Regulatory Scrutiny, Economic Conditions and Cyber Threats Rank as Top C-Suite Risks

security leadership responsive default security

More organizations are realizing that additional risk management sophistication is warranted given the fast pace in which complex risks are emerging, according to results of the fourth annual joint survey assessing the current risk environment by global consulting firm Protiviti and the Enterprise Risk Management (ERM) Initiative at the North Carolina State University Poole College of Management.

The survey, "Executive Perspectives on Top Risks for 2016," summarizes the concerns of 535 board members, C-suite and other top-level executives around the world and across industries. In the survey, respondents rate the significance of 27 risk issues for the coming year, spanning three risk categories: macroeconomic, strategic and operational.

Regulatory change and heightened regulatory scrutiny is the number one risk cited by survey respondents for the fourth consecutive year, highlighting its dominance on the minds of board members and executives worldwide. The majority (60 percent) of respondents believe this risk will continue to have a significant impact on their organizations, indicating business executives remain highly concerned about the effect of the regulatory landscape on their strategic direction.

The top 10 risks identified in the annual board member and executive risk survey, along with the percentages of respondents who identified each risk as having a “significant impact” on their business, include:

1. Regulatory changes and regulatory scrutiny may heighten, noticeably affecting the manner in which products or services will be produced or delivered (60 percent)
2. Economic conditions in markets currently served may significantly restrict growth opportunities for the organization (60 percent)
3. The organization may not be sufficiently prepared to manage cyber threats that have the potential to significantly disrupt its core operations and/or damage its brand (57 percent)
4. The organization’s succession challenges and ability to attract and retain top talent may limit its ability to achieve operational targets (52 percent)
5. Ensuring privacy/identity management and information security/system protection may require significant resources for the organization (53 percent)
6. Rapid speed of disruptive innovations and/or new technologies within the industry may outpace the organization’s ability to compete and/or manage the risk appropriately, without making significant changes to its business model (51 percent)
7. Resistance to change may restrict the organization from making necessary adjustments to the business model and core operations (49 percent)
8. Anticipated volatility in global financial markets and currencies may create significantly challenging issues for the organization to address (50 percent)
9. The organization’s culture may not sufficiently encourage the timely identification and escalation of risk issues that have the potential to significantly affect core operations and achievement of strategic objectives (45 percent)
10. Sustaining customer loyalty and retention may be increasingly difficult due to evolving customer preferences and/or demographic shifts in the organization’s existing customer base (46 percent)

“The results of our latest survey show that key stakeholders’ expectations regarding the need for greater transparency about the nature and magnitude of organizations’ risks continue to be high,” said Patrick Scott, Protiviti EVP of Industry Groups.

“Pressures from boards, volatile markets, intense competition, demanding regulatory requirements, new technologies and other dynamic forces are leading to increasing calls for management to design and implement effective risk management capabilities to identify and assess organizations’ key risk exposures, with the goal of reducing them to an acceptable level,” said Jim DeLoach, a managing director with Protiviti.

Two new risks made it onto this year’s top 10 list: the rapid speed of disruptive innovations and/or new technologies within the industry (#6) and anticipated volatility in global financial markets and currencies (#8). These newly identified concerns bumped two former risks off the top 10 list: concern over the ability to manage an unexpected crisis that could impact reputation (#8 in 2015) and the ability to meet performance expectations relative to competitors (#10 in 2015).

“Interestingly, we found boards of directors, CEOs and other members of the executive team report differing views of the top risk exposures facing their organizations,” said Dr. Mark Beasley, Deloitte Professor of Enterprise Risk Management and NC State ERM Initiative director. “The level of impact of risk concerns among board members is noticeably less risky compared to the executive team, who see the outlook for the next 12 months as more risky. These findings suggest there is a strong need for discussion and dialogue between management and the board to ensure the organization is focused on the right emerging risk exposures.”

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

A head of state needs heart surgery at your facility. High-profile members of a national sports team are getting updated vaccinations. What do you do when you get the call?