OECD’s latest Economic Outlook, released on May 30, observes:
“the global economy is experiencing stronger growth, driven by a rebound in trade, higher investment, and buoyant job creation, and supported by very accommodative monetary policy. The pace of global expansion over the 2018-19 period is expected to hover near 4% … However, the Outlook also underlines that significant risks posed by trade tensions, financial market vulnerabilities, and rising oil prices loom large.“
Deloitte’s first-quarter 2018 CFO Signals survey of 155 CFOs of large North American companies found similar results. The CFOs’ assessments of the major global economies “hit new survey highs in the latest survey … But even with blue skies and forecasts calling for more sunshine, finance chiefs should be prepared for challenges that could get in the way of executing their organizations’ growth strategies and capitalizing on today’s buoyant conditions.”
Deloitte also reports, “One way boards are enhancing their risk oversight practices is by clarifying and formally approving the organization’s risk appetite, the aggregate level of risk that management is willing to take in pursuit of its strategy. As a first step, boards must also sign off on management’s strategy. Directors realize it is their role to oversee both risk appetite and strategy, but conversations linking the two are usually informal, if they happen at all. Moreover, the board’s understanding of risks, especially nonfinancial risks, is often more intuitive than explicit.”
The ISO 31000:2018 Risk Management Guidelines, which updates the 2009 guidelines, also highlights the new emphasis on “leadership by top management and the integration of risk management, starting with the governance of the organization and emphasis on the iterative nature of risk management, noting that new experiences, knowledge, and analysis can lead to a revision of process elements, actions, and controls at each stage of the process.”
Addressing risk management
Risk management solutions are used by companies to link their opportunities and business objectives to their risks. They can provide end-to-end capabilities for risk identification, analysis, monitoring, and reporting. Top management can have up-to-date information on the latest risk information while the iterative processes of risk activities are carried out. This way, risks aren’t just reported but are mitigated effectively with policies, controls, and other actions at the earliest possible stage. CFOs, chief risk officers, and other stakeholders can have better assurance that risks are managed with automated monitoring of key risk indicators.
Three lines of defense solutions help businesses manage risks more effectively by making business processes, controls, and fraud risks more transparent and efficient. They can automate end-to-end risk management processes, while compliance teams can automate policy management, controls, monitoring, testing, and so on. Internal audit can provide assurances that the strategy and investments in talent, digital transformation, and growth areas are protected and well managed.