This post is based on findings from a survey of more than 370 board members and C-suite executives about the risks they consider top-of-mind for the coming year. The survey was conducted for the second consecutive year by North Carolina State University’s ERM Initiative and Protiviti. For more information, visit www.protiviti.com/toprisks.
There’s an old statistics joke about two economists who go deer hunting. Upon sighting a deer, one shoots high, the other shoots low. As the deer scampers to safety, the economists fist bump. On average, they nailed it!
That joke comes to mind as I consider our Executive Perspectives on Top Risks for 2014 study. On average, of the more than 370 surveyed, executives and board members found the business climate less risky than 2013, with board members generally finding it more risky, and executives, collectively, ranking it less risky.
So, which is it? It depends on your perspective.
Operationally, things appear to be better. The economy is improving. Unemployment is down. And consumer confidence is up.
Executives have a clearer line of sight on growth, and they have more confidence in their projections and forecasts. In that macroeconomic and operational sense (which accounts for two-thirds of our survey questions), things are less risky.
Board members look at risk differently. Tasked with making sure all the bases are covered, directors scan the horizon and spend more time thinking about how external forces and strategic risks such as regulation, societal change and disruptive technology might blindside management as they are going about executing their business model. Simply stated, directors may be taking a more strategic view, and strategic risks (the remaining one-third of our survey questions) do appear to be more risky.
Whatever the reasons for the divergence in boards’ and executives’ view of the changing risk environment, organizational leaders must make sure everyone’s reading from the same page. Boards and executives alike should be asking:
- Is management periodically evaluating changes in the business environment to identify risks in corporate strategy?
- Is the board sufficiently involved in that process?
- Does management apprise the board on a timely basis of changes in the organization’s risk profile?
- Is the board aware of the most critical risks facing the company, and does it agree on why those risks are significant?
- Is there a periodic board-level dialogue regarding management’s appetite for risk and whether the organization’s risk profile is consistent with that risk appetite?
These are questions directors can ask about the organization’s risks. Following are three questions they can ask about risk management as they discharge their risk oversight responsibilities:
- Are we improving our risk management capabilities continuously to ensure we are managing our risks effectively in a changing business environment?
- Is our risk culture encouraging the right behaviors?
- Have we integrated risk management with the appropriate management processes?
For a more in-depth look at some of the above questions, please read Issue 50 of Board Perspectives: Risk Oversight, titled Five Risk Oversight Questions Directors Should Ask.