KPMG: Processes Around Risk Management Remain Largely Manual

By Rob Starr, Content Manager, Big4.com

According to new research from audit, tax and advisory firm KPMG LLP, just 16 percent of over 100 executives polled at the 2012 RSA Archer GRC Summit described their risk management processes as automated, despite the availability of enabling technologies to help manage risk.

Greg Bell, a U.S. principal at KPMG and the Global Information Protection and Business Resilience Leader said 64 percent of respondents described their ERM programs as manual, while 20 percent said they utilized data warehousing. Yet, 40 percent cited regulatory requirements or expectations as most strongly influencing their organization’s interest in ERM, followed closely by risk mitigation (38 percent) and improving business performance (10 percent).

Organizational or geographical silos and politics were cited by 50 percent of respondents as the main impediment to effective ERM, followed by lack of resources (19 percent); conflicting priorities (12 percent); unclear benefits (11 percent); the cost of ERM software (4 percent); and Board or Executive resistance (4 percent).

As well,  two-thirds of those polled said their organization formally aligned ERM with strategic initiatives either “extremely well,” “good” or “moderate,” compared to slightly more than one-third that rated their organization’s ability as either “poor” or “extremely poor.”

Further, the respondents were largely from industry sectors that are highly regulated and most heavily dependent on technology: financial services, 47 percent; technology and telecommunications, 19 percent; and healthcare and pharmaceuticals industries, 9 percent, Bell said.