Less than 10% of ME companies have mastered enterprise risk

10 March 2021 Consultancy-me.com 5 min. read
More news on

At a volatile time, less than 1 in 10 organisations in the Middle East are highly mature in how they manage their enterprise risks – according to a new report by Protiviti. The message is clear: put more controls in place to stop risking what should not be risked. 

An effective enterprise risk management (ERM) programme does more than just identify risks. It integrates knowledge of risk, uncertainty and opportunity at every stage of business decision-making – from strategy and planning through execution and performance management.

This is according to a new Protiviti report, which highlights the value of ERM at a time of pandemic-induced market volatility. Through last year, the firm surveyed 150 businesses of various sizes, industries and nationalities in the Middle East – to gauge the region's risk management maturity.

ERM maturity in the Middle East

Responses from risk leaders and C-suite executives were screened through Protiviti’s ERM Readiness Assessment Methodology – a new tool that tracks ERM maturity and suggests improvements. Businesses were then sorted into maturity brackets, for an overview of progress.

Less than 10% of surveyed businesses were named ‘leaders’. These organisations embody ERM principles through planning and execution, drawing long-term value via business sustainability. Another 12% of businesses are labeled ‘influencers’ – where ERM is among the concrete pillars of strategy setting.

‘Actionable’ businesses make up more than a third of Protiviti’s respondents. Here, ERM takes its traditional rearguard avatar, keeping execution and business activities above board and preserving reputation. Nearly half – 44% – of businesses are ‘initial adopters,’ still finding their feet with ERM and yet to derive any concrete value.

Companies Maturity Level in ERM Pillars

The numbers paint a picture of ERM immaturity. At the same time, the researchers point out some promising trends – most notably the vast ‘initial adopters’ bracket. “The concept of ERM is being embraced by a significant number of companies in the region although they are in early stages of adoption,” noted Darshan Mehta, Kuwait-based managing director at Protiviti.

The fact is that all businesses surveyed have started their ERM journey, and it’s only a matter of time before they derive value. “This is a very welcoming move overall," added Mehta.

Crisis at hand 

On the flipside, current economic circumstances might not leave too much time to catch up. Covid-19 has thrown the world into a risk minefield. Health risks aside, the resultant economic crisis has transformed consumer behaviour; curbed spending; forced business closures, bankruptcies and payment defaults; put IT infrastructure under cyber threat; and sent oil prices into a tailspin.

Level of ERM maturity among risk leaders

Against this backdrop the current areas of focus for risk management practices fall short. On average, less than 50% of businesses are mature on any given ERM lever. Most have put risk governance practices in place, while business execution, risk appetite, planning and forecasting are in focus for only a third of organisations.

Making matters worse, around a quarter have achieved some maturity in building a risk culture, or considering risk when evaluating strategic business options. To navigate an economic crisis, each of these levers needs to be at a highly functional level – as is the case among businesses in the ‘leaders’ category.

Setting the standard

No doubt, a solid governance framework is still the priority among ERM leaders, although well over 70% of these businesses have end-to-end business maturity across all levers. Interestingly, the majority of these businesses are from the financial services sector, followed by government organisations and energy & utilities players.

Types of organisations with ERM maturity

Per the report, these sectors win out in response to ERM-focused regulations. Similar factors explain why more than half of ERM leaders are listed companies, which are answerable to stringent corporate governance requirements.

Be it through external drivers or internal pressure, these businesses have managed to set up a sustainable risk management framework. The upshot is that leaders have reached a stage where ERM doesn’t just protect their organisation – it helps to add long-term value.

Protiviti managing director Sanjay Rajagopalan explained: “During strategy and objectives setting, ERM analyses how risks and opportunities may influence value creation, providing management and the Board with “risk-return” considerations to align strategies with the company’s risk appetite.”

The journey to value-adding ERM practices

“During strategy and business execution, ERM proactively contributes to addressing these risks and opportunities on a recurring basis and throughout the organisation. This approach enables leading ERM organisations to significantly influence business performance and sustainability not only in the short and medium term, but also in the long term.”