For the fourth year in a row, board members and corporate executives are concerned about regulatory change and heightened scrutiny from industry watchdogs, this is according to a recent annual risk survey, which polled 535 board members and top executives around the world. While key stakeholders are looking for greater transparency about risk management, implementing an effective framework remains a challenge.
The report, “Executive Perspectives on Top Risks for 2016” produced by Protiviti and the Enterprise Risk Management (ERM) Initiative at North Carolina State University’s Poole College of Management, identified the significant risk issues that companies may face in the coming year.
“Interestingly, we found boards of directors, CEOs and other members of the executive team report differing views of the top risk exposures facing their organizations,” said Dr. Mark Beasley, Professor and Director, ERM Initiative. “The level of impact of risk concerns among board members is noticeably less risky compared to the executive team, who see the outlook for the next 12 months as more risky. These findings suggest there is a strong need for discussion and dialogue between management and the board to ensure the organization is focused on the right emerging risk exposures.”
Meanwhile, respondents are “highly concerned” over the impact of potential cyber breaches and privacy risks in general. According to the survey, there is a lack of conversation around lessons learned in this area, and there likely isn’t a board or executive committee meeting that addresses a company’s vulnerabilities and performance against cyber threats.
Other key findings in the report include:
- Regulatory change and heightened regulatory scrutiny: For the majority of organizations, this risk continues to represent the top overall risk for the fourth consecutive year. About 60 percent of those polled rated this as a “Significant Impact” risk.
- Economic conditions in domestic and international markets: This risk level is slightly elevated when compared to the two prior years. Similar to concerns about regulatory scrutiny, 60 percent of respondents rated this as a “Significant Impact” risk. Interestingly, this was rated as the top risk by both boards of directors and CEOs and ranked among the top five risks for all other executives except chief audit executives.
- Concerns about cyber threats disrupting core operations: With little surprise, this risk is again a top five concern for 2016, as well as the top operational risk overall and for the largest organizations.
- Succession challenges and the ability to attract and retain talent: This risk is especially prevalent for smaller organizations (those with revenues under $1 billion), likely triggered by a tightening labor market (though the decline in unemployment rates has been relatively modest), and the respondents’ perception that significant operational challenges may arise if organizations are unable to sustain a workforce with the skills and expertise needed for growth.
- Privacy and identity protection: Respondents ranked this risk as a top five risk concern for the first time in 2016. The inclusion of this risk into the top five is consistent with the increasing number of reports of hacking scandals and growing concern over protecting personally identifiable information.
Click here to download the report.
More on this topic
Here’s a roundup of top stories and ideas from Ethisphere’s 8th Annual Global Ethics Summit.