What to ask when evaluating your risk-assessment process


By Jack Hagel

Economic conditions, changes in regulatory oversight, and political uncertainty ranked among the top risks for organisations in 2013, according to a survey conducted by management consultancy Protiviti and North Carolina State University’s ERM Initiative.

Executive Perspectives on Top Risks for 2013, culled from a survey of more than 200 executives, outlined the key macroeconomic, strategic and operational risks facing organisations this year.

“High-impact risks vary by firm size and industry,” said Don Pagach, a North Carolina State University accounting professor, who presented the results Friday at the ERM Roundtable Summit in Raleigh, N.C. “And while this report lists the top risks, each firm must consider how these risks affect their organisations.”

Executives and boards of directors can benefit from a periodic assessment of risks on the horizon to position their organisations for a proactive response to emerging risks, the report said.

The report suggested questions that executives and boards could consider as they evaluate their risk-assessment processes:

  • Is management periodically evaluating changes in the business environment to identify the risks inherent in the corporate strategy? Is the board sufficiently involved in the process, particularly when such changes involve acquisition of new businesses, entry into new markets, the introduction of new products or alteration of key assumptions underlying the strategy?
  • Does management apprise the board in a timely manner of significant risks or significant changes in the organisation’s risk profile? Is there a process for identifying emerging risks? Does it result in consideration of response plans on a timely basis?
  • Is the board aware of the most critical risks facing the company? Does the board agree on why these risks are significant? Do directors understand the organisation’s responses to these risks? Is there an enterprise-wide process in place that directors can point to that answers these questions, and is that process informing the board’s risk oversight?
  • Is there a periodic board-level dialogue regarding management’s appetite for risk and whether the organisation’s risk profile is consistent with that risk appetite? Is the board satisfied that the strategy-setting process appropriately considers a substantive assessment of the risks the enterprise is taking on as it formulates and executes its strategy?

The top 10 risks

Participants in the report were asked to rate a list of 20 risk issues on a scale of one to 10, with one indicating “no impact” and 10 indicating “extensive impact.” The top risks were:

  1. Regulatory changes and heightened regulatory scrutiny may affect the manner in which our products or services will be produced or delivered (6.8).
  2. Economic conditions in markets we currently serve will significantly restrict growth opportunities for our organisation (6.5).
  3. Uncertainty surrounding political leadership in national and international markets will limit growth opportunities (6.0).
  4. Organic growth through customer acquisition and/or enhancement presents a significant challenge (5.5).
  5. Succession challenges and the ability to attract and retain top talent may limit our ability to achieve operational targets (5.5).
  6. Anticipated volatility in global financial markets and currencies will create challenging issues for our organisation to address (5.4).
  7. Cyberthreats have the potential to significantly disrupt core operations for our organisation (5.4).
  8. Ensuring privacy/identity management and information security/system protection will require significant resources for us (5.4).
  9. Resistance to change will restrict our organisation from making necessary adjustments to the business model and core operations (5.2).
  10. Our existing operations may not be able to meet performance expectations related to quality, time to market, cost and innovation as well as our competitors (4.9).

Related CGMA Magazine resources

Five Emerging Strategies for Coping With Unknown Risks”: Unknown, complex risks that often are outside the executive team’s control increasingly threaten companies. Here are five strategies for battling those unknown risks.

Corporate Professionals’ List of Risk Factors Is Expanding”: A survey of North American corporate financial professionals pinpointed financial risks as the primary driver of earnings uncertainty. Regulatory changes, natural catastrophes and the ups and downs of the economy were also troubling.

Jack Hagel (jhagel@aicpa.org) is the editorial director of CGMA Magazine.

Don't miss out on additional news and features from CGMA Magazine.
Sign up for our free e-newsletter.