Despite having a greater awareness of risk, companies are still struggling with the practicalities of mitigating “catastrophic” threats, says a new report by the Organisation for Economic Co-Operation and Development (OECD).
The report, entitled Risk Management and Corporate Governance, analyses rules and risk management practices in 27 countries around the world, and concluded that insufficient steps are being taken to protect firms against threats. It warned that many companies are also heavily focussed on financial risk and have not considered broader issues that could put them in jeopardy.
“The review finds that, while risk-taking is a fundamental driving force in business and entrepreneurship, the cost of risk management failures is still often underestimated, both externally and internally, including the cost in terms of management time needed to rectify the situation, it said. “Corporate governance should therefore ensure that risks are understood, managed and, when appropriate, communicated.”
“Following the financial crisis, many companies have started to pay more attention to risk management. This is, however, seldom reflected in changes to formal procedures, except in the financial sector and in companies that have suffered serious risk management failure in the recent past.”
To improve, companies are advised to develop incentive structures that reward both business success and the awareness and management of financial and non-financial risk, and to take into account strategic and operational risk. Boards and senior executives should also be more heavily involved in the issues, the report suggests.
“Boards should be aware of the shortcomings of risk management models that rely on questionable probability assumptions,” it says. “More guidance may be provided on managing the risks that deserve particular attention, such as risks that will potentially have large negative impacts on investors, stakeholders, taxpayers, or the environment.”
Despite the data protection regulation being implemented in 2018, 69% of IT decision makers don’t have the backing of their board to achieve GDPR compliance, according to Calligo.
The majority of the region’s 28 member states report that the situation has worsened over the past year, reports business management consultant Verisk Maplecroft.
Regulators in the UK, the US and Hong Kong instituted proceedings against more than 1,700 individuals last year, or four times the number of cases brought against companies.
The US Commodity Futures Trading Commission approved LedgerX as the first regulated clearing house for derivatives contracts settling in digital currencies.