Barrett expects members of boards in Australia to continue to receive "encouragement" for more effective risk management. A recent survey by PricewaterhouseCoopers, reported in the September 2004 edition of Australasian Risk Management, indicates boards in the US and Europe are already getting the risk management message. Some 57 percent of the (large multinational) organizations told the researchers their board will have more input in the key area of risk management as well other issues such as the company's structure and understanding of the transactions being entered into by the organizations.

"In the public sector," Barrett says, "we have an encouraging result as shown in the CPA Australia survey of 31 public sector agencies from the three tiers of government [CPA Australia, 'Risk Management Survey 2001'].

"Commenting on the survey results, Adam Awty, the public sector policy adviser for CPA Australia, observed that: 'It [risk management] is now becoming entrenched within the public sector and is resulting in better performance. CPA Australia's survey results show that the public sector has moved to address risk management and is now more accountable, better managed and a better service provider than it was in the mid-1990s . . . The challenge for the future is to develop mature methodologies such as risk performance indicators and benchmarking. Public sector agencies also need more sophisticated skills to monitor, communicate and link risks directly with corporate objectives'," Barrett says.

Barrett notes that risk management, when it first began to gain traction in the Australian Public Service in October 1996 and elsewhere, was often seen as a defensive strategy in keeping with the risk-averse culture of the day. Now it is increasingly being recognized - in both the public and private sectors alike - as a vehicle for identifying positive business opportunities. "Increasingly, risk management is being recognized as integral to generating sustainable shareholder value, reflecting the understanding of the connection between well-managed risk and improved performance or, to put it another way, the linkage between risk management and corporate goals," he says.

A recent research program in the US and Europe by CFO Research Services exploring how companies align risk management with their strategic goals found few CFOs were satisfied with their current approach to risk but change is in the air. In three years, 39 percent of the CFOs intend to have integrated their risk management processes across the organization and only 12 percent expect that they will continue to manage risks in separate functions.

"The more unified a risk management process is across the company, the more satisfied CFOs are with it. Likewise, the more closely risk management is tied to the strategic planning process, the more effective CFOs believe it is," the report says. "Over the past few years, companies have attempted to create such a system [a more comprehensive and forward-looking system of risk management] - these efforts have come under various names, including holistic, integrated and, more recently, enterprise risk management (ERM) . . . The principles underlying these approaches (that is, mapping all of a company's risks in a uniform way and applying a cross-functional approach to managing them) are gaining acceptance."

The report found CFOs struggle with several main challenges to managing risk more strategically, including lack of uniform metrics, the time required for design and implementation, incompatibility with corporate culture and inadequate IT systems.

"The report saw strategic risk management representing a shift in thinking about risk," Barrett says. "Previously, many viewed risk management as an activity separate from the company's real work; an after-the-fact effort to protect against dangers inherent in business operations. There is now recognition that risk management should be inseparable from strategy development, capital allocation and other core management processes.

"It follows that, if managers are to use risk information to help steer the corporation, they need a view of that data unhindered by organizational divisions or definitional problems. This requires real ownership and commitment at all levels of the organization."

"The ERM approach is now widespread enough to be recognized as the emerging orthodoxy. However, the interconnectedness of risks across an organization can only be identified and managed when the organization shares risk and control knowledge across its functions," Barrett says.

He concludes ERM is clearly no fad, but has attracted significant coverage in both the public and private sectors and has helped to increase the profile of risk management. The idea of integrating risk across an organization and risk management being embedded in the culture is essential to the risk management process, he says.