The global business environment is riskier than in previous years, but many organisations are not devoting additional time or resources to risk management over the next 12 months, according to a new global survey.
Each of the top ten risks’ perceived impact for 2017 grew compared with the previous year, according to respondents in a survey by consulting firm Protiviti and the North Carolina State University Enterprise Risk Management Initiative.
The survey polled 735 board members and executives – 407 from the US and 328 from other regions – on 30 risks facing their organisations. The top risks, and their rating on a 10-point scale of impact, are:
A year ago, regulatory changes and scrutiny edged out economic conditions on the list of top risks because of a higher percentage of “potential impact” ratings, which is a rating of six or higher on the scale. This year, economic conditions pulled ahead, with 72% of respondents saying the economy would have significant impact. Regulation, labelled a significant risk by 66% of respondents, also was a top risk in the 2015 survey, and concerns about regulatory requirements are often listed as the top challenge facing US businesses in a quarterly survey of finance executives by the American Institute of CPAs.
The likelihood that organisations will devote additional resources to risk management has dipped for the second consecutive year, though the decrease was slight. On a 10-point scale, where 1 is “unlikely to make changes” and 10 is “extremely likely to make changes,” the 2017 rating is 6.0, down from 6.2 in 2015 and 6.1 in 2016.
Yet, the ratings went up when executives were asked about the magnitude and severity of risks they expected to face: 6.2 in 2017, compared with 6.1 in 2016 and 6.0 in 2015. That 10-point scale had 1 as “extremely low” and 10 as “extensive.”
The survey said that finding, that the magnitude and severity of risks is rising but possible responses seem to be dropping, could indicate that organisations are facing resource constraints or are satisfied with the sufficiency of prior-year investments in risk management.
CFOs and CEOs see a riskier environment relative to other management members, rating each of the 30 risks 4.5 or higher on the survey’s 10-point scale. Chief information officers rated the most risks, 12, as having significant impact. On the other hand, board members rated 18 of 30 risks as having less significant impacts.
Five of the top ten risks are operational risks, three are strategic risks, and two are macroeconomic in nature.
—Neil Amato (firstname.lastname@example.org) is a CGMA Magazine senior editor.