A new report from Deloitte and the Manufacturers Alliance for Productivity and Innovation recommends that manufacturers convert their risk management practices to "an ongoing conversation rather than a periodic presentation."
The study, titled "Understanding Risk Assessment Practices at Manufacturing Companies," said the evolution of technology within the manufacturing sector presents vulnerabilities as well as opportunities, and that new threats can strike with unprecedented speed.
The report argued companies should improve their use of technology in risk management, consider increasing the frequency of assessments and embed those practices within all levels of company operations.
"In short, risk assessment and management techniques should advance at a rate equal to or greater than the underlying business," the report said.
Companies surveyed by Deloitte and MAPI identified cyber security as the biggest IT risk three years from now, with product design and development innovation as the top business risk over that span. The report said companies should utilize cyber security controls, but that they should also increase their insight into potential threats and how to appropriately respond to them.
They study also noted that 93 percent of companies indicated oversight of their risk management rested with the full board or an audit committee, and suggested that "given the rising complexity facing most manufacturing organizations ... it may be time to give risk management a clear subcommittee."
The involvement of a committee, meanwhile, could result in such panels becoming increasingly involved in day-to-day operations. The report called for a "proper executive champion" for that role, potentially including the creation of a chief risk officer.
Improved risk management and audit practices, meanwhile, could also help create a more resilient supply chain, as well as improve employee recruitment and retention amid ongoing concerns about a manufacturing skills gap.
Although improving risk management practices wouldn't dramatically alter a company’s bottom line, the report said the potential benefit to competitive advantages and shareholder confidence "will naturally make its way into earnings."
"Organizations should establish a risk assessment program that fits into its unique culture and risks," said MAPI deputy general counsel Les Miller. "Since change is constant and can occur suddenly, ongoing efforts to enhance the sophistication and variety of risk assessment techniques are needed."
The study conducted an online poll of 68 members of MAPI's Internal Audit and Risk Management Councils in June of 2014. The respondents ranged from less than $1 billion in annual revenue to more than $25 billion; the majority ranged between $1 billion and $10 billion.