Executive Perspectives on Top Risks for 2016
Transcript of Executive Perspectives on Top Risks for 2016
Executive Perspectives
on Top Risks for 2016
Presenters: Mark Beasley, Pat Scott, Jim DeLoach
March 23, 2016 – 3:00 pm U.S. Eastern Time
© 20162
Following the webinar, all attendees will receive a link to a copy of the presentation and recording.
The survey report is available under the “Resource List” on the left of the presentation module.
During the webcast, you can ask questions using the Q&A function.
There will be a Q&A session at the end of the webinar.
If you are having trouble hearing the audio through the computer, separate phone lines are available.
A Reminder
© 20163
We offer one (1) CPE credit for this presentation.
To be eligible to receive these credits, ensure to answer (4 out of) the five (5) polling questions
throughout the duration of this webinar.
We also appreciate receiving your feedback via the CPE Course Evaluation Form.
(Available under “Resource List”).
You can return this evaluation form to Esther Veenhuizen at Protiviti via:
e-mail: [email protected] or fax : (+1) 212-708-6479
CPE Credits
© 20164
To get an idea of our audience that is currently attending our live webinar,
we’d like to ask you – in which area of your organization are you currently
working?
a) Board or Executive Management
b) Line of Business
c) Compliance
d) Risk Management
e) Internal Audit
f) Other
Polling Question #1
© 20165
Today’s Presenters
Mark S. Beasley is the Deloitte Professor of Enterprise Risk Management and Director of North
Carolina State’s Enterprise Risk Management (ERM) Initiative, which provides thought leadership
about ERM practices and their integration with strategy and corporate governance.
Mark recently completed over seven years of service on the board for the Committee of
Sponsoring Organizations of the Treadway Commission (widely known at COSO). He is a
frequent speaker at national and international conferences on ERM, internal controls, and
corporate governance, including audit committee practices and frequently works with boards of
directors and senior executives on risk oversight issues. He received a BS in accounting from
Auburn University and a Ph.D. from Michigan State University. Visit www.erm.ncsu.edu.
Pat Scott is Protiviti's executive vice president, global industry and client programs. He oversees
and coordinates the efforts of the Industry Program leadership, as well as guides the strategy for
the program, which encompasses seven industries. Scott also leads Protiviti’s client cornerstone
and account management program, ensuring delivery on our promise to our clients and helping
serve the complex needs of Protiviti’s largest clients around the world.
He previously served as regional managing director for the Central United States. He is an
experienced consultant with more than 25 years of experience delivering internal audit solutions
to clients in a variety of industries. Prior to joining Protiviti as a founding managing director, he
was a partner at Arthur Andersen. Scott holds a bachelor’s degree from Purdue University. He
is an active member of the American Institute of Certified Public Accountants (AICPA) and
Institute of Internal Auditors (IIA).
© 20166
Today’s Presenters
Jim DeLoach has more than 35 years of experience and is a member of the Protiviti Solutions
Leadership Team. His market focus is on helping organizations integrate risk management with
strategy setting, business planning and performance management. Jim serves as a member of
Protiviti’s Solutions Leadership. He was one of 25 recipients of the “Consultant of the Year”
award from Consulting Magazine in 2011. In each of the last four years, he was named to the
National Association of Corporate Directors’ Directorship 100 list, recognizing him as one of the
100 most influential governance professionals in the boardroom community. He has served on
the COSO Advisory Council for almost 10 years, contributing to the development of the original
Enterprise Risk Management – Integrated Framework, the COSO Project on Monitoring, the
update to the Internal Control – Integrated Framework and, more recently, the update to the ERM
framework. He has worked with, and delivered numerous presentations to, hundreds of
companies and groups in 30 countries. He writes many Protiviti publications and publishes
monthly with NACD Directorship and Corporate Compliance Insights.
© 20167
Introduction
• Protiviti and North Carolina State University’s ERM Initiative surveyed 535 board
members and C-suite executives globally on risks likely to affect their organizations over
the next 12 months
• The survey provides perspectives on the potential impact of 27 specific risks across
three dimensions:
– Macroeconomic Risks: Likely to affect the organization’s growth opportunities
– Strategic Risks: Likely to affect the validity of the organization’s strategy for the
pursuit of growth opportunities
– Operational Risks: Likely to affect key operations of the organization in executing its
strategy
© 20168
Survey Methodology
• Respondents were asked to rate 27 individual risk issues using a 10-point scale:
− A score of 10 reflects Extensive Impact to the organization over the next year
− A score of 1 reflects No Impact at All
• Based on average scores, we categorized these risks into one of three classifications:
– Significant Impact: Risks with an average score of 6.0 or higher
– Potential Impact: Risks with an average score of 4.5 through 5.9
– Less Significant Impact: Risks with an average score of 4.4 or lower
© 20169
Survey Respondent Breakdown
Organization Size
Revenues $10 billion or greater 12%
Revenues $1 billion to $9.99 billion 48%
Revenues $100 million to $999.99 million 27%
Revenues less than $100 million 13%
Executive Position
Board Member 4%
Chief Executive Officer 8%
Chief Financial Officer 7%
Chief Risk Officer 27%
Chief Audit Executive 20%
Other C-Suite 11%
Industry
Financial Services 31%
Consumer Products and Services 22%
Manufacturing and Distribution 16%
Technology, Media and Communications 8%
Healthcare and Life Sciences 7%
Energy and Utilities 9%
Note: The balancing figures are for other respondent categories
© 201610
Key Findings
• Global business environment in 2016 perceived slightly more risky for organizations
than it was in in 2015, but not as risky as in 2014.
