Sixth annual PwC report highlights growing risk areas, vulnerabilities and a mandate to share risk ownership
New York (April 12, 2017) – Almost 10 years after the 2008 financial crisis, risk management is evolving, shifting away from a purely protective mindset. In the old paradigm, risk was managed traditionally by the “second line” of defense in an organization. However, a new study from PwC US, “Risk in review: Managing risk from the front line,” finds leading companies are increasingly moving risk management decisions squarely in the purview of “first-line” business units. Companies doing this most effectively (“Front Liners”) are more likely to project higher revenues and profit growth. Yet this innovative group is in the minority: out of more than 1,500 executives across 30 industries surveyed, only 13 percent qualify as Front Liners.
Additionally, the report underscores an alarming paradox: although cybersecurity is identified as a universal growing risk, only 9 percent of respondents score highly on cyber risk maturity, suggesting many have not adopted leading practices to prepare them for online threats.
“The key to growth isn’t in avoiding risk; Front Liners make risk management a mandate for the board, the C-suite and perhaps most importantly, among crucial business unit decision-makers,” said Dean Simone, leader of PwC’s U.S. Risk Assurance practice. “This year’s survey tells us that leaders must make risk management a more collaborative, measurable and strategic function. We also see great alignment on the biggest growing risk factors, such as cybersecurity, but a lack of maturity in terms of preparing for and planning around the biggest risks facing executives today.”
According to PwC’s new survey, Front Liners are more likely than other respondents to effectively manage across all 12 surveyed risk areas: financial, regulatory and compliance, earnings and volatility, operational, reputational, strategic, environmental, cybersecurity, technology, human capital, third-party and culture and incentives. For example, among companies that have suffered a disruption due to operational risk, 63 percent of Front Liners reported recovering effectively versus 46 percent of other respondents.
The survey outlines five “Front Line” steps companies should consider taking to build a collaborative, effective risk management approach:
- Set a strong organizational tone focused on risk culture modeled and measured by leadership and the board.
- Align risk management with strategy at the point of decision-making so risk management is embedded into planning and tactical execution.
- Recalibrate the risk management program across all three lines of defense so that the first line owns business risk decision-making, the second line monitors the first, and the third line provides objective oversight.
- Implement a clearly defined risk appetite and framework across the organization.
- Develop risk reporting. Tracking risk is critical to keeping business decisions within the agreed risk appetite.
“The key to effective risk management is active engagement, placing responsibility for the various building blocks of an effective risk management program – strategic alignment, expertise, processes, assurance – with the line of defense that is best prepared to execute them,” added Jason Pett, U.S. Internal Audit, Compliance & Risk Management Solutions Leader at PwC. “Clarifying the function of each line of defense and collaborating closely between the lines also helps promote a free and welcomed flow of perspectives and ideas.”
To download a full copy of the report, along with additional related content, please visit: http://www.pwc.com/riskinreview
Click here to view PwC’s video “Managing risk from the front line: Why this can be key to greater risk resiliency and growth.”
About PwC’s Risk Assurance practice
PwC understands that significant risk is rarely confined to discrete areas within an organization. Rather, most significant risks have a wide-ranging impact across the organization. As a result, PwC’s Risk Assurance practice has developed a holistic approach to risk that helps to protect business, facilitate strategic decision-making and enhance efficiency. This approach is complemented by the extensive risk and controls technical knowledge and sector-specific experience of its Risk Assurance professionals. The end result is a risk solution tailored to the unique needs of the organization.
At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 157 countries with more than 223,000 people who are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting us at www.pwc.com.
PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.