Crisis exposes banks' weak risk management practices - Ernst & Young

Crisis exposes banks' weak risk management practices - Ernst & Young

The economic crisis has exposed inherent weaknesses in the risk management practices of banks, but few have a well-defined vision of how to tackle the problems, according to a study by Ernst & Young.

Of 48 senior executives from 36 major banks around the world questioned by Ernst & Young, just 14% say they have a consolidated view of risk across their organisation.

Organisational silos, decentralisation of resources and decision-making, inadequate forecasting, and lack of transparent reporting were all cited as major barriers to effective enterprise-wide risk management.

The study suggests banks are attempting to tackle risk management but their efforts are flawed. A massive 86% say their banks are implementing a variety of projects designed to provide a more comprehensive approach to risk, yet only 16% said they have a well-defined, shared vision of what it would look like.

Respondents agree greater transparency, faster delivery and better synthesis of data must be top priorities and around two thirds say they are underway with the process of implementing consolidated risk reporting across their organisations. However, only nine per cent feel they have truly been able to aggregate data across the enterprise.

To develop an enterprise-wide view, 75% of respondents also say it is vital to create a risk-aware culture throughout the bank.

Bill Schlich, leader, global banking and capital markets practice, Ernst & Young, says: "In light of recent events, there was strong agreement that managing risk effectively requires both top-down oversight and bottom-up involvement from front-line risk takers."

Comments: (2)

A Finextra member
A Finextra member 18 December, 2008, 14:10Be the first to give this comment the thumbs up 0 likes

Excellent news that the industry views "greater transparency, faster delivery and better synthesis of data" are the top priorities but we must not allow clever data analytics to mask the underlying ownership and accountability

Richard Self
Richard Self - University of Derby - Derby 22 December, 2008, 23:26Be the first to give this comment the thumbs up 0 likes

It seems that the banks want to continue relying on technology. Governance, compliance and risk management is far more about attitudes and careful thought about risks.

See the introduction to ISO standard 27002 on Information Governance, section 0 for the emphasis on careful, context based consideration of risk and compare with the bureaucratic, "apply the rules" "do not think" approach of CoBiT to see the contrast between the two approaches. The UK Combined Code and the Turnbull Report clearly support the thinking approach, rather than a bureaucratic, technocratic approach.

Technology should about supporting thoughtful analysis of risks.

Featured Job
All Jobs »