home | my account | join | sponsorship | about | press | contact | jobs at FEI | financial executive

Welcome to Financial Executives International, the preeminent association for CFOs and other senior finance executives. FEI provides
networking, advocacy and timely updates and CPE on financial management and reporting; Sarbanes-Oxley Act compliance; regulatory updates
from the SEC, FASB, PCAOB and IASB; as well as career management and executive-level and other finance & accounting jobs.
chapters

Large U.S. Companies Improve Risk Management

[print version]

Large U.S. Companies Getting Better at Managing Risks According to New Protiviti U.S. Risk Barometer

Nearly half of companies rate themselves “not very effective,” not using risk management best practices

 Access the full report

MENLO PARK, Calif., Aug. 7, 2007 – Large U.S. companies have improved their ability to identify and manage potentially critical business risks, according to the 2007 U.S. Risk Barometer study released today by Protiviti Inc. However, there is still substantial room for improvement, the Protiviti report shows. Nearly half of executives rated their organizations less than “very effective” at identifying and managing significant risks, leaving them vulnerable to unanticipated losses, reduced productivity and business disruptions. 

“With all the attention today on GRC [governance, risk management and compliance], the results of the Risk Barometer can provide companies with insight about how their risk capabilities and appetites stand compared to the Fortune 1000 and 2000 companies in Protiviti’s study,” said Everett Gibbs, managing director and chairman of Protiviti’s operating committee. “The good news is that 53 percent of companies surveyed perceive themselves to be ‘very effective’ at managing risk. The not-so-good news is that 47 percent of large companies, by their own admission, are still below par in managing their risks. This should be a wake-up call to senior management, the board and investors.”

“There has been a 15 percent increase in the percentage of companies managing risk very effectively since our 2006 U.S. Risk Barometer, yet a high percentage of companies have significant room for improvement to protect and enhance enterprise value,” added Gibbs. 

The Top Risks Keeping Executives Awake at Night

The 2007 U.S. Risk Barometer study, which surveyed 150 senior-level executives (half of whom were CEOs or CFOs) divided equally between Fortune 1000 and Fortune 2000 companies, found that competitor risk is viewed as the top risk to these organizations. Additionally, customer satisfaction, the regulatory environment, information systems and IT security, and changing markets make up the first five of the top ten risks as determined by the study.

While competitor risk ranked highest overall, the Risk Barometer study found the top risk varied by industry groupings:

  • Manufacturing, distribution and technology – Competitor
  • Financial services and real estate – Financial markets
  • Healthcare and life sciences – Regulatory environment
  • Media, hospitality and services – Customer satisfaction
  • Consumer products and retail – Competitor
  • Energy and utilities – Regulatory environment

 “Having now completed three years of Sarbanes-Oxley compliance, it’s increasingly clear that the largest U.S. companies are finally focusing on other risks beyond regulatory and compliance-related issues,” said James Pajakowski, managing director and Protiviti’s leader of Business Risk Solutions.

Shift Seen in Benefits of Risk Management

Survey results show executives’ appreciation of the potential organizational impact of better risk management. In Protiviti’s 2006 U.S. Risk Barometer study, lower insurance premiums were the top-ranked benefit of risk management; however, this year, “quicker identification of risk” was the most oft-cited benefit, followed closely by “better risk information and measures,” and “improvements in process performance.” 

According to Pajakowski, “The timely identification of risk, use of risk metrics and monitoring, and a sharper focus on improving business performance provide a more compelling value proposition with C-level executives.”

Change is on the Horizon

Among companies that rated themselves as “not very effective,” 77 percent are planning at least some changes to their risk management capabilities over the next two years, and 14 percent plan significant changes.  Nearly half of the “not very effective” companies noted that a single event prompted the decision to change. This finding is important because it implies an ad hoc, reactive state for companies lacking high confidence in their risk management capabilities. 

In comparison, among companies rating themselves “very effective” in risk management, few indicated that a single event prompted change.  “Companies with a more sophisticated risk management infrastructure are anticipatory and therefore less apt to be caught off guard by new developments. This ultimately gives them a competitive edge,” noted Pajakowski.

Blueprint for Improvement

The responses of organizations rating themselves to be “very effective” at identifying and managing all potentially significant risks provide a blueprint for enhancing risk management capabilities. According to the survey, these top performers are more likely to utilize the following risk management best practices:

  • Formally integrate risk assessment processes and risk responses with the activities of the business planning and strategy-setting processes.
  • Formally integrate risk assessment processes and risk responses with the activities of the business planning and strategy-setting processes
  • Quantify risk and evaluate their risk profile.
  • Assign to a Chief Risk Officer (or an equivalent executive) the primary responsibility for coordinating risk management policy, executing and reporting.

Protiviti’s 2007 U.S. Risk Barometer survey was conducted by the Corporate Research Group of Penn, Schoen & Berland, a research-based communications firm that conducts quantitative and qualitative research nationwide.

About Protiviti
Protiviti (www.protiviti.com) is a leading provider of independent risk consulting and internal audit services.  The company provides consulting and advisory services to help clients identify, assess, measure and manage financial, operational and technology-related risks encountered in their industries, and assists in the implementation of the processes and controls to enable their continued monitoring.  Protiviti also offers a full spectrum of internal audit services to assist management and directors with their internal audit functions, including full outsourcing, co-sourcing, technology and tool implementation, and quality assessment and readiness reviews.
Protiviti, which has 60 locations in the Americas, Asia-Pacific and Europe, is a wholly owned subsidiary of Robert Half International Inc. (NYSE symbol: RHI).  Founded in 1948, Robert Half International is a member of the S&P 500 index.

[print version]

  • Protiviti_2007 US Risk Barometer

networking, knowledge, advocacy & leadership