Executive perspectives on top risks for 2016
April 2016 | EXPERT BRIEFING | RISK MANAGEMENT
Volatility in equity markets, falling oil prices, global terrorism, escalating healthcare costs, uncertainties in political regimes in certain parts of the world, disruptive technological innovation, expanding regulation and oversight, shifts in expectations about China’s economy and a strong US dollar. These and a host of other significant risk drivers are contributing to the risk dialogue in boardrooms and executive suites around the world.
Expectations of key stakeholders regarding the need for greater transparency about the nature and magnitude of risks undertaken in executing an organisation’s corporate strategy continue to be high. Pressures from boards, volatile markets, intense competition, demanding regulatory requirements, fear of catastrophic events and other dynamic forces are leading to increasing calls for management to design and implement effective risk management capabilities which will help identify and assess an organisation’s key risk exposures, with the intent of reducing them to an acceptable level. And risk is, and will always be, inherent in any strategy for creating enterprise value.
Top risks for 2016
A range of key issues are being discussed in the boardroom and the c-suite, a number of which are dominating the conversation. First and foremost is the concern that regulatory changes and scrutiny may heighten, noticeably affecting the manner in which products or services will be produced or delivered. There are also concerns that economic conditions in markets companies currently serve may significantly restrict growth opportunities for organisations.
Many organisations are concerned that they may not be sufficiently prepared to manage cyber threats that have the potential to significantly disrupt core operations or damage their brand. A further concern felt by many companies relates to their organisation’s succession challenges and their ability (or inability) to attract and retain top talent which may limit their ability to achieve operational targets. Companies are also concerned that ensuring privacy and identity management and information security and system protection may require significant resources.
The rapid speed of disruptive innovations and new technologies may outpace the ability of many organisations to compete or manage risk appropriately, without making significant changes to their business models. Furthermore, resistance to change may restrict organisations from making necessary adjustments to the business model and core operations. Anticipated volatility in global financial markets and currencies is another of 2016’s key risks; this volatility, many companies fear, may create challenging issues for organisations to address.
Organisations are also concerned that their culture may not sufficiently encourage the timely identification and escalation of risk issues that have the potential to significantly affect their core operations and achieve strategic objectives. Finally, companies are increasingly worried that sustaining customer loyalty and retention may be increasingly difficult due to evolving customer preferences or demographic shifts in existing customer bases.
We partnered with North Carolina’s State University’s ERM Initiative to conduct our third-annual Executive Perspectives on Top Risks Survey. The results of this fourth annual risk survey of directors and c-suite executives worldwide reveal the extent to which a broad collection of risks are likely to affect their organisations over the next year. More than 530 survey respondents from all over the globe rated the level of significance of 27 risk issues across three dimensions: (i) macroeconomic risks likely to affect their organisation’s growth opportunities; (ii) strategic risks the organisation faces that may affect the validity of its strategy for the pursuit of growth opportunities; and (iii) operational risks that might affect key operations of the organisation in executing its strategy.
Overall, the survey responses suggest a global business environment in 2016 that is slightly riskier for organisations than it was in 2015, but not as risky as 2014. Most respondents indicated their organisations are likely to invest additional resources toward risk management this year. This seems consistent with the view that expectations for more effective risk oversight continue to rise for most organisations. More organisations are realising that additional risk management sophistication is warranted given the fast pace in which complex risks are emerging.
Also, the top 10 risks overall vary in nature. There continue to be concerns about operational risk issues, with five of the top 10 risks representing operational concerns. Three of the top 10 risks relate to strategic risk concerns, with two related to concerns about macroeconomic issues. This year’s emphasis on operational risks is consistent with the 2015 results. This differs from the concern over strategic risks observed in 2013 and 2014.
With respect to the top five risks overall, regulatory change and heightened regulatory scrutiny, for the majority of organisations, continues to represent the top overall risk for the fourth consecutive year. Sixty percent of respondents rated this as a ‘significant impact’ risk.
In terms of economic conditions in domestic and international markets, this risk level is slightly elevated compared to the two prior years. Similar to concerns about regulatory scrutiny, 60 percent of respondents rated this as a ‘significant impact’ risk. Interestingly, this was rated as the top risk by both members of boards of directors and chief executive officers (CEOs) and ranked among the top five risks for all other executives except chief audit executives (CAEs). That these leaders appear to have uncertainty regarding the global economic climate is an important message
Another identified risk is cyber threats disrupting core operations. Unsurprisingly, this risk is again a top five concern for 2016, as well as the top operational risk overall and for the largest organisations. There also are concerns about the ability to adequately resource efforts needed to ensure information security on an ongoing basis. This is a concern across most sizes of organisations, and it is a particular concern for organisations in the financial services, technology, media and communications, and healthcare and life sciences industries.
