Mumbai: There exists a divide on the viewpoint of risk management amongst Indian organizations. According to the Deloitte ‘India Risk Survey 2018’, (44%) of businesses harness risks to find future opportunities and drive returns (a value focused approach) while others (36%) use risk management with an aim to drive compliance and prevent losses.
This insight further gets substantiated with the fact that Regulatory Risk (44%) still leads amongst the top 3 risk areas in India followed by Cyber Security Risk (31%) and Technology Disruption Risk (25%). The core reason for this trend is the fact that CXOs are considering regulatory compliance as a critical value protector exercise.
Interestingly, 3 years from now, there is an expected shift in the trend and Cyber Security (36%) takes the lead amongst the top 3 risks for businesses, followed by Technology Disruption risk (33%) and Regulatory Risks (31%).
“The changing trend demonstrates that with digital transformation, organizations will now need to redefine strategies as they become susceptible to multiple threats emerging through technology disruption. While there are no surprises on the top 3 risks, we believe that the volatility and complexity of each of these risk will continue to increase. This essentially means that there needs to be a shift from being risk averse to risk aware, with the power of innovation,” said Rohit Mahajan, President, Risk Advisory – Deloitte India.
With the changing dynamics and the speed of business delivery, there is a growing demand for a dedicated Chief Risk Officer (CRO) position, though 39% of the organizations mention that risk management is the responsibility of each business/function, and there is no separate CRO role.
“However, the survey results indicate a positive change in the industry where 64% of Indian organizations now have a designated CRO. The CRO not only mitigates crisis for a firm, but in turn transforms them into opportunities of business growth and stakeholder confidence,” added Mahajan.
Highlights of the survey:
* Top three risks for India Inc., both in present times and in a time span of 3 years from now, include Cyber Security Risk, Technology Disruptions Risk and Regulatory Risks;
– Current state shows that Regulatory risk (44%), Cyber Security risk (31%) and Technology Disruption risk (25%) feature among the top risks; however,
– 3 years from now, the order of precedence changes with Cyber Security risk (36%) taking the lead, followed by Technology Disruption risk (33%) and Regulatory risks (31%)
* Involvement of the Board and leadership
– Only 35% of the organizations had a high involvement of Board of Directors in Risk management. This shows that, even in the VUCA (Volatility, uncertainty, complexity and ambiguity) world, many organizations are traditionally conditioned to approach risks and risk management with a reactive attitude. This makes it essential that the Boards and the Management revisit their risk perception.
Acquiring and nurturing Risk Talent is an area of challenge for most businesses.
– 34% of the organisations surveyed had not reskilled their risk management team or moved personnel from business units into the risk management function to deal with the complex and rapidly changing business environment. Also, 40% of the organizations have less than 5 personnel as part of their risk teams.
* Having a well-defined risk strategy is the first step in risk mitigation.
However, our findings suggest that:
– 12% of the organizations did not have a well-defined risk management strategy and 27% of the organizations were unsure of their risk management strategy.
* Adoption of enablers in risk management programs:
– 32% of the organisations have low investment in automation;
– 34% of the organisations have low adoption of analytics;
– 34% of the organisations have not reskilled or staffed their risk management teams adequately.
* 44% of the respondents strongly consider harnessing risk to find future opportunities for the organization
Key Learning for Indian businesses:
1. Risk and opportunity – a duality
Effective Risk Management is as much about Value Creation (opportunity) as it is about Value Protection (mitigating risk). Having the optimum Risk Framework and associated processes is important for developing the capability to recognize such opportunities.
2. Right-skill the function
For Indian businesses, there is a clear need to attract professionals with diverse skills, as also retrain and upskill the existing risk professionals.
Organisations also need to consider the role of external experts – academia, professionals, and experts, as well as the internal business teams, to augment risk related capabilities.
3. Use technology to enable the risk function
Indian businesses must have their risk teams adopt and invest in technology and analytical tools as transformation to digital demands a strong tech-focused approach. Analytical tools can help businesses scan vast amounts of data and convert that into meaningful and actionable insights.
Deloitte India Risk Advisory surveyed over 100 C-Suite stakeholders covering Board level executives, CEOs, CFOs, CRO, Business Leaders, and Heads of Internal Audit in the Indian organisations belonging to a diverse set of industries that include both private companies and public companies with turnover ranging from less than Rs 500 crores (15%), Rs 500 – 2000 crores (23%), Rs 2000 – 7500 crores (22%), to more than Rs 7500 crores (40%). The respondents belonged to sectors including Consumer Business and Industrial Products (35%), Life Sciences & Healthcare (8%), Financial Services (16%), Government and Public Services (7%), Energy & Resources (5%) and Technology, Media and Telecom (29%) from different geographical locations.