2017 Risk in review study
Explore the clear and ongoing shift in the ownership of risk management to the front line...and why this can be the key to greater organizational resiliency and growth.
It’s almost been a decade since the 2008 global financial crisis and its aftermath forced companies into a defensive risk management posture, pulling responsibilities back from the business to the second line of defense as they fought to weather the storm. Faced with the new challenges of today’s complex risk environment however, the tide is shifting once again.
This is our message for the 2017 PwC Risk in review survey.
Today, a collaborative approach to risk management with risk accountability sitting squarely in the first line of defense can be the key to greater organizational resiliency and growth. That means:
Across twelve risk areas we surveyed, respondents said their companies’
risks were currently owned and managed either collaboratively between the
1st and 2nd line functions (8 of 12 areas) or solely by 1st line teams (4 of 12 areas).
In all, nearly two thirds (63%) of our respondents said shifting more risk
management responsibilities to the front line makes their companies better at
anticipating and mitigating risk events. Furthermore, within the next three
years, 46% of respondents indicated plans to further this shift.
“A management ecosystem led from the front line and fostering collaboration and shared accountability across the three lines of defense positions companies to effectively meet the challenges of today’s risk landscape.”
One group of respondents – we call them "Front Liners" – expressed far greater confidence that a program led from the front line is effective in managing most risk areas, both within individual risk areas and across the risk spectrum. At these Front Liner companies, which represent about 13% of our survey sample, the first line of defense has clear ownership of business risk and leverages that accountability for decision-making.
These companies back up their confidence with proven methods for effective management of risk: They’re more likely than overall respondents to budget adequately for risk management, leverage a defined risk appetite framework, utilize technology to aggregate risk across the organization, and focus on creating a strong risk culture.
Compared with overall respondents, Front Liners are more likely to expect revenue and profit margin growth over the next two years. And while no less prone to disruption than other companies, Front Liners are quicker to bounce back from adverse risk events.
Effective first-line leadership of risk management does not mean a minimization of the role and impact of second-line risk management and compliance functions. Instead, it is a natural consequence of the drive to mainline risk awareness and responsibility throughout company culture and create an optimally effective risk ecosystem. Rather than managing risks in a vacuum.
Front Liners push a collaborative approach that brings together all three lines of defense to execute risk management strategically and effectively.
The connection between effective, strategically aligned risk management and better financial performance has been evident in the results of our past Risk in review surveys, so it is not surprising that this year’s results suggest that managing risk from the first line of defense translates to improved performance metrics.
Through its alignment of strategy, risk ownership, and decision-making, a risk management program led by the first line automatically becomes more strategic and proactive rather than protective and reactive, contributing to strong revenue and profit growth, expanding market share, lower employee turnover, and greater ability to withstand disruption.
US, Asia-Pacific, and Americas Cluster Risk Assurance Leader
Tel: +1 (267) 330 2070
GRC Technology Enablement Leader, Financial Services Internal Audit, Compliance and Risk Management Solutions Leader
Tel: +1 (202) 729 1627
Internal Audit, Compliance & Risk Management Solutions Leader
Tel: +1 (410) 659 3380
Trust and Transparency Solutions Leader
Tel: +1 (973) 236 4902
Global Cybersecurity and Privacy Assurance Leader
Tel: +1 (646) 471 7779
Advanced Risk and Compliance Analytics Solutions Leader
Tel: +1 (646) 471 5383
Global Risk Assurance Leader
Tel: (+852) 2289 2316