This internal “misalignment” suggests that currently the prioritization of risk looks different depending on the time horizon and remit of your role.
“Risk needs to be embedded in strategy conversations at the board level and also in what every business function is doing,” says Nick Allen, a Board Director at Lenovo Group. “You just can’t isolate discussions about risk.”
3. Focus is sharpened on emerging, atypical risks and external risks
Sixty-four percent of boards say their organizations can effectively manage traditional risks, which include changes in regulation, drops in demand and increased borrowing costs. But only 39% say their organizations can effectively manage atypical and emerging risks, which might include threats associated with new technology or the impact of the climate emergency. In parallel, 61% of board members say their organizations can manage internal risks effectively, but only 47% say the same of external risks.
There is a clear distinction between the ability of the risk management leaders and the risk management developers to manage non-traditional risks: 71% of leaders are effective at managing atypical and emerging risks, compared with just 12% of developers. In addition, 82% of risk management leaders are effective at managing external risks, compared with just 20% of developers.
“It’s essential to devote enough time at board level to emerging risks,” says Michael Lynch-Bell, non-executive director at a number of organizations including Barloworld. “Our board monitors traditional risks every quarter, but in addition dedicates a large proportion of a strategy day every year to discussing emerging risks.”
Sector and regional focus: Risk priorities diverge
Board members’ prioritization of risks and the extent to which they want to improve risk management within their organizations varies depending on their sector and location.
Take risks associated with climate change and natural resource constraints. Boards across all sectors rank this as the ninth most significant risk to their organization in the next 12 months. But boards in the energy and resources sector rank it a joint first, alongside changes in the regulatory environment.
Cyberattacks and data breaches rank as the fifth most important risk to boards across all sectors, but are ranked first by boards of financial services and technology, media and entertainment, and telecommunications (TMT) businesses.
Finally, geopolitical events are considered the sixth most important risk by boards across all sectors but are ranked as the top risk by those in the real estate, hospitality and construction sectors.