If nothing else, the past 18 months have shown just how resilient people and companies can be. But now more than ever, corporate leaders are finding themselves focused on risk management and are challenging how their organizations view and manage risk. Threats that were not top-of-mind before are now being considered.
So, what are the top risks organizations are looking at? The Institute of Internal Auditors (IIA) recently published OnRisk 2022: A Guide to Understanding, Aligning and Optimizing Risk, a report that provides perspective from key members of risk management functions and offers insight on potential areas of focus. OnRisk 2022 was developed from qualitative interviews conducted with 90 professionals to capture viewpoints of the boardroom, C-suite and chief audit executives. Results were analyzed to draw conclusions on how the three roles aligned, both regarding the risks that exist within organizations and how equipped those organizations are to manage the threats. Several key insights resulted.
Top 12 Risks
The following were identified as the top 12 risks organizations expect to face in 2022 (in order of relevance):
- Cybersecurity
- Talent Management
- Organizational Governance
- Data Privacy
- Culture
- Economic and Political Volatility
- Change in Regulatory Environment
- Supplier and Vendor Management
- Disruptive Innovation
- Social Sustainability
- Supply Chain Disruption
- Environmental Sustainability
Cybersecurity was also the top risk in 2021 and maintains that position for 2022. Such risks are now heightened as a result of continuing work-from-home scenarios, which some organizations are now making permanent.
Moving up on the list is Talent Management. Finding, hiring and retaining top talent is more difficult than ever and many organizations are struggling to maintain full teams. The increased ability to hire from any location and work remotely has created additional competition in the talent market.
Respondents also expect risks related to Culture, Economic and Political Volatility and Disruptive Innovation to continue to grow in relevance over the next several years.
Business Continuity and Crisis Management have fallen off the list since 2021, which is not surprising given organizations’ abilities to prepare, react, respond and recover have recently been augmented, creating more comfort over the capacity to respond to and manage this risk.
Ability to Manage Top Risks
The IIA noted that while this year’s report indicates better alignment among individuals managing risk than what was identified in prior years, there’s still a significant gap between how risk management leaders rate risk relevance versus organizational capabilities in most of the top 12 risks, most notably in Talent Management, Culture, Disruptive Innovation, Data Privacy and Cybersecurity. In other words, leaders often recognize that these are significant risks to their business, but don’t have confidence in their organization’s ability to effectively manage them.
ESG Risks
Sustainability was included as an overall risk last year, but makes the list in several forms this year, including Organizational Governance, Social Sustainability and Environmental Sustainability. Awareness of environmental, social and governance (ESG) risks is increasing as pressure for ESG reporting grows. Challenging these risks at a more detailed level is important as the report showed that leaders find certain of these risks, specifically Organizational Governance, to be more relevant than others. Respondents also felt that organizations’ ability to manage certain risks were less in line with the relevance of the risk, specifically for Social Sustainability and Environmental Sustainability. Understanding where those knowledge gaps might exist allows for more proactive management of the specific risks.
The risks noted above should be considered as organizations look forward to 2022. Since the threats included in the report are fairly industry-agnostic, it’s important that your organization also consider the industry-specific risks that may impact you directly. A well-established enterprise risk management program that’s appropriately sized for your business and aligned to your strategies and objectives can help you proactively manage risk, reduce negative surprises, embrace risks to act on opportunities and bring value to your organization. Alignment across all levels of the organization on how risks are identified, assessed and managed continues to be critical.
Interested in learning more about how to identify, assess and manage risks within your organization? Contact our Risk Advisory Services team by emailing us at [email protected]. For the complete report, click here to download OnRisk 2022: A Guide to Understanding, Aligning and Optimizing Risk.