Big UK corporations lag far behind financial groups in establishing board-level risk committees and chief risk officers, new research by Deloitte’s consultancy arm and recruiting firm Hedley May has found.
The two firms surveyed top executives and non-executive directors at 36 large companies, including 30 of the largest non-financial FTSE 100 groups, and found only four had chief risk officers at executive committee level or just below, and eight more had a lower ranking person responsible for risk.
None had board committees devoted exclusively to risk, although many audit committees considered the issue and a few had committees that deal with industry specific risk, such as safety for airlines.
Since the financial crisis, UK banks and insurers have almost universally adopted risk committees and CROs, especially after Sir David Walker’s report on bank governance emphasised the need for boards to focus on risk. Three-quarters of non-financial companies, by contrast combine risk with internal audit.
“What we are seeing here is a different stage of maturity and development in the corporates and the risk profile is different,” said Hans-Kristian Bryn, Deloitte risk partner and an author of the report, which is set to be released on Monday.
However, he added: “We don’t expect to see a lot more CROs appointed. There isn’t the appetite.”
Different attitudes towards risk also show up in pay. “Those in corporates have a salary package of about 25 per cent of those in the financial services sector … The pay differential is indicative of the difference in relative importance that corporates and financial services companies place on the role,” said Nick Hedley, co-founder of Hedley May.
Unlike the financial groups, UK companies placed responsibility for risk in the hands of a wide variety of executives, although ultimate responsibility tended to end up with the chief financial officer, the research found.
The Financial Reporting Council announced in September that it wanted companies to improve the way they report on risk, focusing on strategic risks rather than just including a list of possible dangers.