In a year full of disruption and change, one thing remains the same – the existence of risk. While the types of risks we face may evolve and the perceived likelihood and impact may change, organizations will continually be faced with the need to identify, assess and manage risks in order to effectively achieve their objectives and initiatives. The Institute of Internal Auditors (IIA) recently released its report OnRisk 2021: A Guide to Understanding, Aligning and Optimizing Risk, which provides perspective from key members of risk management functions and offers insight on potential areas of focus over the next year.
OnRisk 2021 was developed from qualitative interviews conducted with 90 professionals to capture viewpoints of the boardroom, C-suite and chief audit executives. This data was further supplemented by results from a quantitative survey conducted with 348 chief audit executives. Results were analyzed to draw conclusions on how the three roles aligned, both regarding the risks that exist within organizations and how well-equipped those organizations are to manage the threats. Several key insights resulted from the report.
Top 11 Risks
The following were identified as the top 11 risks that organizations have identified are top of mind for 2021:
- Cybersecurity
- Third party
- Business continuity and crisis management
- Data governance
- Organizational governance
- Board information
- Talent management
- Culture
- Sustainability (Environmental, Social and Governance – ESG)
- Disruptive innovation
- Economic and political volatility
Three new risks–organizational governance, disruptive innovation, and economic and political volatility–were added since the IIA’s 2020 list. This is not surprising, given the past year. A year challenging the norms of how our companies are managed. A year where innovators who embrace risk have risen to the top. A year where global pandemics, national elections, and the related policy and regulatory changes have created economic and political volatility.
Cybersecurity and business continuity and crisis management were the top-rated risks for 2021. While cybersecurity was also a top risk in the 2020 report, it is heightened in 2021, as companies now have employees operating in less-secure work-from-home scenarios with more reliance on technology than ever before. The past year has also put business continuity and crisis management plans to the test, as many companies were forced to utilize a portion or all of them for the first time ever, which brings higher attention to the topic.
Risk Relevance Perceptions
The IIA reported that while board members and chief audit executives had alignment on which risks were the most relevant, their perspectives did not necessarily align to management’s perceptions. Specifically, management’s perception was that operational risks, including talent management, culture and business continuity, had higher relevance, while the more macro-level risks, such as organizational governance and economic and political volatility, had lower relevance.
Ability to Manage Risks
Results of the survey show that perceptions on an organization’s ability to manage risks are becoming more aligned between management and boards than what was detailed in the 2020 report, which noted that boards were overconfident in an organization’s ability to manage risk. The IIA suggests that perhaps the pandemic prompted more communication around risk within organizations, resulting in a more realistic understanding of capabilities to manage risks.
The areas noted above should be considered as companies assess risks in the coming year. As the risks included within this report are fairly industry-agnostic, it’s important for your organization to also consider industry-specific risks that may impact you directly. Alignment across all levels of the organization on how risks are identified, assessed and managed continues to be critical. A well-established enterprise risk management program that is right-sized to your business and aligned to your strategies and objectives can help you proactively manage risk, reduce negative surprises, embrace risks to act on opportunities, and bring value to your organization.
Interested in learning more about how to identify, assess and manage risks within your organization? Contact our Risk Advisory Services team by emailing us at [email protected]. For the complete report, click here to download OnRisk 2021: A Guide to Understanding, Aligning and Optimizing Risk.
