Chief risk officers will need to keep close watch on seven key risk management issues this year, says KPMG LLP.
The firm has identified seven key strategic, operational, and external risk areas that should top CROs’ risk management agendas this year:
1. IT risk management: The increase in tech risk has caused many IT organizations to establish information technology risk management functions. These manage and monitor tech risks so companies can anticipate and avoid problems.
2. Third-party-risk management: As the role of third parties in business has grown, companies are challenged to identify which of these ones put them at risk. KPMG believes that CROs should help to vet third parties and help identify those that need to be monitored closely both during the onboarding process and on a continuous basis.
3. Fraud and misconduct: Companies should continue to monitor the activities of employees, vendors, and third parties to detect and, wherever possible, prevent financial fraud or employee misconduct that can result in financial losses and damaged reputations. Indications of collusive behavior should be of special concern to CROs.
4. Crisis management: CROs should ensure that their companies place a strong emphasis on scenario planning, holding workshops and developing documented plans to prepare for and respond to potential crises such as cyber intrusions; regulatory scrutiny or investigations; compliance challenges; litigation; or workplace violence. On-call arrangements for expert assistance should be in place.
5. Data security: Data and critical processes cross many organizational boundaries, including customer self-service, strategic sourcing, supply chain integration, business partnerships, and technology enhancement. Being able to understand risk, not just at the technology infrastructure or data levels, but also at the business process level, is critical.
6. Achieving compliance program effectiveness: The growing number of regulations affect every facet of a company’s operations and are implemented and enforced by an array of agencies worldwide. In this environment, companies need to anticipate regulations before they are implemented and plan for them under the leadership of the CRO and the chief compliance officer.
7. Improving risk data aggregation and reporting: As regulatory requirements become more stringent, and the demand for risk data aggregation and improved data quality increases, it is essential that CROs concentrate on improving risk reporting, particularly within the financial services sector. Such improvement involves enhanced report content and the automation of real-time information collection.
The ability to identify risk exposure across entire organizations and geographies and the capacity to understand its concentration risk and counterparty risk from a business perspective is imperative.