There’s no reward without risk: GRC survey 2015

Looking at risk differently

  • Share

Operating a business requires taking risks. Organizations that identify and manage these risks well are positioned to grow and remain successful.

In our 2015 governance, risk and compliance (GRC) survey,we asked 1,196 participants, around the globe and across sectors, how well they are managing risk and what they need to do to better manage the risks that drive performance.

Organizations today are challenged with managing a rapidly-changing risk landscape including market volatility, geopolitical crises, wide-spread economic changes, regulatory reforms, and cyber threats.

While this creates many challenges for organizations, it also presents an opportunity to take advantage of the potential of risk.

In this year’s survey, we found that organizations are making progress in improving the way they manage risk in response to a changing risk landscape. However, organizations also indicated that there is still further room for improvement and opportunities to be seized.

This requires a business to change the way they work and become a more risk-aware organization.

Historically, risks have been categorized in many different ways. Regardless of how they are organized, it is beneficial to consider risks in the context of your business and how best to respond to those risks.

“Companies that think about risk in the context of their business decisions are better positioned to manage the risks that drive performance.”
- Matt Polak, EY Global Risk Transformation Leader

Broadly, risks can be managed by applying the following three categories:

  • Strategic risks that must be accepted as they offer positive benefits
  • Preventable risks that should be avoided or mitigated as they offer negative impacts
  • External risks that cannot be controlled, offering negative impacts and/or positive benefits

Identifying, managing and responding to risk should be an integral part of an organization’s everyday activities.

Our GRC survey tells us that organizations are looking for a more comprehensive, coordinated and innovative approach to enable them to successfully manage the opportunities and the hardships presented by risk.

This requires transforming the way the organization views and capitalizes on risk — building a risk-aware organization.