Enterprise Risk Management&Governance: What’s the added value?

Precedente Successivo

The National Risk Manager Association, during its Annual Conference (#ANRA2014), analyzes the profession of risk managers in terms of good governance.

 Enterprise Risk Management&Governance:
What’s the added value?

The "Observatory on the Corporate Risk Manager’s role in Italy", promoted by ANRA and RiskGovernance - Politecnico di Milano, shows the identikit of the risk manager in Italian companies. He is a man in 87% out of 283 companies analyzed, with an average age of 50 years old and with a university education in Economics (24%) or engineering (16%). 40% of respondents are Chief Risk Officers and in 76% of cases they were recruited internally. Which are the most significant risks for the next 5 years? Those linked to internal processes (14%), credit risk (11%) and concentration (10%).

Milan, september 25 2014 – A corporate risk manager has to safeguard their own company and help coping with complex and critical markets. Over the years this figure has evolved and now covers different functions, converging business risks in a single overview.

This has been debated during the XV Annual Conference sponsored by ANRA, the National Association of Risk Managers and Officers Insurance Company, held on 25 and 26 September in Milan at Palazzo Lombardia. Other themes were governance and codes of conduct, solutions and tools for the Risk Manager, the measurement of risk, mergers and acquisitions, big data & cyber ​​risks,  Risk Manager and contracts, business continuity & supply chain, human capital management.

“The recent crisis has brought to the fore issues relating to risk management, especially in the financial and industrial sectors, highlighting the limitations of the systems used by companies in dealing with an increasingly globalized, dynamic and complex context – commented the President of ANRA, Paolo Rubini. Businesses and industries are reinventing their approach to risk management in order to remain competitive, moving towards integrated models. For this reason, together with ANRA, we want to promote a culture of good risk management and foster professional growth, with classes, events and surveys. Precisely for this reason, in our Annual Conference, along with researchers from RiskGovernance - Politecnico di Milano, we have promoted an analysis of the function of the risk manager in our country, which aims to assess how this figure is evolving in the Italian scenario. The result is a real identikit, where the male component is predominant, since that position is held by a man in 87% of the companies surveye,  with an average age of 50 years old,  a university education in Economics (24%) and a recruitment that occurs, in 76% of cases, within the company".

"As confirmed by the survey presented at the ANRA Conference, the presence of women in high-profile managerial position, including the role of risk manager, is actual only in a few countries, such as the Scandinavian ones - says Julia Graham, President of FERMA. Since my election as president of FERMA I have been considering as a matter of pride to create a "diversity agenda", just to make people understand how important it is to break the barriers of gender as well as to involve and form risk managers who can be distinguished by competence, merit and talent and not by gender”.

The first edition of the “Survey on the Corporate Risk Manager’s role in Italy", as well as collecting information and data relating to the company profile, meaning the size of the organization and the business sector, has its specific focus on the profile of risk managers: who they are, how did they start dealing with risk and what are their technical and managerial skills. Then we analyzed the risk manager’s functions, or how they positioned hierarchically and structurally in the organization and how they interact with the different parties involved. Then we tried to understand the integration of procedures for risk control and coordination among those who deal with them, the technological and human resources involved in the risk management process. We tried to understand the perception that the company has of the risk to which it is exposed and the importance of risk measurement activities and, finally, the main risks that the company will face over the following 5 years. Finally, we observed the contractual position of risk manager and his/her remuneration, with the determining variables that characterize the "mobile" part through MBO, typical of any business and industry.

"Evidences emerging from our analysis confirm the importance of the role of Risk Manager in Italian companies - says Marco Giorgino, Finance Professor and Director of RiskGovernance-Politecnico di Milano. This is an important figure, both in terms of  professional quality and relevance of seniority, that must combine a deep knowledge of the business and the mastery of risk management techniques and tools".

