Upper management lacks a clear view of the company’s vulnerabilities.
TORONTO — Despite all the disruption to business, Canadian companies lag their global counterparts in the management of risks.
A report issued by advisory firm PwC Canada says 66% of Canadian respondents (versus 75% globally) have mandatory ethics and compliance training for all employees. When new risks emerge, less than 33% (50% globally) report periodic staff education.
Future areas of risk and disruption for Canadian businesses will be in technology advancements (70% compared to 55% globally), human capital (49% versus 40%) and operations (37% versus 26%).
Addressing risk can be accomplished by moving its management to the front line, but the report notes many businesses hold it at the second line (risk management/compliance) or third line (internal audit). This denies upper management a clear view of vulnerabilities, which impairs the company’s ability to manage risks effectively and adapt over time.
The primary reason for not moving risk to the front line? A lack of skilled people.
The report offers three recommendations:
1. Shift duties and assign responsibilities. Give each line of service a defined role regarding risk decisions, monitoring, oversight and assessment of vulnerabilities.
2. Define risk appetite. Define risk appetite and leverage the available technical tools, including aggregation tracking and reporting.
3. Establish a risk reporting system. Reporting structures should enable the first line of service, but also require the second and third line to monitor the first line’s effectiveness.
Click here for a copy of the report.