SOX risk assessment

Chief Risk Officers on the 2019 Risk Landscape: Keep Calm, Carry On

Matthew Moore, Managing Director Risk and Compliance Global Leader

 

We’ve all heard the cautionary tales: Blockbuster, Kodak, Borders – the market leaders that couldn’t keep pace with disruptive innovation and so became history.

The risk of falling behind – in technology, talent or innovation – is the waking nightmare of corporate boards of directors and executives across the C-suite. It is the full-time job of chief risk officers (CROs) to make sure that nightmare doesn’t happen.

These executives, assigned to monitor and mitigate corporate risk, represent the largest group of respondents in the 2019 executive risk survey from Protiviti and North Carolina State University’s ERM Initiative. As a group, they weighed in as slightly less worried than their C-suite colleagues, and more specifically focused on things they can change (strategic and operational risks) than the things they can’t (macroeconomic risks). That makes sense – their “all risk, all the time” immersion likely accounts for their apparent “keep calm and carry on” attitude.

What Risks Top CROs’ List?

In the strategic risks category, the rapid speed of change and increasing regulatory scrutiny top the list. Operational concerns include the ability to attract and retain top talent in a tightening labor market, substandard legacy IT infrastructure, and resistance to change.

Getting and keeping the right talent in a competitive market was a fast-rising concern that ranked high across all respondent groups. This, I think, reflects the growing realization that technology and process challenges are all ultimately people challenges, and that competitive success, going forward, will require strategic thinking and data analytic skill sets to a degree not previously seen.

I also think that the concern for talent is part of a larger concern related to IT infrastructure risk, specifically legacy systems, which increasingly fall outside of the competence of up-and-coming IT engineers.

All of these risks are related. For example, it is the rapid speed of disruptive innovation that raises concern over systems adequacy, skill sets and resistance to change. Even regulatory changes are, to a significant degree, driven by innovation and a desire to ensure that everything, from a company’s financial reports to its customer data and culture, are up to current market standards and are sustainable.

While the nature of the concerns points to a healthy and dynamic marketplace (better to have a risk of innovation than a risk of stagnation), there will always be winners and losers in such fast-moving environment. I find it encouraging that so many CROs have their eyes on these critical challenges and a cool head to ensure that their companies will be counted among the winners.

At Protiviti, we look forward to our annual risk report as an indicator of what’s keeping our clients awake at night. We’ve sliced these numbers in a variety of ways to uncover new trends and insights, and my colleagues have already covered some of them. To see how your concerns stack up against your peers, download the survey report from our website.

Add comment