The global business environment is riskier than in previous years, but many organizations are not devoting additional time or resources to risk management over the next 12 months, according to a new global survey.
Each of the top 10 risks’ perceived impact for 2017 grew compared with the previous year, according to respondents in a survey by consulting firm Protiviti and the North Carolina State University Enterprise Risk Management Initiative.
The survey polled 735 board members and executives – 407 from the United States and 328 from other regions – on 30 risks facing their organizations. The top risks, and their rating on a 10-point scale of impact, are:
A year ago, regulatory changes and scrutiny edged out economic conditions on the list of top risks because of a higher percentage of “potential impact” ratings, which is a rating of six or higher on the scale. This year, economic conditions pulled ahead, with 72% of respondents saying the economy would have significant impact. Regulation, labeled a significant risk by 66% of respondents, also was a top risk in the 2015 survey, and concerns about regulatory requirements are often listed as the top challenge facing U.S. businesses in a quarterly survey of finance executives by the AICPA.
The likelihood that organizations will devote additional resources to risk management has dipped for the second consecutive year, though the decrease was slight. On a 10-point scale, where 1 is “unlikely to make changes” and 10 is “extremely likely to make changes,” the 2017 rating is 6.0, down from 6.2 in 2015 and 6.1 in 2016.
Yet, the ratings went up when executives were asked about the magnitude and severity of risks they expected to face: 6.2 in 2017, compared with 6.1 in 2016 and 6.0 in 2015. That 10-point scale had 1 as “extremely low” and 10 as “extensive.”
The survey said that finding, that the magnitude and severity of risks is rising but possible responses seem to be dropping, could indicate that organizations are facing resource constraints or are satisfied with the sufficiency of prior-year investments in risk management.
CFOs and CEOs see a riskier environment relative to other management members, rating each of the 30 risks 4.5 or higher on the survey’s 10-point scale. Chief information officers rated the most risks, 12, as having significant impact. On the other hand, board members rated 18 of 30 risks as having less significant impacts.
Five of the top 10 risks are operational risks, three are strategic risks, and two are macroeconomic in nature.
—Neil Amato (firstname.lastname@example.org) is a JofA senior editor.