Fazeela Gopalani, Head of ACCA Middle East 

• 57% of survey respondents say risk culture has changed for the better since the pandemic
• Top risk priorities in the Middle East: (1) 1 technology and cyber security; (2) regulatory, compliance, and legal; and (3) misconduct, fraud, and reputational damage

As corporate collapses make headlines this year the need for strong risk management is clear. This is why the Association of Chartered Certified Accountants (ACCA), The Association of Insurance and Risk Managers (Airmic), and the Professional Risk Managers’ International Association (PRMIA) have collaborated on a new study that gauges how risk and financial leaders are dealing with risk culture and to what extent they understand its effect on the organisation’s broader strategy.

The research is based on an online global survey complemented by a mix of interactive engagements with the three professional bodies’ respective members, gathering views from thousands of risk and financial professionals around the world. The findings are published in a new report, Risk Culture: Building Resilience and Seizing Opportunities. 

This first of its kind study found that while “box ticking” is prevalent there is growing interest in risk culture to cope with disconnected organisational cultures and hard-to-detect breadth of risks.

Key risk priorities for risk and finance professionals across all regions were ‘regulatory, compliance and risk’ followed by ‘technology, data, cybersecurity’ and ‘economic inflation and recession’.

Sector-specific results showed respondents in financial services were more likely to raise ‘technology, data and cybersecurity’ and ‘regulatory, compliance and legal’ as their two highest risk priorities, whereas those in the corporate sector ranked ‘logistics and supply chain’ issues as one of their top three risk concerns. Interestingly, despite a rise in corporate fraud cases, the corporate sector ranked ‘misconduct, fraud and reputational damage’ lower than any other sector.

Some of the overarching concerns coming out of the report are that risk conversations continue to happen in a vacuum at the top of organisations, and that engagement not only between boards and senior management – but also across functions and roles – needs significant improving.

‘Recent corporate collapses remind us of how inadequate and siloed risk governance can be, regardless of what is said in their financial statements,’ said Rachael Johnson, head of risk management and corporate governance at ACCA and author of the report. ‘As our research shows, it is not only the regulators who are asking questions. In today’s highly interconnected, digital world, even a weak risk culture is better than none.’ 

‘In an increasingly high velocity, complex and connected world, tensions can be created between managing performance, innovation, controls, and assurance.’

Julia Graham, CEO of Airmic, a partner said: ‘This report addresses how risk culture can contribute towards managing these tensions as part of good governance and concludes that managing risk dynamically and building resilience collaboratively are changing risk culture for the better.’

‘Recent events, such as FTX and Silicon Valley Bank, show us that risk culture, more than ever, needs to be front and center for risk and accounting professionals,’ said Justin McCarthy, CEO of PRMIA. ‘This report shows how we need to help our respective members work and learn together more.’

Fazeela Gopalani, Head of ACCA Middle East, said: “Demand for risk governance and compliance professionals has skyrocketed in the region since the pandemic. However, only 27% of respondents in the Middle East and South Asia have conducted a risk maturity assessment. The survey also found that technology and cybersecurity were ranked top risk priority by respondents in MESA, followed by regulatory, compliance, and legal, as well as misconduct, fraud, and reputational damage respectively.”

The report incorporates insights from over 2,000 risk and financial professionals around the world. The online survey took place in October 2022 and attracted 1,823 individual responses from risk and financial professionals globally, across a range of industries. The majority of these individuals have accountancy backgrounds (93% being ACCA members). Additional forums, roundtables and one-on-one interviews with more ACCA members contributed further qualitative data.

A supplementary document to the report – Risk Culture Conversations – digs into the two open-ended questions from the survey as well as these discussions and input from our online community pop-up platform, which took place in November 2022.

To complement the findings, the report also includes ten calls to action.

1. Empower risk leaders to drive risk culture and influence behaviours.
2. Resist the danger of tunnel vision when faced with a multitude of risks.
3. Understand the behaviours driving both good and bad outcomes.
4. Don’t mistake a ‘tick the box’ compliance approach as true, value-added risk management.
5. Consider how you define the role of accountants in risk culture, particularly on reconciling ethics with profits.
6. Define risk appetite clearly and communicate its purpose to help guide behaviour and inform better decision making.
7. Eliminate the fear factor by creating a ‘hands up’ culture through visibility and leading by example.
8. Measure and incentivise the risk culture you want by ensuring ‘everyone owns it’.
9. Promote good governance through role clarity and knowing who is responsible and accountable for what.
10. Coordinate multi-stakeholder engagement with regulators leading to more positive, pro-society outcomes.
     

ACCA will publish additional research on risk culture by industry throughout 2023.