La Implementación De Instrumentos Derivados En El Uruguay

The future of risk

Protecting and enabling performance

Contents

Introduction .............................................................................. 1

The risk landscape is changing .................................................. 2

Maturing of risk management practices .................................... 4

Recognizing opportunities ......................................................... 6

Focus areas for improvement .................................................... 8

An improved future state of risk ............................................. 10

Summary ................................................................................ 13

Survey approach ..................................................................... 14

Contacts ................................................................................. 16

The future of risk: Protecting and enabling performance 1

Introduction

Albeit painful, progress ultimately results from crisis. The

current downturn is causing companies to challenge their risk

management processes and ask how they can further improve

their risk management efforts. Against this backdrop, we

conducted a survey to provide a snapshot of the current risk

environment and to understand organizational attitudes toward

enterprise risk management. We were also interested in

understanding how recent events have impacted approaches to

risk management and organizations’ abilities to identify and

manage different types of risk. Never has there been a more

critical time to defi ne a path forward for the “future of risk.”

We believe that the recent economic challenges were, in part, more

diffi cult to predict and manage due to the increasing complexity of

risk management processes. Over the past few decades, the number

of risk management functions has grown to the point where most

large companies have seven or more separate risk functions — not

counting their independent fi nancial auditor. This has created

ineffi ciencies and resulted in a degree of fatigue on the business.

As the number of risk functions increases, coordination becomes

more diffi cult and often results in coverage gaps and overlapping

responsibilities. The demands and various reporting requirements

placed on the business by these risk functions can become signifi cant

and burdensome. The number of risk functions and the various

communications from these functions can be a challenge for

executives and the board of directors to manage and understand.

As complexity has increased, so has company spending on risk

management. Based on a previous survey we conducted last year

of Fortune 1000 companies, we estimate that the average company

spends about 4% of revenue on risk management activities.

Considering the events of the past 12 months, it is not surprising

that 96% of our recent survey respondents believe that their risk

management programs could be improved. Furthermore, only 1%

of companies intend to reduce their risk management resources.

Given the current cost-conscious mentality, the fact that nearly all

companies want to improve their risk management efforts and intend

to maintain or increase their current levels of investment underscores

the growing awareness of the value of sound risk management.

Moreover, 46% agreed that committing more resources to risk

management would help to create a competitive advantage.

Clearly, organizations recognize the importance of risk

management. Leading organizations acknowledge that risk

management is more than simply protecting existing assets; it is

also about enabling performance to create future value.

However, the reality is that most risk functions will be asked to do

more with the same or limited additional resources. There is a

strong drive to improve risk coverage through better use of existing

resources and to deliver more value from their respective

functions. The challenge for most organizations will be to fi nd

increased effi ciencies in the way their risk management functions

operate and defi ne the improvements that create the greatest

value. We believe the answer to these challenges can be found by

carefully considering how best to balance risk, cost and value

across the enterprise. Companies that effectively address this

challenge are more likely to outperform their competitors.

We believe the answer to these

challenges can be found by

carefully considering how to

balance risk, cost and value

across the enterprise.

Risk Value

Cost

2 The future of risk: Protecting and enabling performance

The risk landscape is changing

Risk management priorities continue to shift in the wake of global

economic challenges. Some organizations have been faced with

fi nancial crisis. In response, they are intensifying efforts to manage

costs and improve performance. Fifty-two percent of our respondents

indicated that their fi nancial risks have increased during the past

12 months; 42% said that strategic risk has increased; 40% believe

their compliance risks have increased; and 39% indicated their

operational risks have increased. Very few organizations indicated

a decrease in any of the four risk areas. Eighteen months ago,

few organizations would have placed fi nancial risk at the top of

their list or anticipated that it would increase at the current pace.

The question organizations face now is, “Do our risk management

efforts help us understand which risks will emerge in the next

12 months?”

Significant

increase Increase No change Decrease Significant

decrease

Overall compliance risk

5 34 49 12

Overall strategic risk

4 36 47 11

Overall operational risk

4 38 46 12

Overall financial risk 9 43 39 7 2

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

2

Over the past 12 months how has risk increased or decreased for your organization in the following

risk areas?

The future of risk: Protecting and enabling performance 3

Organizations have recently been criticized for their limited views

on possible sources of risk, their inability to anticipate the impact

of risks or their slowness to respond to risks. We asked respondents

to indicate how effective their organizations are at managing each

of four key risk areas: fi nancial, strategic, compliance and operational.

Respondents were more comfortable with their effectiveness in

managing compliance and fi nancial risks than they were with their

capabilities in managing strategic and operational risks.

We believe this refl ects a historical focus on compliance and

fi nancial risks, which we expected based on traditional investments

in internal control and risk management. This is further validated

by our experience, which indicates that companies do not have a

comprehensive plan to identify and address all key risks across

their organization. We also fi nd it is common for companies to have

a higher level of confi dence in their ability to effectively manage

risk than their risk activities would suggest.

Leading organizations have expanded the scope of their risk

assessment efforts by scanning the broader business environment

to identify emerging risks. Through more comprehensive risk

assessments, these organizations are examining their entire value

chain — including suppliers, customers, competitors, business

partners and key stakeholders — to defi ne emerging risks and

identify opportunities.

Key risk areas

Financial risks

• Accounting and reporting

(e.g., accounting, reporting,

internal controls)

• Market (e.g., interest rate,

currency)

• Liquidity and credit (e.g., cash

management, hedging)

• Tax (e.g., tax strategy and

planning, indirect taxes,

transfer pricing)

• Capital structure (e.g., debt,

equity, options)

Strategic risks

• Planning and resource allocation

(e.g., organization structure,

strategy, budgeting)

• Communications and investor

relations (e.g., media, investor

and employee communications)

• Major initiatives and capital

programs (e.g., vision, planning,

execution, monitoring)

• Competitive market dynamics

(e.g., competitive pricing)

• Mergers, acquisitions and

divestitures (e.g., valuation,

due diligence, integration)

• Macro-market dynamics (e.g.,

economic, social, political)

Compliance risks

• Governance (e.g., board,

tone at the top)

• Regulatory (e.g., labor, safety,

trade/customs)

• Legal (e.g., contracts,

intellectual property)

• Code of conduct

(e.g., ethics, fraud)

Operational risks

• Information technology

(e.g., IT management, security,

availability)

...