Even companies that do recognize the value of comprehensive risk management face considerable hurdles.
As one might expect from a company whose expertise is in information management, IBM Global Business Services essentially recommends standardization of information across the enterprise, specifically the following four measures: common data definitions, a standard Chart of Accounts, common information-gathering processes, and company mandated — as opposed to voluntary — standards.
IBM calls these four measures "the components of good governance" — but found that fewer than one in seven enterprises with more than $1 billion in annual revenue practices them. Companies that deploy these methods through what IBM terms Integrated Finance Organizations enjoyed revenue growth rates nearly double that of their industry competitors.
"Those who take control of their risk management in a formal and purposeful way are more likely to identify risk events faster, respond to them quicker, and prepare for them better," the IBM report concludes.
Deloitte also recommends centralizing information related to risk, warning CFOs about the pitfalls presented by a plethora of risk management programs in various business units or geographically based operations.
CFOs who are assigned responsibility for their companies' risk management programs might falsely assume that they have risk management covered with those plethora of programs. But once they examine those programs in detail, they often discover something akin to a Tower of Babel.
"That's where they find duplication and contradictions or a lack of a common risk management framework or infrastructure," said Henry Ristuccia, deputy managing partner of Deloitte's audit and enterprise risk services practice in the Northeast.
Ristuccia estimated that a centralized risk management program can save companies up to 30 percent, mainly in soft dollars, in risk management costs. But more important, he said, "By bringing these programs together, senior executives and the audit committee can get a much better understanding of the risks that really matter and what the organization can do to mitigate them."
Reader Comments» Post a comment