Organisations across the globe, including in Asia-Pacific, are facing an increasingly complex and evolving risk landscape. The business environment is even more volatile because of cyberthreats and increasingly sophisticated technology.
PricewaterhouseCoopers conducted a study of these growing concerns in 2016 to see how companies are managing the risks and to find the prevailing trends. This article compares the key findings from Asia-Pacific with the global results.
The results show that more Asia-Pacific companies are moving their risk management activities back to their senior management and business units -- the first line of defence -- while increasing alignment across all three lines. Risk and compliance functions (the second line of defence) and internal audit (the third line of defence) remain critical to executing risk management effectively.
Most survey respondents in Asia have defined their risk appetite across a number of categories and take this into account when making business decisions. But Asian companies aren't necessarily managing risks more effectively, notably in the areas of regulatory and compliance risk (66% versus 70% overall) and environmental/sustainability risk (47% vs 49%).
It seems that a strong risk culture is lacking in many organisations in Asia. According to the survey, compulsory training in ethics and compliance for staff at all levels is seen less in Asian companies than in other parts of the world. Fewer Asian companies say that their leadership prioritises a risk culture that focuses on doing the right thing, and their staff are not updated on new or potential risks as frequently as they should be. Without a strong risk culture, these companies won't be able to build more effective risk management programmes.
When it comes to the role of the chief risk officer, 67% of CROs in Asia-Pacific agree that their company's senior management supports and understands the value of a strong risk management strategy. While that's a strong figure, it's lower than the global result.
Similarly, more than half of the Asia-Pacific CROs surveyed say their risk management team increasingly provides proactive advice and guidance for business functions. But again, the response trails behind the global total. These figures suggest that the opportunity is ripe for CROs in Asia to take a leading role in improving their company's overall approach to risk.
Digital platforms in today's business environment have become stalking grounds for cybercriminals. Asian respondents felt that their organisations cannot keep pace with firms overall in managing cybersecurity risks effectively.
Encouragingly, more Asian CROs are prioritising their responsibilities for collaborating with chief information officers, chief technology officers and business leaders to minimise cybersecurity risks in the next 18 months. Leadership from the C-level is the key to ensuring an effective approach to cybersecurity and risk management in general.
Today's business environment is different. It is more complex and more connected. And it poses both new and unknown risks for companies. But growing risks could also mean new and untapped opportunities. So companies need a comprehensive approach to risk management that enables people at every level of the organisation to systematically assess and respond to events or uncertainties that could reduce stakeholder value, as well as seize opportunities to improve performance and create value.
PwC's risk assurance services work with organisations every step of the way to create an integrated approach to risk and develop the resilience needed to succeed.
Written by Pongsak Achakulwisut, a partner in risk assurance at PwC Thailand. We welcome your comments at leadingtheway@th.pwc.com