“The overview on risk management in Italy, as revealed by the  Observatory, shows both positive and negative aspects - says Barbara Monda, Coordinator and Deputy Director of the Observatory of RiskGovernance-Politecnico di Milano. It is interesting to notice how risk management is getting more and more integrated into business processes and how the CRO figure has gained a good level of independence, which stand as a sign of cultural maturity. It is still worrying, however, that  incentive systems almost tend to exclude risk parameters, and  push managers towards extreme economic performance "no matter what". From this point of view, we  still have a long way to go”.

Cross-section

The survey involves 283 companies, the majority of which are not listed (66%) and large-sized (the 55% of firms have a turnover of over 200 million and more than 62% of them have more than 1,000 employees). Many sectors are represented in the sample, with a prevalence of industrial companies (27%), followed by finance sector, banking and insurance (17%), Health (12%), Energy (10%), non-financial services (10%) , ICT / Telecommunications (8%).

For the 40% of participants risk management is up to the "Chief Risk Officer", while cases where the responsibility for risk management is entrusted to the CFO (8%), the CEO (7%) or the Insurance Manager are less frequent (4%). It should be noted, however, that 16% of companies say the don’t manage risks in a systematic way.

Risk Manager’s Profile

The risk manager is usually a man (87%), he is about 50 years old and has a university education in  Economics (24%) and Engineering (16%).

The 35% of the respondents held the position for over 10 years; the percentage of those who are in the role for over 10 years increases if we consider the role of the Insurance Manager only(57%), consistent with the historical evolution of the approach to risk management in the company. In 76% of cases, the risk manager has been recruited internally, primarily by control functions management / finance (17%).

Risk managers were asked about their personal skills, as well as technical and managerial skills, that are important for their position, which means that for this role it is important to be aware of problems, to have excellent communication and listening skills, and this is not surprising if you think that the corporate risk manager often is an internal consultant for other functions. The most important managerial skills are competence and the awareness of corporate strategy. As for the most helpful technical skills, we find the knowledge of models for risk analysis and models of risk transfer.

Img.1: Source: “Survey on the Corporate Risk Manager’s role in Italy” by ANRA and  RiskGovernance-Politecnico di Milano (I edition, september 2014).

Risk Manager’s Functions

In 38% of cases the hierarchical reference of the Risk Manager is the CEO / General Manager, followed by the CFO (24%) and the Board (19%). In the specific case of Finance sector, banks and insurance companies, on the other hand, the main reference for the CRO is mainly the Board of Directors (48%).

It also appears that the Risk Manager frequently collaborates and interacts with various functions, primarily with AD / DG, the CFO and the risk committee. The trend in the world of risk manager shows more horizontal integration with the Board of Directors, given the strategic nature of the risk; however, in 43% of companies in Italy the risk manager does not attend the meetings of the Board of Directors, in 33% of cases sporadically participates as a guest, and only in 24% of cases as a member for all purposes. Crossing this size with the sector, we note that those who participate as a member, belong mainly to the industrial, services and health sectors, while those who attend as guests work instead in the energy, finance and industry fields. Among those not participating there are many industrial companies. The industrial sector is then distributed among the three categories. Risk manager trainings offered to staff are mainly oriented to security, with a specific focus on changes in the regulations, and the dissemination of risk culture/awareness and prevention.

Risk managers’ intervention

The analysis shows that the 71% of companies have developed in-house standards for the risk management model, while there are few Italian companies adopting the reference framework and the choices are fairly frammenate (14% of respondents adopts the 'ISO 31000, 10% the COSO, 5% the Cobit).

In 58% of cases, risk management is highly centralized in the headquarters, in 29% of cases it is managed in branch offices, but in close collaboration with the headquarters, while only in 6% of cases it is run autonomously in remote locations (with or without periodic reporting to the headquarter).

The mapping and prioritization of risks usually (64%) happens on a corporate level, a choice that indicates the strategic importance that is attributed to risk, less frequently un a Country or Unit level. It should be noted, however, that 23% of the sample uses a structured methodology for risk analysis only for certain categories of risk, and not for all business risks, and that 7% conduct a risk analysis in a few BU. There’s a middle level integration of risk management into business processes: over 50% of the interviewed, in fact, has indicated an integration of grade 3 on a scale of 1 to 5,  the 32% indicated a integration grade 4 and only about 10% indicated a level of integration equal to 5.

