If there is anything the recent financial crisis has brought to the industry, it's that firms have come to a greater understanding of their risks, a study conducted by the Economist Intelligence Unit (EIU) finds.

The rapid globalisation of industries and new forms of regulation are likewise putting risk management practices under more careful scrutiny, the study added.

The study, conducted between June and July 2010, interviewed eight C-level risk and compliance officers in seven industries from five continents around the world.

"The recent financial crisis has caused a shakeup in the way companies think about risk and compliance, not just in the financial services industry," explained Sudhir Thomas Vadaketh, senior editor at EIU. "It has certainly influenced people's understanding of risk.

Vadaketh said the development of a lot of new markets around the world and the recent power shift from Western to Eastern markets have likewise affected the risk appetites of businesses.

Enterprise-Wide RM

Given such new market conditions, Vadaketh said there is wisdom in deploying an enterprise-wide approach to risk management. "Individual or siloed approaches only have micro views of risk," he assessed. "It makes sense to have somebody at the top having a bird's eye view of the company's state."

The EIU senior editor added that an enterprise-wide risk management system eliminates duplication of systems and reduces efficiencies in determining risks.

"The bigger problem is that no one [today] is looking at the bigger picture [of risk]," he lamented.

Vadaketh suggested having a dedicated risk officer and a risk team under him to assess the company's risk and compliance needs.

He also underscored the importance of having employees themselves break out of the silos. "Companies should encourage employees to get away from their spreadsheets, and help them develop a sense of how they fit into the big picture," he suggested.

Patrick Wang, business development manager for governance risk, compliance, and identity management at German software firm SAP, meanwhile said having an automated and enterprise-wide risk management system can help companies in the new business environment.

"Non-automated systems are not scalable, and they can be deployed in certain units only," he stressed. "Therefore, companies cannot gain visibility of all their risks."

Wang also belabored the passive attitude of companies today, who only start doing risk management practices when they come face to face with mishaps.

"Businesses need to start risk management today, because the survival of companies depend on how [quickly] they can adapt to these [rapid] changes," he added.

Wang touted SAP's solutions for the risk management and compliance area, comprised of SAP BusinessObjects Risk Management 3.0 and SAP BusinessObjects Process Control 3.0.

"SAP's solutions have a centralised risk catalog and a standardised template for companies to work with," Wang explained, adding that the risk catalog can be categorised per industry.

He also added that the SAP solutions have connectors for the ERP systems for the application to monitor data coming in from that system.

"SAP's risk management suite can also perform simulations based on incoming risk information, not just in the supply chain," he expounded.