How Risk Management Reporting Lines Impact its Efficacy
Although most risk executives report into the finance area, having them report elsewhere could be a more effective organizational alignment, according to the 2015 Excellence in Risk Management* survey.
The 2015 survey looked at how organizational alignment affects the execution of a risk management strategy. Among the findings, the survey showed 50% of respondents worked at companies where risk management departments reported into finance. However, those that reported elsewhere were generally better aligned with other strategic functions within their organizations — most notably in the areas of enterprise risk management (ERM), compliance, information technology (IT) risk management, privacy, and security.
Those that reported into finance also tended to expect less investment in risk management: 27% of the risk professionals reporting into the CFO or treasurer said they expect an increase in spending for training risk management staff, whereas 46% — nearly double — of those reporting elsewhere expect an increase.
Finance executives may benefit by giving these findings greater consideration. Does their primary focus on cost and finance limit the broader organizational value that risk management can provide? Do other functions (for example, legal) have more budgetary flexibility to invest in forward-thinking resources?
Finance executives should consider ways to facilitate greater collaboration among risk management and other departments across the enterprise to facilitate more strategic and comprehensive risk management.
SOLVING ALIGNMENT ISSUES
The survey looked at alignment across a number of areas in addition to reporting structure. And questions about alignment were also discussed in Excellence focus groups. The following table outlines some of the alignment issues raised by focus group participants.
|A metropolitan port authority||Priorities competing among business units||Worked with senior leadership to educate board and find alignment on organizational risk priorities|
|Health care company||Strategic risk not well integrated into the organization’s larger strategic business planning process||Gained a seat on the organization’s strategy development committee to help align risk management to business strategy|
|School district||Lack of consistency in the way risk were treated among the district’s schools was hurting its bottom line||Changed the culture at the operational level to align individual schools to overall policies|
|Auto industry manufacturer||Enterprise risk management program iterations were not working as desired||Continuously improved the ERM process to help foster buy-in and alignment|
|Financial services provider||Supplier risk management not optimized at operational level||Moved reporting to CRO to help better align risk management across the organization|
Clearly, how your risk management function is aligned within your organization can affect its efficacy. Rethinking reporting structures for risk management should be considered as a way to create a more risk-focused organization.