Canada lagging in risk management approach when compared to global counterparts
Canadian businesses are lagging in their risk management approach and are more vulnerable to disruption when compared to their global counterparts, according to a report published by PwC Canada.
Managing risk from the front line revealed that 66% of Canadian respondents (vs 75% globally) had mandatory ethics and compliance training for all employees. When new risks emerge, less than 33% of Canadian businesses (vs 50% globally) reported periodic staff education about new or existing potential risks.
The report also found that future areas of risk and disruption for Canadian businesses will be in technology advancements (70% disruption predicted to 55% disruption globally), human capital (49% compared to 40%) and operations (37% to 26%).
While Canadian businesses acknowledged that a big part of addressing their vulnerability to risk can be accomplished by moving risk management to the 'front line', many business operations are keeping risk management at the 'second line' (risk management/compliance) or 'third line' of service (internal audit).Respondents indicated that a lack of sufficient resources (skilled people) is the primary factor in preventing a shift in risk management to the first line.
The report reiterates that risk management from the second and third line does not give upper management a clear understanding of their own vulnerabilities. This type of risk management structure has resulted in an inability to manage risks effectively and adapt over time.
"While Canadian businesses have made some progress when it comes to risk vulnerability, there is still a lot of work that needs to be done in order to catch up with their global competitors," said Kishan Dial, Partner, Risk Assurance, PwC Canada. "By moving risk management to the front line, the organization's leadership will obtain a greater understanding of the risks to their operations and enhance their capacity to manage risks in an agile and proactive way."
The report makes three key recommendations for addressing business vulnerability:
- Shift duties and assign responsibilities: Each line of service should have a defined role regarding risk decisions, monitoring, oversight and assessment of vulnerabilities.
- Define risk appetite: Organizations must define risk appetite and leverage the technical tools available to them, including aggregation tracking and reporting.
- Establish a risk reporting system: Reporting structures should enable the first line of service, but also require the second and third line to monitor the first line's effectiveness.
"In order to address current and future challenges, Canadian firms must commit to strong risk management structures and processes in order to excel in an ever-evolving economy of the future," adds Dial.