The Risk Institute Releases Fourth Annual Survey on Integrated Risk Management

Data Reveals Risk Management Funding Growing, Opportunity to Improve Corporate Objectives

Columbus, Ohio – Today The Risk Institute at The Ohio State University Fisher College of Business, a leading risk-management research organization, reveals its Fourth Annual Survey on Integrated Risk Management. The report surveyed more than 500 financial, nonfinancial, public and private firms to understand how U.S. companies view the role of risk management, the influence of governance and culture and how risk impacts business decisions.

The data reveals 70% of firms have an integrated risk management unit and companies are
increasing funding for risk management, but the size of those units continues to decrease. Despite recognizing the need to invest in risk, firms are not investing in people. Among the other 2018 findings:

  • 60% of risk managers believe that artificial intelligence will play a role in risk management in the future.
  • 28% of firms surveyed have been victims of a cyber attack – a risk that continues to grow each year.
  • 55% of respondents do not use predictive analytics, and those that do have been using them for less than two years.
  • 44% expect to outsource some or all of their risk function.

Risk management policies play an increasingly critical role in a firm’s ability to create value and remain competitive. Both financial firms and nonfinancial firms reported that when they integrate risk management into business processes, they are able to improve corporate objectives.

“One of our key objectives at The Risk Institute is to create a greater understanding of how organizations can proactively leverage risk management to create shareholder value,” said Phil Renaud, Executive Director of the Risk Institute. “Volatility in the current economic and political environment, as well as cyber risk becoming a real threat to many firms, lead to a more vulnerable business environment, making the role of risk management more integral.”

To learn more about the Risk Institute and its Fourth Annual Survey on Integrated Risk Management, please visit: http://go.osu.edu/risksurvey

About the Risk Institute

The Risk Institute at The Ohio State University Fisher College of Business is a collection of forward-thinking companies and academics that provide effective risk management strategies to not only protect firms, but position firms to create growth and value. The Risk Institute helps members consider risk from all perspectives: legal, operational, strategic, reputational, talent, financial and many more. The Risk Institute operates at a unique intersection between faculty, students and professionals from a broad cross-section of industries. With a leading-edge approach to risk management, The Risk Institute creates a unique exchange for risk-centered conversations, ideas and strategies that can’t happen anywhere else.

 

-###-

Resilient By Design

In our interconnected, 21st century global economy, unexpected— black swan— events in one corner of the globe can have a ripple effect through global supply chains and impact customers like we have not seen in the history of global trade. In a January 24 session on supply chain resilience, we explored how companies who are prepared for such events can come out stronger and thrive, while others who may be less prepared or not at all, risk significant impact to revenue, brand and at the extreme, the very viability of the underlying business.

Session presenters included:

  • Joseph Fiksel, Executive Director of the Sustainable and Resilient Economy program at The Ohio State University and a faculty member in Integrated Systems Engineering. Dr. Fiksel is an international expert in sustainability and resilience with over 25 years experience in the space.
  • Keely Croxton, Associate Professor of Logistics at The Ohio State University. Dr. Croxton has a developed expertise in supply chain resilience, focused on helping companies balance their inherent vulnerabilities with their management capabilities in order to effectively mitigate disruptions in the supply chain.
  • Darrell Zavitz, Vice President (Retired) Shared Services/Supply Chain, The Dow Chemical Company. During his tenure with Dow, Darrell drove best practices into each of Dow’s businesses including Resilience, Six Sigma/Lean, and Network Design.

Between 1900 and 2010 global natural disasters have grown exponentially, arguably impacted by climate, global crowding and connectivity. With the frequency of black swan events accelerating, the traditional COSO Framework for Enterprise Risk Management (Objective Setting, Event Identification, Risk Assessment, Risk Response and Control Activities) is no longer a sufficient means to view the world.

Today, more than ever, risks cannot always be anticipated. The risks may be very hard to quantify and adaptation may be needed to remain competitive. Resilience strategies in turbulent times would suggest that a more comprehensive strategy to the abruptness of change and the magnitude of change is warranted.

Introducing SCRAM™

The SCRAM (Supply Chain Resilience Assessment & Management) Tool™ is based on more than a decade of research at The Ohio State University and was highlighted as an alternative framework allowing companies to focus on balancing vulnerabilities with capabilities. With this balance, a business will achieve balanced resilience and improved performance over time.

An ability to assess vulnerabilities and capabilities, look for gaps and build capabilities is at its basic level the key to building supply chain resilience. The more resilient a firm is, the less likely the firm will see swings in performance.

SCRAM™ in Action

The Dow Chemical Company began SCRAM implementation several years ago. Their focus on supply chain resilience and being agile drove a strategy shift. The project was in three phases:

  • Phase 1:   “Get Fit” | Manage the Cycle
  • Phase 2: “Change the Rules” | Dampen the Cycle
  • Phase 3: “Change the Game” | Break the Cycle.

The approach taken by Dow in its SCRAM implementation began with a rapid qualitative assessment. This included an electronic survey involving 30-40 business resources devoting an hour or so to the assessment. The SCRAM methodology was then used as a filter to prioritize and sequence business urgency (opportunity and commitment). Model those results and follow with and audit to value delivery.

Session Takeaways

  • Risk tolerance and resilience capabilities tend to change as companies grow.
  • Companies need to develop the right portfolio of capabilities to match the vulnerabilities they face.
  • Every disruption presents a learning opportunity.
  • A critical leadership requirement is to develop a culture of resilience in the organization.
  • To maximize return on investment, companies should design for inherent resilience.
  • Measuring and managing enterprise resilience is still an emerging field, ripe for collaboration between industry and academia.