As compliance and operational risks come into greater focus within organizations, a new study revealed that over two-thirds of small and medium-sized businesses (SMBs) around the world now have a formal risk assessment process in place.
Overall, the companies surveyed by London-based consulting firm Nexia ranked compliance and operational risk as the most significant risks facing their businesses. Companies said they are least prepared to deal with social media, succession planning and natural or man-made disasters. Respondents also cited risks surrounding global expansion as a key area.
“Risk management has become critically important as businesses are challenged to remain competitive while grappling with uncertain operational and financial conditions,” said Glenn Davis, partner at Nexia International member firm CohnReznick LLP.
While two-thirds (67 percent) of companies reported that they have a formal risk assessment process in place, one-third (33 percent) rated these as only partially effective or lower. A high proportion (24 percent) of companies reported being only partially effective, and a further 19 percent ineffective, in their use of IT to mitigate risk.
The survey demonstrates active involvement of boards and owners in this process. They provide reasonable oversight and are largely engaged in discussions with the individual responsible for the risk management process. While companies review risk tolerances regularly, over half (57 percent) say they don’t review risk for criticality on a continuous basis.
“Regardless of the size of the entity, the risks are broadly the same, but the ramifications are much greater for small and mid-sized organizations,” Davis added.
Large businesses like financial institutions also putting more emphasis than ever on risk management and compliance. A Deloitte survey polled chief risk officers from 86 financial institutions, of which 65 percent of respondents stated that they have increased spending on risk management and compliance, which is an increase from 55 percent in 2010.
For more stories on risk management, check out InsideCounsel’s coverage below: