Executives concerned about their organization's risk vulnerability

Internal Auditor, April, 2006 by D. Salierno

RISK MANAGEMENT MAY BE A HIGH PRIORITY FOR today's large companies, but many corporate leaders lack a high degree of confidence in their organization's abilities in this area, according to Protiviti Inc.'s latest U.S. Risk Barometer. Less than 40 percent of U.S. executives surveyed say their companies are "very effective" at identifying and managing all potentially significant risks that could negatively impact business, operational, or financial performance. Fifty-four percent of respondents acknowledge there is more they can do to identify, quantify, and manage the risks their organization faces. The survey, conducted in September 2005 by independent research firm Penn, Schoen and Berland Associates, includes responses from more than 75 Fortune 1,000 executives.

According to the research, companies are taking more risks, even though their executives are uncertain about whether these risks are managed effectively. Most respondents say the organization's overall level of risk has changed significantly during the past two years. Still, only 32 percent of executives say their company is very effective at balancing the need for control and protection of the organization with the need for new sources of growth and increased returns.

"One of the main factors affecting executives' confidence in their company's ability to manage risk is the absence of a common risk language and process to obtain agreement among key stakeholders as to the most critical risks to the execution of business strategy," says Jim DeLoach, managing director with Protiviti. "The pace of change continues to escalate in many industries, raising questions as to whether a given company's risk management capabilities are keeping pace. In addition, the regulatory environment has toughened, and executives are concerned that they are unaware of significant matters that could hurt their company's brand and reputation."

Respondents identified specific areas of vulnerability. Nearly half say weaknesses in the area of client satisfaction pose a very significant risk to their organization. Executives cite operating performance, materials procurement, business continuity, and fraud as risks that affect their organization's ability to sustain customer satisfaction. In addition, 45 percent see information systems and security as potentially vulnerable areas, and 43 percent are concerned with financial reporting and compliance with Section 404 of the U.S. Sarbanes-Oxley Act of 2002.

Less than 40 percent of the executives' firms currently deploy proven risk management practices enter-prisewide--38 percent have an enterprise risk assessment process, and 39 percent have established a common language and uniform standards for risk. Sixty-five percent of respondents indicate that their companies are planning to make changes to their risk management capabilities, such as implementing risk identification technologies and hiring staff with higher qualifications, during the next two years.

[ILLUSTRATION OMITTED]

More information on the U.S. Risk Barometer survey is available on Protiviti's Web site at www.protiviti.com.