numbers at the expense of long-term thinking
- Leave authority and responsibility for risk management poorly defined
- Focus risk management efforts on compliance rather than performance
- Implement new systems and processes without accounting for the impact on key challenges
The nine principles of risk intelligence
Risk intelligence sounds good, but what is it? Here are nine principles that define successful risk intelligence organizations.
- A common definition addressing value preservation and creation, used throughout the organization
- A common risk framework supported by standards
- Clearly defined roles, responsibilities, and authority for risk management
- A shared risk management infrastructure to support business units and functions
- Transparency and visibility into risk management practices for governing bodies such as boards and audit committees
- Executive ownership of risk programs
- Business unit-level responsibility for performance and risk management
- Strong support from key functions such as Finance and Legal in managing risk
- Objective assurance and risk monitoring from specific functions to support management and other governing bodies
Effective risk and capital management can help your organization in its efforts to:
- Improve your ability to anticipate and avoid important risk challenges
- Reduce the burden on business operations by standardizing risk management principles and language
- Assemble a more balanced, tailored portfolio of tools to protect capital assets, from hedges to insurance management and beyond
- Reduce the costs associated with risk management by improving the sharing of risk-related information and integrating existing risk management functions
- Assure important stakeholders that the full range of risks is understood and under control
- Know when your organization’s aggregate risk exposure exceeds its appetite for risk
- Integrate risk management with all management activities, from strategy development to performance management and day-to-day execution.
How Deloitte can help
Deloitte recognizes the importance of combining deep technology experience with practical business strategy. We offer an unmatched range of capabilities across consulting, financial advisory services, tax, and risk management worldwide. This integrated approach helps us understand how technology solutions targeting risk and capital can be designed and implemented to deliver even more value across our clients’ businesses.
Deloitte’s Responsive Finance services are designed to help organizations establish and implement a vision for risk intelligence. These services include a proprietary Risk Intelligence Program and a Risk and Control Knowledgebase (RACK). They can support everything from helping your organization determine its appetite for risk to identifying current and future risks, and creating and executing a plan that addresses these risks in the context of your business goals.
- SAP BusinessObjects Governance, Risk, and Compliance solutions
- Treasury and Risk Management
Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu and its member firms.