Risk maturity lags behind developing threats

Regulatory risk and economic uncertainty have topped a poll conducted by the consultancy Protiviti as the top threats according to executives for 2020. Regulatory risk was seen as the biggest overall risk with 70% of respondents to the survey rating this strategic threat as significant (Executive perspectives on top risks 2020).

“The overarching issue relates to perceived concerns about how all types of regulatory requirements and oversight seem to be expanding in multiple areas that may lead to even greater disruptions in business models and constrict companies’ ability to innovate in certain areas,” said the report. “Expanding rules as to what is acceptable business practice are impacting all types of organisations, even those in nonregulated industries.”

Regulations relating to privacy, product development and approval, the environment, social issues have been changing globally, at the same time that broader governance expectations have grown. Many of these rules impact businesses that undertake cross-border trade.

Shifting sands

“In addition, volatility in geopolitical views related to trade and tariff policies is leading to heightened awareness of what may seem like shifting sands in the rules and regulations organisations must monitor and obey. In effect, the regulatory climate adds uncertainty to an already disruptive business environment,” the authors concluded.

While economic volatility had been languishing in eleventh place in last year’s survey, this year it jumped to number two in the risk rankings. Despite the fact that the overall global economy seems to be performing well, executives taking part in the survey doubt whether the current situation will continue throughout 2020. “Concerns about the economy are in the top five list of risks for all regions of the world, except for organisations based in North America,” the report noted.

Improving risk management

While businesses tend to understand the nature of the threats they face, the executive of risk management could be improved significantly, according to a recent ISACA report State of enterprise risk management 2020.

The survey found that the more senior a person was in the organisations surveyed, the more aware of risk they were. “This is positive news, because a lack of appropriate understanding of risk can be a barrier to ensuring that an enterprise takes appropriate action to address that risk,” the report said. This awareness, though, did not always translate into effective risk management practices.

Most organisations have implemented the basic risk management processes, including carrying out risk assessment (85 per cent of respondents) and identifying risks (81 per cent of respondents). But the ongoing measurement and tracking of risks tends to be less developed in the organisations surveyed, with the ability of businesses to forecast new risks remaining a challenge.

“Although more than half of respondents indicate that their enterprises are in the upper portion of the maturity spectrum (i.e., defined or higher), it is noteworthy that enterprises realise that risk is increasing and have a high degree of awareness for the risk that their enterprises face, but they do not have a higher maturity of risk management processes in place,” said the report. “These results show the opportunity for improvement in the way that enterprises assess, track and manage their risk overall and a global need for improvement of risk management maturity.”

Organisations in the financial services sector must now appoint a chief risk officer to help them improve their firms’ risk maturity. Other sectors are following suit, with the IRM recently publishing free guidance on how to make such an appointment.

 

  • About Enterprise Risk Magazine

    Enterprise Risk Magazine is the leading quarterly title for risk managers and enterprise risk, with a print circulation of over 5,500.

    Enterprise Risk is published on behalf of the Institute of Risk Management (IRM). The majority of IRM members receive their copy of Enterprise Risk at their home address, meaning the title... Read more
  • Categories

  • Tags