The first is Executive Perspectives on Top Risks for 2013, Key Issues Being Discussed in the Boardroom and C-Suite, conducted and reported by North Carolina State University’s ERM Initiative at the Poole College of Management and Protiviti Risk Management Consulting. They conducted a survey of 205 business executives about what risks were most likely to affect their organization in the near term. Respondent organization revenues ranged from over $10 billion to less than $100 million annually.
The survey asked about the potential impact of 20 risks within three domains – macroeconomic, strategic, and operational. Findings are nicely presented by organization size, level of person providing the information (e.g. board member, CRO, CEO), and industry sector. The top risks identified in the survey report are:
- Regulatory changes and heightened regulatory scrutiny (strategic);
- Economic conditions restricting opportunities (economic);
- Political uncertainty (economic);
- Organic growth through customer acquisition and/or enhancement (strategic);
- Succession challenges and talent retention (operational);
- Financial markets and currencies volatility (economic);
- Cyber threats (operational);
- Security and privacy protection (operational);
- Resistance to change (operational); and,
- Inability to meet performance expectations (operational).
The survey report presents a robust series of questions that executives and boards can ask to evaluate their risk assessment process.
The second survey was conducted by the Economist Intelligence Unit on behalf of KPMG International, and is titled Expectations of Risk Management Outpacing Capabilities – It’s Time for Action. This survey had 1,092 respondents, all of whom were C-level executives.
The greatest threats identified in the survey report were:
- Regulatory pressure/changes in regulatory environment;
- Reputational risk;
- Credit/market/liquidity risk;
- Geopolitical risk;
- Supply chain disruptions;
- Information security/fraud;
- Disruptive technology;
- Data governance and quality;
- Legal risk;
- IT infrastructure;
- Social media;
- Natural disasters; and,
- Climate change.
Both survey reports pose a series of questions to help executives and board members think about their risk assessment and management processes. Questions focused on regulatory pressures and changes in the regulatory environment, in the KPMG survey report, include – How can you take strategic advantage of regulatory changes? How can you obtain additional regulatory assurance with the same or fewer resources? Do we have a process to conduct a gap assessment when new regulations are issued?
The questions posed in both survey reports point to the kind of queries that are found within a risk management system that has common management system elements: a risk management policy that reflects risk appetite, tolerance, transfer (including a risk appetite statement); objectives; assessment/evaluation; internal auditing; controls; and management review that includes the board.
When these questions are asked on a regular basis, there will be increased confidence in the risk management process and its continual improvement.
© Redinger EHS, Inc. (2010)