The risk associated with succession challenges and the ability to attract and retain talent is especially prevalent for smaller organisations (those with revenues under $1bn), likely triggered by a tightening labour market (though the decline in unemployment rates has been relatively modest), and the perception of respondents that significant operational challenges may arise if organisations are unable to sustain a workforce with the skills and expertise needed for growth.
Privacy and identity protection was ranked as a top five risk concern by respondents for the first time in 2016. The inclusion of this risk into the top five is consistent with the increasing number of reports of hacking scandals and growing concern over the adequacy of resources to protect personally identifiable information.
Furthermore, there are growing concerns about the rapid speed of disruptive innovations and new technologies. The perceived impact of disruptive change is noticeably higher than the prior two years.
Boards of directors, CEOs and other members of the executive team reported differing views of the top risk exposures facing their organisations. The level of impact of risk concerns among boards of directors is noticeably less risky compared to members of the executive team, who see the outlook for 2016 as riskier, relative to their board peers.
On a global level, organisations see similar risks. Regardless of geographic location, they face challenges related to regulatory scrutiny, economic conditions and preparedness for cyber threats.
Among other notable findings, there are concerns about organisations’ resistance to change restricting needed adjustments to the business model, and anticipated volatility in global financial markets and currencies that may create significant challenging issues. With respect to the latter, this risk issue declined significantly in the prior year’s survey, and then increased significantly for 2016, reflecting fluctuating levels of concern with respect to volatility in financial markets and currencies.
Three of the top five risks for 2016 with the greatest increase in risk ratings from 2015 relate to operational risk concerns, while none of those risks increasing the most relate to strategic risk concerns. In contrast, two of those risks that decreased the most from 2015 to 2016 relate to strategic risk issues. While concerns about regulatory changes and regulatory scrutiny are decreasing, it is important to note that this risk still represents the top risk concern across all respondents for 2016.
Among the mix of types of risks, boards of directors identified only one strategic risk as a top five risk concern, with the remaining risks related to macroeconomic and operational risk issues. In contrast, CEOs identified strategic risk issues as three of their top five risk issues. Furthermore, other executives rated more operational risks in their top five lists of concerns relative to strategic and macroeconomic risks. This disparity in viewpoints emphasises the critical importance of both the board and management team engaging in risk discussions, given their unique perspectives contributing to an apparent lack of consensus about the organisation’s most significant emerging risks.
Consistent with survey results from prior years, the environment for the largest organisations appears to be the riskiest, relative to the other size categories. Concerns about operational risks were common among all sizes of organisations (although the specific operational risks differ), and concerns about those risks are generally higher for 2016 relative to 2015. These findings emphasise the reality that there is no ‘one size fits all’ list of risk concerns.
With respect to industry groupings, the healthcare and life sciences industry appears to be the industry with the highest overall level of risk concerns. Most of those concerns relate to strategic risk issues. Not surprisingly, respondents in the healthcare and life sciences spaced indicated the greatest increase, compared to other industry groupings, for 2016 in their overall impressions about the magnitude and severity of risks.
Both US and non-US based organisations identified regulatory issues, economic conditions and cyber threats among their top five risk concerns. US based firms rated more operational risks among their top risk concerns, while non-US firms only identified one operational risk as a top five concern. US based firms are more concerned about succession challenges and ensuring privacy and identity management, while non-US based firms are more concerned about anticipated volatility in global financial markets and currencies and the ease of entrance of new competitors.
Interestingly, respondents in the technology, media and communications and healthcare and life sciences industry groups reflect the most volatility in overall risk concerns. This is likely due to the uncertainty of rapid change in both industries, as well as increasing regulatory oversight.
Because of the rapid pace of change in the global business environment, executives and boards of directors can benefit from a periodic assessment of risks on the horizon to best position their organisations for a proactive versus reactive response to risks that may emerge and potentially impact their ability to execute their strategies to achieve profitability and funding objectives.
Jim DeLoach is a managing director at Protiviti. He can be contacted on +1 (713) 314 4981 or by email: firstname.lastname@example.org.
© Financier Worldwide