Board members and C-suite executives across industries perceive the global business environment in 2015 as somewhat less risky for organizations than in the past two years. In “Executive Perspectives on Top Risks for 2015,” consulting firm Protiviti and the Enterprise Risk Management Initiative at the North Carolina State Univeristy Poole College of Management found that this is far from bad news for risk managers, as organizations are actually more likely to invest additional resources for risk management. Internal challenges like succession, attracting and retaining talent, regulation and cybersecurity are drawing the most attention, according to the report.
“Our survey findings indicate that operational risk issues are keeping many senior executives up at night,” said Mark Beasley, Deloitte Professor of Enterprise Risk Management and NC State ERM Initiative director. Indeed, for the third consecutive year, regulatory changes and heightened regulatory scrutiny ranked as the number one risk on the minds of board members and corporate executives, with 67% indicating that it will “significantly impact” their organizations. More than half of global survey respondents indicated that insufficient preparation to manage cybersecurity threats is a risk that will “significantly impact” their organizations in 2015, pushing cyberrisk up three spots from last year to the third-greatest risk.
The Top 10 Risks for 2015
The top 10 risks identified in the annual risk survey, along with the percentages of respondents who identified each risk as having a “Significant Impact” on their business, were:
1. Regulatory changes and heightened regulatory scrutiny may affect the manner in which our products or services will be produced or delivered (67%)
2. Economic conditions in markets we currently serve may significantly restrict growth opportunities for our organization (56%)
3. Our organization may not be sufficiently prepared to manage cyber threats that have the potential to significantly disrupt our core operations and/or damage our brand (53%)
4. Our organization’s succession challenges and ability to attract and retain top talent may limit our ability to achieve operational targets (56%)
5. Our organization’s culture may not sufficiently encourage the timely identification and escalation of risk issues that have the potential to significantly affect our core operations and achievement of strategic objectives (51%)
6. Resistance to change may restrict our organization from making necessary adjustments to the business model and core operations (49%)
7. Ensuring privacy/identity management and information security/system protection may require significant resources for us (52%)
8. Our organization may not be sufficiently prepared to manage an unexpected crisis significantly impacting our reputation (46%)
9. Sustaining customer loyalty and retention may be increasingly difficult due to evolving customer preferences and/or demographic shifts in our existing customer base (48%)
10. Our existing operations may not be able to meet performance expectations related to quality, time to market, cost and innovation as well as our competitors (46%)
The survey also identified differing perceptions of the current risk environment between boards of directors and members of the executive team. CEOs and boards of directors reported more optimism about risk issues, while CFOs and chief audit executives perceived a more risky business environment.
“Given encouraging signs in the economy, we’ve observed an overall shift in focus from macroeconomic risks to operational risks, which had the greatest increase in risk scores from 2014.
Notably, however, CEO respondents remained extremely focused on macro trends affecting their business,” Beasley said.
Check out the infographic below for more of the study’s key findings: