Executives today face many challenges to their businesses, from uncertain economic growth to the speed of technological change. Add the clear and present risks of cyberattacks, changing customer behaviors, and you have a landscape in which the first-line owners of risk must also take the lead in managing that risk.
When the first line is in the driver’s seat for risk decision-making, companies report a more rigorous approach to determining risk appetite and tolerance, along with better overall risk management effectiveness – and, they’re more likely to expect revenue and profit margin growth.
Statistical history illustrates the move toward collaborative, business-led risk management: In comparing Risk in review survey results from 2017 and 2015, we see ownership and management of risk by the second line of defense flat or trending downward across 7 of the 11 risk areas we surveyed in both years. Meanwhile, ownership and management of risk by the first line trended upward in 5 of 11 areas.
For example: Particularly large changes occurred in the management of operational risk, where 50% of respondents reported managing from the first line, versus 43% in 2015.
“After nearly 15 years of SOX experience, and with the financial crisis of 2007–09 receding further in the rearview mirror, companies are evolving their risk efforts to meet the needs of their current environment.”
This shift is timely. For more than a decade, many companies’ risk management efforts functioned primarily as compliance exercises aligned with the requirements of the Sarbanes-Oxley (SOX) and Dodd-Frank acts. These efforts naturally elevated the positions of chief risk officers and audit leaders in the overall risk management hierarchy.
While shifting decision-making to the first line may register as a threat to second-line leaders, it in fact represents an opportunity. By aligning all lines of defense within a closely collaborative, strategic framework, business-led risk management allows the second and third lines to sharpen their focus and become true partners in creating value for the enterprise.
Our Front Liner companies are more likely than respondents overall to take a rigorous approach to risk management, leveraging a clearly defined risk appetite and leading practices.
Effective risk management execution requires buy-in across the organization, with the first line ensuring that risk management aligns with strategy and that the second and third lines of defense get the resources they need to support risk management throughout the company. Survey results from our leading Front Liner companies indicate that this type of business-led approach supports more effective risk management and more robust revenue and profit margin growth.
As a group, Front Liners are also more likely than other respondents to say they manage effectively across all areas of risk on which we surveyed.
The differences are stark.
GRC Technology Enablement Leader, Financial Services Internal Audit, Compliance and Risk Management Solutions Leader
Tel: +1 (202) 729 1627
Global Risk Assurance Leader
Tel: (+852) 2289 2316