Most firms possess a hybrid risk management organization. Those with a purely embedded function appear to be less satisfied with their approach.
How do organizations approach risk management?
Our experience with clients suggests that the optimal approach to the risk management function’s structure and organization will vary among firms. But many participants highlight the hybrid approach, saying that embedded risk personnel were more influential on a daily basis, but potentially less able than a centralized function to make independent judgments.
Most risk committees include C-suite participants, but their reporting lines, meeting frequency and agenda items vary greatly.
We believe that risk committee meetings should offer an opportunity to discuss all types of risk. About half of participants say they review established key performance indicators (KPIs) or dashboards and operational risk at committee meetings.
Approach to risk management
| %Satisfied with approach |
| Centralized | Embedded | Hybrid |
| 80% | 64% | 80% |
“Yes, our hybrid approach is optimal for us. I think there’s a reason to have desk-level risk management, but we need something centralized too.” – Survey participant
<< Previous | Next >>