In 45% of cases the process of risk analysis is repeated once a year, 13% every six months and 15% quarterly. The 27% of companies do not carry out such an analysis on a regular basis.

The corporate resources devoted to RM will remain the same for the 66% of respondents: a sign that many companies are not willing to make future investments in technology and skills. This is quite typical for Italian companies. Only the 28% of companies declares intentions to increase the resources for RM in the medium-long term. The 6% of firms, in contrast, will reduce the resources devoted to risk management over the next few years. It is interesting to note that, according to the sample, an effective risk management process helps increasing the value of the company, because it improves its control. In other words, risk management provides a valuable contribution to the corporate control process. The improvement of governance and operational performance are important factors as well. Regarding the main risks over the next five years, according to the respondents, the areas of greatest attention involve risks related to internal processes (14%), followed by credit risks (11%), concentration risks (10%), services (10%), human resources (8%), reputation and compliance (7%).

Img.2: Source: “Survey on the Corporate Risk Manager’s role in Italy” by ANRA and  RiskGovernance-Politecnico di Milano (I edition, september 2014).

Remuneration

The grading of the business risks manager is in 52% of cases theCEO and in 33% of  cases an executive officer. With regard to remuneration, the role of Risk Manager receives an annual salary of more than 100,000 euros in only 27% of cases, with average wages higher with increasing experience. The over-60, in fact, perceive, in 50% of cases, an annual salary of more than 100,000 euros. The 67% of companies expects a variable portion in the remuneration (MBO), mostly based on the achievements of economic and financial performance (49%) or qualitative parameters (27%), but only in the 11% of cases the performance involves rik parameters.

Img.3: Source: “Survey on the Corporate Risk Manager’s role in Italy” by ANRA and  RiskGovernance-Politecnico di Milano (I edition, september 2014).

ANRA

Since 1972 ANRA has been bringing together Risk Managers and Corporate Insurance Managers. Now the association has over 150 members and plays an important role in Italy, spreading the knowledge on corporate risk management and the most appropriate ways of insuring against it. ANRA represents both Risk Managers and Corporate Insurance Managers: the former monitors and examines all – that is, both ordinary and extraordinary - business-related risks; they share them with the company’s top managers and, once they’ve gained their approval, they’ll formulate a risk management operational plan. The latter, instead, lays out, implements and manages the company's insurance plan. ANRA is part of the IFRIMA (International Federation of Risk and Insurance Management Associations), an organization, whose activity can be traced back to 1930, that brings together several international risk management associations: it represents 23 organizations and 30 countries around the world. ANRA is registered with FERMA (Federation of European Risk Management Associations), an organization that currently brings together the national risk management associations belonging to 20 European countries. It represents over 4.800 professionals working in various fields, from industry to finance and health, for state or privately owned agencies, as well as for charities. 

RiskGovernance

RiskGovernance develops, within the Department of Management Engineering of Politecnico di Milano, research, training and consulting on risk management and Corportae Governance issues in the industrial, banking and insurance sectors. The main objectives are to provide tools that can support financial operators in their investment choices and guide enterprises in the construction of solutions in terms of corporate governance and risk management. In order to achieve this objective and to disseminate the results of research, RiskGovernance organizes both national and international seminars, conferences, debates, meetings; together with MIP - the business school of Politecnico di Milano, RiskGovernance offers refresher courses and advanced courses for entrepreneurs, managers and operators; it promotes collaboration between professionals and academics as well as publishing activities resulting from research activity. RiskGovernance also assists companies in finding customized solutions and the best strategies of RiskManagement and RiskGovernance, creating opportunities for corporate value growth. www.risk-governance.eu

Caricato il 24/09/2014

Organizzazione

ANRA

Allegati

Immagini

Settori