Enterprise Risks: The Pandemic, and Beyond
Surprising exactly no one, the top worries this year among corporate leaders are the pandemic and its economic consequences. So says Protiviti’s annual report on top enterprise risks, although the report does also flag a few other concerns that corporate audit and risk managers may want to consider.
The top risk for 2021, according to Protiviti’s survey of nearly 1,100 corporate board directors and senior executives around the world, is that pandemic-related policies and regulation might curtail growth. In second place are fears that poor economic conditions might constrain growth; and in third are fears that pandemic-related market conditions might reduce customer demand.
Only after those three pandemic-related risks did survey respondents get to the usual concerns like cybersecurity, regulatory change, struggles to adopt digital technologies, and the ability of older, larger organizations to compete against “born digital” rivals. See Figure 1, at right, for the top 10 risks this year.
Comparing this year’s list to last year’s is quite the jolt. The top risk cited one year ago was the impact of regulatory change on operational resilience, products, and services; which dropped to seventh place this year. Indeed, almost all the risks cited in last year’s survey related to regulatory oversight or digital transformation.
Then, three months after that 2020 report, the pandemic arrived. It shoved those regulatory and digital concerns down the priority list, and shifted the focus of those risks to be much more about operations. As Protiviti said in its report:
The top 10 list for 2021 is dominated by operational risk concerns, as current conditions have turned organizational operations upside down. Executives are concerned about the safety and relevance of their personnel and the sustainability, security, and reliability of their systems and operating infrastructures that have been affected by the realities of conducting business in the current constrained environment.
What does that mean in a practical sense for chief audit executives, working their way through an enterprise risk assessment? Protiviti raises two interesting points in its report.
First, the pandemic’s swift arrival and disruption means businesses must be more risk-aware: better able to detect emerging risks early, and then respond to them quickly. Somewhat counter-intuitively, however, that also means that businesses must move even more briskly into digital transformation — because that’s what allows for better risk detection and agile response.
As Jim DeLoach, a Protiviti managing director and author of the report, put it: “Digitally mature companies with an agile workforce were ready when COVID-19 hit, and are the ones best positioned to continue to ride the wave of rapid acceleration of digitally driven change through the pandemic and beyond.”
Enterprise Risks in 2030
This year Protiviti also did a thought experiment, asking those same 1,100 corporate titans what they expected the top enterprise risks to be in 2030. Those risks (see Figure 2, at right) are much more in line with what we’ve seen in previous years’ reports.
First, this means the survey respondents don’t see the pandemic as a long-term problem that will dog the world for years. That’s welcome news, although not terribly surprising.
Second, this does mean that business executives around the world continue to worry about the same basic challenge: their organization’s ability to respond to the mega-trends affecting business and the world. If audit and risk executives want to keep adding value to their organizations, they would do well to keep that challenge in mind.
The mega-trends themselves are generally well-known and slow moving: climate change, automation technology, aging populations, water scarcity, 5G networks, and so forth. The more relevant question for audit and risk professionals, working at specific organizations, is how good you are at detecting specific risks that might arise from those mega-trends — and then, how good are you at reorienting business operations in response?
For example, we all know that global warming is leading to more instances of extreme weather events. So how good are you at assessing your organization’s vulnerability to extreme weather events, and drawing up contingency plans to continue operations when a weather disaster strikes? You’d need expertise in everything from supply chain management (to identify critical warehouses or suppliers) to redundant IT systems (to let everyone work remotely when wildfires burn them out of their homes).
Lots of large organizations do have that expertise. Lots of others don’t, but they’ll probably need it by 2030.
Likewise, we all know that advances in artificial intelligence and robotics will decimate the manufacturing workforce, while demand for highly skilled tech employees will continue to soar. How will your business navigate those workforce development challenges?
Or how will you identify specific advances in those fields that might render your products and business models obsolete? How will you monitor those risks? How will you hire the right people in operations and risk management so they can work together to identify those threats and opportunities?
And so forth and so on. Those are the issues that worry your boards and CEOs over the long term. The pandemic might hog the enterprise risk spotlight right now, but as the Protiviti survey also reminds us — some things are eternal.