First–ever ERM diagnostic survey of regional companies by Protiviti highlights an imminent need for stronger risk management
Dubai, UAE, March 09, 2021: Spurred by the desire to mitigate the impact of risky events like COVID-19 pandemic on businesses, Protiviti conducted the first ever Enterprise Risk Management (ERM) survey in the Middle East to help regional companies evaluate their ERM preparedness. Protiviti’slargescale ERM Readiness Assessment Survey included companies from across sectors like Government, Financial Services, Technology, Media and Telecom, Real Estate and Construction, Transportation and Logistics, Energy & Utilities, Consumer and Industrial products.The purpose of the study is to sensitise companies about the need to invest in and integrate ERM to manage the fallout from events like the pandemic.
Darshan Mehta, Managing Director, Protiviti Member Firm andERM Leader for the MENA region, said “Our first-ever ERM diagnostic survey of regional companies shows a growing trend of ERM adoption, while also highlighting the fact that, for most organizations, ERM is a relatively new venture with 44% of the respondents falling in the early-stage category of adoption. The study also highlights the worrying lack of integration between ERM, strategy and business performance which shows that risk analysis is still not a part of the boardroom decisions. In the current business scenario, there is an imminent need for stronger risk management functions in companies.”
Response from Chief Risk Officers and C-suite-level respondents from 150 largescale enterprises from GCC were assessed for several ERM best practices and they were mapped into four ERM Readiness Quadrants – Initial Adopter, Actionable, Influencer and Leader. These categories indicate the sophistication of a company’s ERM programme and how well they are integrated with strategy setting and performance management within the organization.
Risk governance was the most mature pillar across all quadrants and was exceptionally high (81%) for ‘Leaders’.
Overall, the survey reveals that the weak pillars of risk appetite, risk culture and ERM integration with strategy and planning require the strongest interventions – both in terms of financial commitment and management buy-in.
- Significant increase in adoption of ERM: The analysis of the survey results shows that 44% of the respondents fell in the ‘Initial Adopter’ cluster (the highest), while 47% fell in ‘Actionable’ and ‘Influencer’ categories. This evidences the fact that the concept of ERM is being embraced by a significant number of companies in the region although they are in early stages of adoption. This is a very welcoming move overall.
- Risk Governance is the most mature pillar across all respondents: In each of the quadrants, the risk governance is the most mature ERM pillar which shows that the first step the companies take towards setting up the ERM function has been initiated. The overall risk governance maturity is 43% followed by risk appetite at 34%. For “Leaders”, risk governance maturity stands at highest at 81% and while it is the lowest for Initial Adopters at 25%.
- There is an even mix of listed and non-listed companies in all the four quadrants. Overall, the ratio of listed to non-listed companies in the respondents is 43%: 57%. This suggests that linking corporate governance requirements for companies with the status of their ERM programs adoption may not necessarily be correct.
- Majority of respondents are Initial Adopters with no specific industry dominance: A deeper look at the ‘Initial Adopter’ quadrant shows a holistic mix of all industry verticals. Further, in each industry, over 40% of the respondents fall in ‘Initial Adopter’ category points out that none of the industries have across the spectrum moved beyond initial set up of ERM function.
- ERM is still to be enabled for Business Strategy and Decision Making: Maturity Level for the pillars ‘Business Execution’ and ‘Evaluation of Strategic Options’ is the lowest is at 20% and 25% respectively. This signifies that whist the organizations do deploy an adequate governance mechanism on the ERM, they still do not pursue leverage ERM in effective execution of business activities and as a strategic enabler. Linking risk to Decision Making and Strategic Options evaluation is absent.
- Leaders in the ERM adoption are a minority: Only 9% of the total respondents were categorized as leaders with representation from Financial Services, Energy & Utilities and the Government Sector. This shows that most organizations are still far away from reaching maturity in establishing a robust ERM function that adds value to the overall strategic objectives achievement.
The Protiviti ERM Readiness Assessment Survey mapped over 150 companies in the region, mainly from the GCC. Sixty Five percent of the companies were from Government sector, Energy, Utilities, Financial Services and Consumer and Industrial products and services. The questionnaire addressed 49 ERM best practices deriving from Protiviti real-life experiences which were categorised into six pillars – risk governance, risk appetite, risk culture, evaluation of strategic options, strategic planning and forecasting, and business execution.