Risk Realities and Enterprise Risk Management in 2020

Jim DeLoach, Managing Director Host, The Protiviti View

Uncertainty and opportunity are two familiar bywords of the digital age. An ever-changing and disruptive marketplace provides an abundance of opportunities, but it also creates proliferating risks which can upend any organization whether it chooses to pursue those opportunities or not. And that is what’s especially fascinating about the digital age: There is risk to taking decisive action to transform the business AND there is risk to clinging to the status quo. The operative phrase is, simply, “choose your pain.” It is just a question of which side of the wave of disruption a business chooses be on.  

As the 2020 Executive Perspectives on Top Risks makes clear, enterprise risk management (ERM) continues to be central to navigating the current turbulent marketplace. The study, a joint project by Protiviti and NC State University’s ERM Initiative, revealed two overarching themes among C-suite executives and board members: (1) the difficulties of finding and retaining talent while preserving a culture that serves as a magnet for that talent, and (2) the related task of staying at the edge of technology and innovation.

Everyone knows that not keeping up with emerging transformative technologies and disruptive innovation can be the death knell to a firm’s prospects in the digital economy. One need only read the headlines regarding obsolete brick and mortar business models, companies losing touch with evolving customer preferences and organizations losing market share due to failure to innovate, to find continuing proof of this. But the risk of not having an agile and skilled workforce, one that can embrace and deploy the emerging technologies so vital to business success today, is trending equally high. Both of these themes present realities that showed up consistently at the top of the 2020 risk universe in our study.

Adding urgency to these two themes is a growing unease about economic conditions. In the previous year’s survey, the economy failed to even make it on the top ten risk lists. In this year’s report, however, the economy rocketed all the way up to the number two spot, thanks to sluggish global growth and volatility in the stock markets in the period leading up to the time we conducted our survey. The economy has since picked up, after our survey was concluded late last year, but the markets are tanking again due to declining economic activity as the coronavirus commands the stage. All this points to an economy that is like a swinging pendulum, and business leaders conveyed in our study that they are leery of a possible recession.  

Taken as a whole, the report highlights the need for organizations to re-examine their approach to ERM. The world is changing so dynamically that risk and the management of risk means much more than simply reducing insurable risks, managing safety on the shop floor, containing environmental exposures and capping currency losses. It even extends beyond introducing new products or entering new markets. For in the digital age, it involves re-imagining processes, disrupting business models and even re-inventing the organization itself. That means the concept of risk culture itself requires a fresh look.

Senior executives would be well-advised to assess whether their organization is poised to undertake these challenges. And if they have begun the process, they might want to do an in-depth analysis of their progress.

As an aid, we offer a list of questions that provides a bird’s-eye view of where your organization is in terms of ERM and where it needs to go. (A more comprehensive compilation for deeper consideration is available in the survey report.) Here is a starter list:

Impact of Leadership and Culture

  • Is our leadership’s support for robust risk management evident across the organization?
  • Do we have an accurate read on how our culture is affecting our organization’s approach to risk management?
  • Do we have a “speak up” culture that encourages transparency and sharing of bad news?

Robust Risk Management

  • Is our risk management process well-defined, repeatable and understood by stakeholders?
  • Is there a process for identifying emerging risks? Does it allow sufficient time for management to consider response plans to these risks?
  • Does our management dashboard system include robust key risk indicators that enable our leadership team to monitor shifts in risk trends?

Comprehensive Focus

  • Does our ERM approach provide critical inputs to the strategic planning process?
  • Does our assessment of risk consider a sufficiently long time horizon?
  • Does our risk assessment process consider extreme as well as plausible scenarios?

Clear Accountability for Managing Risk

  • Do we have effective risk response plans with specific risk owners assigned?
  • Do we consider the impact of major decisions on the organization’s risk profile?
  • Is the board involved sufficiently and timely in major decisions, such as acquisitions, new markets and innovative technologies?

Risk Communications

  • Does management inform the board of the results of risk assessments in a timely manner?
  • Are significant risk issues elevated to the board’s attention promptly?
  • Do directors have an in-depth understanding of the organization’s response to the most critical enterprise risks?

Benchmark and Gut Check

Looking forward, these are the types of questions that can help organizations assess the level and adequacy of their risk management approach and enable them to spot improvement opportunities. An extended look at our survey report should provide additional insights and food for thought. Not only can it serve as a benchmark for how an organization’s concerns align with those of leading companies around the world, it can also be a useful gut check on where the organization’s approach to managing risk may be falling short in the digital age.

Read additional posts on The Protiviti View related to Top Risks.

1 comment