Executives lack a high degree of confidence in their organizations' risk management capabilities, according to a Protiviti (Menlo Park, Calif.) survey of more than 75 C-level executives from U.S.-based Fortune 1,000 companies, including financial services firms. Fifty-four percent of survey respondents said their companies could be doing more to identify, quantify and manage risk. Incident reporting and loss measurement (59 percent) was cited as the top tool currently used by respondents' companies to manage risk (see chart below).
The executives' lack of confidence results from regulatory demands, according to Mark Dillon, managing director of Protiviti's technology practice. "This new emphasis on risk stems from SOX compliance," he asserts. "Companies are trying to take a more enterprisewide risk management view instead of an ad hoc silo approach."
Though many companies have automated controls to meet regulatory requirements, 43 percent of the executives surveyed reported that they still consider financial reporting and SOX compliance significant risks. To manage these areas better, 65 percent said they plan to enhance their companies' risk management capabilities, including implementing new technology and hiring more-qualified staff.