Why multinationals should prepare better for key risks

Assessing and anticipating threats to the business is part of risk management at about 80% of large multinationals, according to a global Deloitte survey. But the survey also detected significant gaps in risk-sensing capabilities.

Respondents, which consisted of 155 companies with annual revenue of $1 billion or more, most often used their tools to anticipate financial risks (70%), compliance risks (66%), and operational risks (65%). Only 57% had a dedicated programme to detect and monitor strategic risks, which can affect competitive advantage, market position, and performance and tend to be the most important to senior executives.

The survey results also suggested that risk-sensing capabilities often lack technical depth and analytical sophistication, reside in narrow technical units, and fail to focus broadly enough.

“[Risk-sensing] capabilities often … leave the organization open to the very risks that risk sensing should be detecting and monitoring,” the Deloitte report concluded.

Almost two-thirds of the respondents in the Deloitte survey agreed that they have the right people to monitor, analyse, and act on risk-sensing data. But equipping the right people with the right tools is just as important, the report suggested. Those tools include equipment for data scanning and sensing, measurement, analysis, and visualisation.

The survey also found that the risks executive management are most concerned about are shifting from regulatory and reputation risks to risks associated with the pace of innovation, a shift that makes the perspective of outsiders, who are detached from management’s agendas, important.

The risk of highest concern was brand (44% of respondents) in 2012, regulatory (35%) in 2015, and is anticipated to be regulatory and the pace of innovation (30% each) in 2018.

Forty per cent of respondents agreed that outside parties, such as social media or ratings on websites, have more objectivity about risks than insiders.

To fill any gaps in their key risk-sensing capabilities, Deloitte suggested multinationals:

Identify strategic risks that should be monitored and the scope of the effort. Conduct working sessions with senior leaders and key stakeholders to identify, validate, and prioritise strategic risks. Agree on the risks and on the sector factors and potential industry disruptors to be monitored. Identify and define strategic risk indicators to be monitored, the metrics to be tracked, and the thresholds that will trigger communication, escalation, and countermeasures.

Define the elements required to enable strategic risk monitoring. Identify the resources best suited to analysing the key strategic risks, establish the data sources, and outline the workflows to analyse the key risks. Identify the most representative outputs and visualisation methods and designate who should have access to the outputs, and what actions they are expected to take.

Configure the platform to enable scanning, analysing, and tracking of strategic risks. Analyse the data within the established scope, draft initial insights, and enrich the findings by connecting them to sector trends, trends in related industries, and economic, marketplace, technology, regulatory, and other trends. Combine automated and human scanning and analytical capabilities and review the result with sector specialists and other relevant parties.

Continue monitoring the data sources and generating ongoing insights. Incorporate practical insights into strategic and business plans, taking into account the severity and impact of the risks, to make key decisions, such as product development or discontinuation, IT purchases, and whether to outsource, merge, or acquire. Make sure the models are applied consistently across the organisation and periodically reviewed and revised.

Related CGMA Magazine content:

“9 Ways to Reduce Risk by Embracing Innovation”: Focusing on unexpected successes and areas of strategic importance – and sometimes ignoring the customer – can help organisations survive competitive risks.

“How to Gather Risk Intelligence”: Risk management requires constant assessment of internal and external information. Here’s how it’s done at Siemens Wind Power in Denmark.

“Funding Radical Ideas”: Keith Goffin, a professor of innovation and new product development at Cranfield School of Management, explains the criteria by which management accountants should evaluate projects and drive innovation.

—Sabine Vollmer (svollmer@aicpa.org) is a CGMA Magazine senior editor.