Given the critical importance of auditing the right risks, I’ve spent considerable time analyzing the results of the annual 2015 Executive Perspectives on Top Risks, conducted by Protiviti and the North Carolina State University’s ERM Initiative, and I continue to refer to it often to this day. Having already covered the release of the report itself and the key findings, today I’m going to touch on the significant shifts we’re seeing year over year.
Analyzing the trends behind shifting priorities isn’t easy but one trend calling for attention is this: Creating an organizational culture capable of effectively responding to the escalating speed of change and risk is key.
That’s the conclusion I reached with my good friend, Dr. Mark S. Beasley, Director of the North Carolina State University ERM Initiative. In a recent webinar I hosted with Mark, we reviewed the risks, noting that the familiar ones maintained their positions at or near the top of the list. For example, the impact of regulatory changes and heightened regulatory scrutiny has been the top risk annually since the study’s inception in 2013, and was number 1 again this year. We believe that’s a direct reflection of management concern that even marginally incremental regulatory change can add tremendous cost to a corporation – and the mere threat of regulatory change can create uncertainty in hiring and investment decisions.
Similarly, economic conditions – worries about oil price volatility, the effect of economic sanctions against Russia and other geopolitical matters, and currency issues rated highly again: number 2 this year, even if their scores were lower than last year.
Most striking, however, are the risks that moved dramatically up the list as well as those that showed the greatest increase in their significance. In nearly every case, these risks, directly or indirectly, are tied to technology and disruptive innovations.
Concern that organizations may not be sufficiently prepared to manage cyberthreats jumped from number 6 to number 3 – a growing indication that management now views such incidents as a matter of when, not if.
The following are the top 5 increasing risks (based on an increased risk rating in 2015 versus 2014, as determined through our analysis of the survey results):
- Insufficient preparation to manage an unexpected crisis significantly impacting an organization’s reputation.
- Inability to utilize data analytics and big data to achieve market intelligence and increase productivity and efficiency, significantly affecting an organization’s management of core operations and strategic plan.
- Insufficient preparation to manage cyberthreats that have the potential to significantly disrupt core operations and/or damage an organization’s brand.
- Inability to meet performance expectations related to quality, time to market, cost and innovation as well as an organization’s competitors.
- The rapid speed of disruptive innovations and/or new technologies within the industry may outpace an organization’s ability to compete and/or manage the risk appropriately, without making significant changes to its operating model.
It is interesting that three of the fastest increasing risks deal with operational issues – and technology is emerging as a core theme which we will continue to watch closely.
Indeed, even concerns about sustaining customer loyalty and retention – a new risk introduced in the survey this year debuting at number 9 – can be linked to technology and its impact. My takeaway on this particular risk is that the rapid pace of change and disruptive innovations are leading to drastic changes in customer preferences as more choices and transparency emerge in the marketplace. These innovations are making it more challenging to retain customers in an environment of slower growth.
Which leads us back to the most critical issue that must be addressed – I suggest heeding Dr. Beasley’s warning:
“Ultimately, culture is king,” he said. “We need to be adjusting business models in this rapidly changing environment. … Our reluctance to embrace change could really put us at a disadvantage.”