KPMG: Processes Around Risk Management Remain Largely Manual

By Rob Starr, Content Manager, Big4.com

Just 16 percent of over 100 executives polled at the 2012 RSA Archer GRC Summit described their risk management processes as automated, despite the availability of enabling technologies to help manage risk. That’s according to new research from audit, tax and advisory firm KPMG LLP.

Further, the respondents were largely from industry sectors that are highly regulated and most heavily dependent on technology: financial services, 47 percent; technology and telecommunications, 19 percent; and healthcare and pharmaceuticals industries, 9 percent.

Organizational or geographical silos and politics were cited by 50 percent of respondents as the main impediment to effective ERM, followed by lack of resources (19 percent); conflicting priorities (12 percent); unclear benefits (11 percent); the cost of ERM software (4 percent); and Board or Executive resistance (4 percent).

As well, two-thirds of those polled said their organization formally aligned ERM with strategic initiatives either “extremely well,” “good” or “moderate,” compared to slightly more than one-third that rated their organization’s ability as either “poor” or “extremely poor.”

Greg Bell, a U.S. principal at KPMG and the Global Information Protection and Business Resilience Leader commented:

“The number of respondents using the low-tech approach to managing risk surprised us, particularly when most organizations have placed such an incredible focus on their Enterprisewide Risk Management (ERM)  processes after more than a decade of complex regulatory change and financial crises,”  he said.