Deloitte conducted its sixth biannual survey of risk management practices across the industry, receiving responses from 111 financial institutions around the world, with aggregate assets of more than $19 trillion.
As it turned out from the study, banks and other financial institutions continue to have significant opportunities to strengthen their risk management processes and tools. The survey found that risk management is not fully integrated throughout many institutions. Forty-nine percent of the institutions surveyed had completely or substantially incorporated responsibilities for risk management into performance goals and compensation decisions for senior management. Also, overall responsibility for oversight and governance of risks rested with the board of directors at 77% of the institutions participating and 63% of these had a formal, approved statement of risk appetite. Seventy-three percent of the institutions surveyed had a chief risk officer (CRO) or equivalent position. As an indicator of the role's importance, the CRO reported to the board of directors and/or the CEO at roughly three-quarters of these institutions. The survey revealed that only 36 percent of the institutions had an enterprise risk management (ERM) program, although another 23% were in the process of creating one. Many institutions may have significant work to do to upgrade their IT risk management infrastructure. Roughly half of the executives were extremely or very satisfied with the capabilities of their risk systems to provide the information needed to manage market and credit risk. (press release)