The risk landscape for companies becomes trickier to navigate every year. As risk management teams face ever more sophisticated data breaches and threats to information security, organizational leaders face increasing demands to make robust risk management policies.
Risk management teams face significant challenges in identifying the risks that are most likely to affect the business adversely, and in allocating available resources to address them effectively. In an effort to identify where some of the biggest risks may be in 2020, we polled risk management professionals in a handful of surveys last fall. The first survey took place during risk management conferences, and the second survey we distributed electronically to our risk management contacts between November and December 2019.
We wanted to learn the main points of concern for risk management teams — the biggest roadblocks they face, and how they prioritize their efforts to deal with their challenges. Respondents represented several job categories, including CFOs and controllers, internal audit and risk professionals; and owner and CEOs. They also represented a variety of industries, including not-for-profit and education; manufacturing and distribution; professional services; construction; and financial services. Our survey results may help you identify some key priorities for your organization in 2020.
Top Risks
It’s no surprise that “cyber” risks were the greatest concern: in both surveys, respondents named “data and cybersecurity” as their top risks. In the risk management conference survey, respondents also listed risk management, privacy, and skilled employees as their biggest risks. Electronic survey respondents named skilled employees and regulation and legislation as their next biggest points of concern.
Innovation and market share, business community/disaster recovery, and cost overruns and cash flow bottomed out the list. Given those results, organizations may be putting more of their risk management resources behind their information security efforts in 2020.
Current Risk Prevention Strategies
Organizations are most often using assessments and frameworks to monitor their risks, but more than 45% of the responses in the electronic survey indicated risk management teams were aware that they either lacked coverage in some areas and 9% of respondents admitted their approach needs major improvement.
Risk Management Hurdles
So, what stands in the way between what risk management teams want to do and achieving those risk management objectives? For risk management conferences attendees, the biggest obstacle was technology followed closely by cost, then manpower, and knowledge. In the electronic survey, the top responses were cost and personnel each at 36%, followed by knowledge (27%).
Keeping the CEO or CFO informed about how new technologies can reduce risks and costly fixes can make it easier to justify increasing the budget to cover new tools and hire the skilled employees who will use them.
Improvements to Risk Management
We wanted to know what organizations wanted to do to improve their risk management. For the conference attendees, two responses topped the list: information technology and security and internal audit and compliance. Responses in our second survey were quiet different; more than half of the respondents said they needed more education for board and key personnel. Other improvements the respondents cited included benchmarking and risk management consulting and creating strategic internal audit objectives.
For 2020, risk management teams cited a range of plans for their risk management approach. Nearly one-third of respondents indicated they would stay the course with their strategy. Nine percent said they would evaluate the use of new technology, including AI, machine learning, and data analytics. An additional 27% said they would make updates to existing technology, and 36% said they would add additional internal risk management resources.
Emerging Developments
When asked what new developments they were keeping an eye on, respondents in both surveys most often cited data analytics. Organizations are strongly interested in data analytics as a way to add efficiencies into risk management processes. Other responses included cybersecurity laws, industry trends, AI and expanding technology, and internal audit changes.
Takeaways
Using risk management resources effectively is a challenge for a company in any industry. As cyber threats and technologies rapidly evolve, companies are challenged to find the best ways to protect their data and privacy. Cost is always a concern, but to meet the challenge, it is critical to invest in up-to-date technology and to hire skilled employees to manage it.
For more information about how you can improve your organization’s risk management, please contact us.
Related Reading