For more powerful risk insights, set the right tone

Start adding items to your reading lists:
Save this item to:
This item has been saved to your reading list.

Brian Schwartz Partner, Risk and Regulatory, PwC US

In our more than 120 interviews with board members and senior executives as part of PwC’s 2020 Global Risk Study the theme we heard repeatedly was that risk functions (internal audit, compliance, risk management, etc) have to collaborate - and do so in ways far more advanced than just communicating with each other and sharing information.

Why?  Because in our connected world, risks are more complex and interconnected.  Studying business risks only in silos, such as by risk function or business unit, can lead to less than full visibility to enterprise business risk and a lack of understanding of risk inter-relationships. Risk functions that want to provide their organizations with the strongest and most timely risk insights need to pool their collective risk intelligence to form the most comprehensive and sophisticated views.   

There’s work to do here. PwC research shows that just 27% of risk functions set an integrated tone for risk management. We all know it is not uncommon for senior executives to receive different insight on the same risks from different risk functions. How can those executives reconcile this piecemeal information to make the smartest risk-informed decisions? Splintered insights also have broader consequences: the board and senior executives may agree on the list of top risks to the organization, but their perspectives on a risk’s priority, its connectivity with other risks, and overall view on how well a risk is being managed and monitored may not align.

Boards and senior executives play a significant role in rectifying the above situation.  When these groups set a collaborative tone, and expect risk functions to collaborate, it naturally drives more interaction. If that leadership expectation is missing or unclear, risk functions should be proactive with management about the need for a collaborative tone at the top.  

Following the checklist below will help to ensure a collaborative tone and appropriate governance of risk management are in place.  When the tone is set, risk functions can work cohesively to provide the best risk insights to help protect business value, keep programs on track and enable strategies.

  1. Insist on a consolidated view of the company’s key business risks and overall risk profile.
  2. Expect the consolidated view on risk to be continually and proactively updated in a collaborative manner. 
  3. Enforce the use of a shared data model; and common risk assessment, issue management, and KRI frameworks in order to aggregate and report on risks in a comprehensive and coordinated manner. 
  4. Agree on collective risk priorities across the enterprise and risk landscape through robust discussions on where the company should focus its efforts.
  5. Clearly define an enterprise-wide risk appetite and related framework.
  6. Make sure risk appetite is understood across the leadership team, and used throughout the organization to make collaborative, intentional, and unified trade-off decisions. 
  7. Monitor risk aggregation to risk appetite and communicate the actions that need to be taken when “triggering” events occur that may increase risk beyond the organization’s risk appetite.

The goal of many organizations with more mature enterprise risk management programs is to make decisions which consider risk appetite across all risk categories and business units.  One asset management company we interviewed noted they make company-wide portfolio investment decisions based on balancing risk and risk appetite. These discussions and decisions are facilitated through committee meetings, and possible only because the company has spent significant time defining risk appetite, and developing comprehensive aggregated reporting driven by the CRO with input from the various business units.

When there is consolidation of risk insight and reconciliation of issues across the lines of defense a deeper and more comprehensive view is presented to senior executives and the board, which allows them to make smarter, risk-informed decisions. Tone at the top, and leadership direction on where priorities lie, push risk functions forward in collaborating on insights and gaining consensus on how operational governance over risk is, and should be executed. 

Look for additional blogs in this series to learn more about how risk functions are collaborating for stronger risk insights.


Contact us

Brian Schwartz

Brian Schwartz

Partner, Risk and Regulatory, PwC US

Mike Maali

Mike Maali

Partner, Risk and Regulatory, PwC US

Follow us