Embed strategic risk management

Organisations must embed strategic risk management into its decision-making process to get full value from its capabilities.

Risk functions need to adapt to provide real-time insight in today’s fast-moving world, according to PWC’s Global risk survey 2022.  In fact, risk departments need to be agile and able to reflect changing risk appetites.

“The organisations that have stood out from the pack in the past two years have not just managed risks,” the report said. “They’ve taken on risks, with confidence.”

Get in early

But fewer than 40 per cent of executives consult with risk professionals in the early stages of new projects. As well as strong analysis and modelling, risk managers must be in early on any new project to help inform decisions.

The survey found that 65 per cent of organisations said they plan to increase spending on risk management technology. The biggest areas for investment included data analytics, process automation and risk detection and monitoring technologies.

“Sharing investment and further integrating technology and risk data across the three lines could help to efficiently drive a panoramic view of risk across the enterprise,” the report said.


Many organisations do not have a common risk language across the business. In such cases, businesses may fail to create a consolidated view of the risks they face and fail to embed strategic risk management.

In fact, 75 per cent of survey respondents said that technology systems that do not work together is a significant risk management challenge. Just 35% of said they addressed challenge in a formal, enterprise-wide manner.

To enable risk-based decision making, organisations should employ a Governance, Risk and Compliance (GRC) technology platform. This helps to build a coherent approach to risk management across the three lines of defence. It also acts as a single source of truth.

In addition, businesses must take a consistent approach to risk assessment to clearly identify and prioritise key business risks. Establishing strong relationships across the three lines to clearly define roles and responsibilities related to risk activities is a must. Finally, organisations must also put in place reporting and data requirements defined by both business and risk leaders.

Read the report.

  • About Enterprise Risk Magazine

    Enterprise Risk Magazine is the leading quarterly title for risk managers and enterprise risk, with a print circulation of over 5,500.

    Enterprise Risk is published on behalf of the Institute of Risk Management (IRM). The majority of IRM members receive their copy of Enterprise Risk at their home address, meaning the title... Read more
  • Categories

  • Tags