Risks posed by regulation remain the top concern for company executives and directors in 2015, according to a new survey report ranking the top 10 business risks.
Regulatory changes and heightened regulatory scrutiny was ranked as the No. 1 risk on the minds of board members and executives in an annual top-risks survey conducted by global consulting firm Protiviti and North Carolina State University’s ERM Initiative.
In each of the three years of the survey, regulatory risks has ranked No. 1. The new survey results, released Monday, reflect the views of 277 board members and executives on how risks are likely to affect their organizations over the next 12 months.
Economic conditions that may restrict growth ranked No. 2, and cyberthreats jumped from No. 6 to No. 3 in the rankings, reflecting the steady stream of news about breaches in an increasingly digital environment.
Jim DeLoach, CPA, a managing director with Protiviti, said new risks are emerging as well. Five new risks were added to the survey for consideration, and two of those made the top 10 list. One was focused on organizational culture and its ability to promote identification of risk concerns, and the other was focused on customer retention in a world of evolving customer preferences.
“We expect there will be increased oversight in these areas at the board level during the next year,” DeLoach said in a news release.
The top 10 risks, along with respondents’ average ranking of the risks’ impact on a scale of 1 to 10, were:
- Regulatory concerns. Regulatory changes and heightened regulatory scrutiny may affect the manner in which products or services will be produced or delivered (6.4).
- Economic conditions. Economic conditions in markets that are currently served may significantly restrict growth opportunities for organizations (5.7)
- Cyberthreats. Organizations may not be sufficiently prepared to manage cyberthreats that have the potential to significantly disrupt core operations and/or damage brands (5.7).
- Succession/recruiting. Organizations’ succession challenges and ability to attract and retain top talent may limit their ability to achieve operational targets (5.7)
- Organizations’ cultural response to risk. Organizations’ culture may not sufficiently encourage the timely identification and escalation of risk issues that have the potential to significantly affect core operations and achievement of strategic objectives (5.5)
- Aversion to change. Resistance to change may restrict organizations from making necessary adjustments to business models and core operations (5.4)
- IT security and privacy costs. Ensuring privacy/identity management and information security/system protection may require significant resources (5.4).
- Reputational risk preparation. Organizations may not be sufficiently prepared to manage an unexpected crisis significantly impacting reputation (5.3).
- Customer preference changes. Sustaining customer loyalty and retention may be increasingly difficult due to evolving customer preferences and/or demographic shifts in the existing customer base (5.2).
- Meeting performance expectations. Existing operations may not be able to meet performance expectations related to quality, time to market, cost, and innovation as well as competitors (5.2).
— Ken Tysiac is a JofA editorial director.