Risk investment levels closely linked to financial performance – Ernst & Young

A report released by Ernst & Young has identified that the level of risk investment can impact the financial performance of an organisation. The study identified that companies in the top 20 per cent of risk maturity, where maturity was defined by the number of risk management practices applied, generate three times the level of Earnings Before Interest, Taxes, Depreciation and Amortisation (EBITDA) as those in the bottom 20 per cent.

Ultimately, risk management is about changing the culture of the business

Previously, senior executives may not have perceived risk management as strategic to the enterprise, or lacked sufficient confidence in their ability to identify and address the risks that could impact the financial performance, or even the viability, of their organisation. This is no longer an option.

Commenting on the findings, Randall Miller, Ernst & Young Advisory Global Risk Leader said: “Making a move from being risk-averse to risk-ready may require a significant shift. Ultimately, risk management is about changing the culture of the business. It is about changing the lens through which leaders view the decisions they make.”

Using a global, quantitative survey (based on 576 interviews with companies from 16 countries and information from 2,750 analyst and company reports), the study assessed the maturity level of risk management practices versus financial performance.

The study identified the leading risk management practices that differentiated the various maturity levels, and organised them into specific risk components. The results revealed that while most organisations perform the basic elements of risk management, top performers do more; and certain risk practices were consistently present in the top performers:

For effective strategy and governance, proper oversight and accountability at the board and executive levels is critical. Ownership of risk throughout the organisation is also needed and at the management level, executives play a crucial role in assessing and managing risk.

Organisations that embed risk management practices into business planning and performance management are more likely to achieve strategic and operational objectives.

Conducting an enterprise risk assessment can help to prioritise and identify opportunities for improvement.

By aligning and coordinating risk activities across all risk and compliance functions, organisations can reduce their risk burden (overlap and redundancy), lower their total costs, expand coverage and drive efficiency.

By optimising controls around key business processes, harnessing automated versus manual controls and continuously monitoring critical controls and key performance indicators by leveraging GRC (Governance, Risk management and Compliance) software tools, organisations can improve performance and reduce the cost of controls spend.

Moving an organisation from being risk-averse to risk-ready requires executives who lead by example and tone-from-the-top support. For maximum benefit, regular and open communication with all stakeholders, third-party assurance and the leveraging of technology are required.

Paul van Kessel, Ernst & Young Advisory Global IT Risk and Assurance Leader said: “Companies that succeed in turning risk into results will create competitive advantage through more efficient deployment of scarce resources, better decision-making and reduced exposure to negative events. Now is the time for senior business executives to begin applying a broad ‘risk lens’ to the business.”