In an indication of the growing importance attached to risk management by Indian companies, around two-thirds of them have appointed a dedicated chief risk officer, according to a report released on Tuesday by consulting firm Deloitte Touche Tohmatsu India.
Around 64% of Indian companies surveyed by Deloitte for the report have a designated chief risk officer, a highly specialised senior leadership position that is in great demand at organisations.
The report titled 'Risk Survey 2018 : Transforming Risks into Opportunities' comprises responses from over 100 Indian C-suite executives from an array of private and public sector companies with turnover ranging from less than ₹500 crore to over ₹7500 crore.
Though regulatory risk is currently viewed as the top source of risk in business, 69% of the respondents feel that risks associated with cyber security and technological disruptions will take the lead over the next three years. "While there are no surprises on the top three risks, we believe that the volatility and complexity of each of these risk will continue to increase”, said Rohit Mahajan, president - risk advisory at Deloitte India. "This essentially means that there needs to be a shift from being risk averse to risk aware, with the power of innovation."
The constantly changing contours of a dynamic business environment have catapulted risk management as a business issue from back offices to the boardrooms of companies. One-and-half years back, a top board member of one of India’s largest IT services companies engaged Venkat Shastry, partner at Heidrick and Struggles, a global executive search firm to hire a chief risk officer who can "insulate the IT services firm from primarily cyber risks, and then global regulatory issues."
Shastry, who leads the technology and services practice for the headhunting firm across India said: "Managing the brand, strategy, financials, reputation and risk is now a board-level task. An organisation's future is highly dependent on how it envisions risk."
Traditionally, banks and financial institutions have been the biggest recruiters of senior risk management executives owing to certain regulatory guidelines and the materially financial nature of risk involved in the lending business. That, however, is changing with organisations, ranging from e-commerce startups to legacy conglomerates looking at risk as a business function that needs to be managed by a dedicated senior resource.
Companies are increasingly engaging headhunting firms to hire the right talent, one of the toughest but exciting mandates for headhunters. The mix of skills required for the CRO role is not easy to find. "Any candidate with a blend of experience in financial services, governance strategy and technology is ideal for the role," said Shastry. "Those working in audit and advisory divisions of consulting firms are good suitors."
According to Deloitte survey, currently in its first edition, only 35% of the companies surveyed had a high involvement of the board of directors in risk management. "…Even in the VUCA (Volatility, uncertainty, complexity and ambiguity) world, many organizations are traditionally conditioned to approach risks and risk management with a reactive attitude. This makes it essential that the boards and the management revisit their risk perception," the report said.