The study by Deloitte CIS Research Centre is based on a survey of representatives of 50 Russian and foreign companies and provides a comprehensive assessment of current maturity levels of risk management in companies operating in Russia. The obtained data highlight strengths and weaknesses of existing approaches to risk management and show possible development paths for the risk management culture.
The current approaches to risk management can be roughly divided into two types: 1) the risk management function is a separate department; 2) the risk management function is incorporated into another department of the company. The majority of the respondents state that the department responsible for introducing and developing risk management elements in their company reports directly to the CEO; often, the CEO is also the initiator of this process.
The maturity level of risk management in Russia is mostly estimated as average or low. In the majority of cases, the results of risk analysis for risks related to performance targets and budgeting are taken into account when setting new targets and objectives. However, such analysis is not a decisive factor in revising strategies and budgets. Often, the results of risk assessment are documented selectively or not at all.
The experts conclude that on the whole risk management in Russia isnt integrated into decision-making processes in a systematic way.
The main constraint on the culture of risk management is a lack of interest in risk analysis and, consequently, low motivation for developing the risk management function. Besides, the experts observe a shortage of qualified personnel with enough skills to carry out a high-quality risk assessment.
To overcome these obstacles, companies need to foster the risk management culture and integrate risk management elements into key production and decision-making processes.