I followed up with Steve Culp of Accenture about their announcement of a new Risk Management practice earlier this year. Obviously Accenture has been doing risk management for a long time but they have now brought together people who were already working in this space in different verticals and in their information systems practice as well as people experienced in analytics and created a practice group. A significant portion of the work of this new group is focused at an executive level around governance, information and processes/framework for managing risk. They believe this new service line will better position them to address companies’ questions about risk management and they will turn to Accenture for help. Accenture’s breadth of industry expertise as well its combination of management and IT consulting should, they believe, make them a compelling choice of service provider when it comes to risk management.
Over recent years they have seen a rise in the understanding, importance and significance of risk across all industries. Some industries (banking, insurance) have extensive risk skills but need to apply them in new and increasingly sophisticated areas of risk while other industries are newer to risk and need to acquire the skills required. In addition there is a growing focus on new kinds of risk like reputational risk and supply chain risk. For instance in new markets, more instability in results can mean that an organization needs new ways to manage their supply chain, including new processes and a new risk management framework to quantify the risks and make operations work in a way that manages the risk effectively.
They also see that risk management is moving from the back office – where it might be quarterly, reactionary and compliance oriented – to a more integrated, proactive and business-aligned function. As part of this change they see more organizations becoming aware of the need to push risk management to the front line of their company. For instance, companies might pick a supplier based on risk and price not just price and do it at transaction time – when an order is placed for parts, for instance. Organizations see that an alignment between risk capacity/appetite and operations/strategy is critical.
In this new, more risk-centric environment, every Chief Risk Officer has two common concerns –accurate information about risks and integration of the risk function. If they cannot get the data and information they need organized, cleansed and available then risk management is going to be difficult or impossible. The risk function, meanwhile, has over time become increasingly separate from operations – data, reporting, timing all separate – and this leads to poor outcomes. A key focus of Accenture’s new service line is to help ensure risk is more integrated with finance from a process and data perspective, with management and executives from a governance perspective, and with business from an operational perspective.
Alignment with analytics is something that matters a great deal. Lots of customers begin their risk efforts with a focus on how to manage costs while remaining compliant. But 85% in a recent Accenture study said they lacked alignment between business strategy and risk , so the focus is clearly changing and becoming more analytic in nature. While the risk management practice is focused on the needs of the executive suite, the separate announcement of a partnership with SAS is clearly an important tool for managing risk.
Personally I would like to see more of a focus on the inclusion of risk in operational systems. As I have said before, risk is acquired one customer, one transaction at a time. Understanding and proactively managing risk is therefore something that means embedding analytics and risk-based decisions in transactional, operational systems. Given Accenture’s IT consulting business, and its existing IT Security and Controls practice, I am sure this is going to be part of what they do with their new risk management practice but I would like to have seen it as a more primary focus.