Regulation still reigns as top risk for 2016


By Ken Tysiac

Uncertain economic conditions and pervasive, damaging cyber-threats did not prevent regulation from remaining the most worrisome risk for organisations, a new survey shows.

For the fourth straight year, regulatory change and heightened scrutiny was ranked as the No. 1 risk by board members and executives in global survey results announced Tuesday by consulting firm Protiviti and the North Carolina State University Enterprise Risk Management Initiative.

The survey polled 250 respondents in the United States and 285 outside the United States about the impact of 27 risk issues facing their organisations. The most pervasive risks, along with the percentage of respondents who said the risks will have “significant impact” in their organisation in the next year, were:

  • Regulatory changes and scrutiny, 60%.
  • Economic conditions, 60%.
  • Cyber-threats, 57%.
  • Privacy/identity management and information security, 53%.
  • Succession challenges and ability to attract and retain top talent, 52%.
  • Rapid speed of disruptive innovations and new technologies, 51%.
  • Volatility in global financial markets and currencies, 50%.
  • Resistance to change operations, 49%.
  • Sustaining customer loyalty and retention, 46%.
  • Organisation’s culture may not encourage timely identification and escalation of issues, 45%.

Regulatory changes and scrutiny rated slightly higher on the risk scale than economic conditions because of a higher percentage of “potential impact” ratings.

New to the top ten list were the rapid speed of disruptive innovations and new technologies, and volatility in global financial markets and currencies. Exiting the top ten were two 2015 top-ten risks: concern over the ability to manage an unexpected crisis that could affect reputation, and the ability to meet performance expectations relative to competitors.

Mark Beasley, CPA, director of N.C. State’s ERM Initiative, said executive team members see the next 12 months as more risky than board members do.

“These findings suggest there is a strong need for discussion and dialogue between management and the board to ensure the organisation is focused on the right emerging risk exposures,” Beasley said in a news release.

Ken Tysiac (ktysiac@aicpa.org) is a CGMA Magazine editorial director.