Since we started developing the Risk-Based Performance Management approach, back in late 2006/07, we have been consistently saying that the way the financial services sector manages both strategy execution and risk management needs to be improved.
Now Corven Consulting has released a research report that found Banks are 20 years behind the aviation industry in managing risk. This finding and other key points from the report, below simply reinforce our belief that there is significant room for improvement in strategy execution and risk management.
Key points from the report are, based on 60% of the interviews completed to date, are summarised below;
Governance and management of operational risk
- In a drive to better control risks and apply corporate authority to mandate risk behaviours, three-quarters (76%) report increased centralisation of the risk function.
Measures of operational risk
- Only 7% report that they are measuring the cultural and behavioural elements that have an impact on operational risk.
- Of the broader set of operational risk measures, 59% are reactive and based on incident reporting.
- Every organisation reports that they are trying to link compensation to operational risk performance with some risk functions having the power to veto bonuses.
Drivers for improving operational risk management
- Twice as many (64%) reported regulatory, as opposed to major events, as the main drivers for improving operational risk management. Only 4% report being proactive in driving operational risk improvements.
- Just over one-third (38%) report that full root cause analysis was systematically undertaken to identify the underlying causes of major risk failures.
The role of leadership and risk culture in managing operational risk
- The majority of respondents reported a strong correlation between the business leaders understanding of risk and the adoption of good risk management practices.
- Only 19% report that their business is taking steps to specifically improve risk culture and behaviour.
- Although 62% of major risk incidents relate to peoples behaviours or capabilities, in almost all the cases (91%) the organisational response has been focussed on process and system change.