• The top 10 risks vary in nature – There are growing concerns about operational risk
issues.
• Regulatory change and heightened scrutiny is –again– top overall risk.
• Domestic and international economic conditions are raising concerns.
• Cyber threats disrupting core operations is again a top 5 concern for 2016.
• Boards of Directors, CEOs and other members of the executive team report differing
views of the top risk exposures facing their organizations.
• CEOs and CFOs perceive a riskier environment.
© 201613
My organization conducts a comprehensive risk assessment, at least
annually, that effectively delineates the critical enterprise risks from the day-
to-day business risks
a) Strongly Agree
b) Agree
c) Unsure
d) Disagree
e) Strongly Disagree
Polling Question #2
© 201614
#1 – Regulatory Risk
Regulatory changes and scrutiny may
heighten, noticeably affecting the manner
in which our products or services will be
produced or delivered
© 201615
#2 – Economic Conditions and #8 – Volatility in Global Financial Markets
Economic conditions in markets we
currently serve may significantly restrict
growth opportunities for our organization
Anticipated volatility in global financial
markets and currencies may create
significantly challenging issues for our
organization to address
© 201616
#3 – Cyber Threats and #5 – Privacy and Identity Protection
Our organization may not be sufficiently
prepared to manage cyber threats that
have the potential to significantly disrupt
core operations and/or damage our brand
Ensuring privacy/identity management and
information security/system protection may
require significant resources for us
© 201617
My organization has significantly increased efforts and resources around
protection against cyber attacks over the last year and I expect this trend to
continue over the next 12-24 months:
a) Strongly Agree
b) Agree
c) Unsure
d) Disagree
e) Strongly Disagree
Polling Question #3
© 201618
#4 – Succession and Retention Challenges
Our organization’s succession challenges
and ability to attract and retain top talent
may limit our ability to achieve operational
targets
© 201619
#6 – Disruptive Innovations and Technologies
Rapid speed of disruptive innovations
and/or new technologies within the industry
may outpace our organization’s ability to
compete and/or manage the risk
appropriately, without making significant
changes to our business model
© 201620
#7 – Resistance to Change
Resistance to change may restrict our
organization from making necessary
adjustments to the business model and
core operations
© 201621
#9 – Organization’s Culture
Our organization’s culture may not
sufficiently encourage the timely
identification and escalation of risk issues
that have the potential to significantly affect
our core operations and achievement of
strategic objectives
© 201622
#10 – Customer Loyalty and Retention
Sustaining customer loyalty and retention
may be increasingly difficult due to the
evolving customer preferences and/or
demographic shifts in our existing customer
base
© 201624
Analysis Across Industry – Top 5 Risks*
Risk Issues Overall FS CPS MD TMC HLS EU
Regulatory risk
Economic conditions
Cyberthreats
Succession/talent
Security/privacy
Rapid speed of
disruptive innovations
Resistance to change
Financial markets/
currencies
Organization’s culture
Customer
loyalty/retention
Healthcare reform
Significant Impact – Rating of 6.0 or higher Potential Impact – Rating of 4.5 – 5.99* Includes ties as well as differences among
industry groups
© 201625
As organizations evolve their risk governance practices, relevant and timely
information about emerging risks is key. Does your organization have
processes in place to proactively identify and assess emerging risks?
a) Yes (e.g., risk committee, scenario analysis, periodic executive team agenda
item, etc.)
b) I think so, but I’m not aware how these processes are organized or being
managed to ensure they are effective
c) Unsure
d) No
Polling Question #4
© 201627
Analysis Across Respondent Role – Top 5 Risks*
Risk Issues Overall Board CEO CFO CRO CAE CIO
Regulatory risk
Economic conditions
Cyberthreats
Succession/talent
Security/privacy
Rapid speed of disruptive
innovations
Resistance to change
Financial markets/
currencies
Organization’s culture
Customer loyalty/retention
Sovereignty risk/political
gridlock
Organic growth
Outsourcing/strategic
sourcing
Uncertainty in supply chain
* Includes ties as well as differences among
industry groups
© 201629
Analysis Across Organization Size – Top 5 Risks
Risk Issues Overall$10B or
Greater
$1B –
$9.99B
$100M –
$999.99M
Less than
$100M
Regulatory risk
Economic conditions
Cyberthreats
Succession/talent
Security/privacy
Rapid speed of disruptive
innovations
Resistance to change
Financial markets/
currencies
Organization’s culture
Customer loyalty/retention
Crisis management
Significant Impact – Rating of 6.0 or higher Potential Impact – Rating of 4.5 – 5.9
© 201630
How confident are you that all executive stakeholders who should be
engaged in the risk assessment process in your organization are
participating in the process?
Rank on a scale from 1-5 with 5 being highly confident and 1 being not at all
confident:
a) 1
b) 2
c) 3
d) 4
e) 5
Polling Question #5
Thank you!For more information and to download the full report
Executive Perspectives on Top Risks in 2016
visit:
www.protiviti.com/toprisks
and
www.erm.ncsu.edu