The Top Risks for 2017

10 Common Uncertainties Plaguing Businesses

Protiviti and North Carolina State University’s ERM initiative recently joined forces again to conduct an annual survey to gauge business leaders’ perceptions regarding the top risks their organizations face.  The kinds of risks identified are very similar from last year to this, but by and large, executives believe the risks their companies face are increasing.

North Carolina State University’s ERM Initiative and Protiviti recently completed the latest survey of C-level executives and directors worldwide regarding the macroeconomic, strategic and operational risks their organizations face. The top risks for 2017 provide insight as to what’s top-of-mind currently among leaders around the globe.

Overall, 735 C-level executives — 55 percent of whom are based in the United States, with the balance distributed between Europe and Asia-Pacific — participated in this year’s study, which was conducted in September 2016. These executives revealed that their respective organizations face significant issues and priorities that vary by industry, executive position and company size and type. They indicated that the overall global business context is noticeably more risky than in the two prior years, with respondents in the U.S. indicating it’s about the same as in prior years. The overall risk scores for all of the top 10 risks are higher than prior years, suggesting that executives perceive the level of risk is increasing across several dimensions.

Note that this survey was conducted during the fall of 2016 and was completed just before the 2016 election results were in. It is a fair question as to whether the survey results might have been different had President Trump’s election been known. We believe that, if anything, the results might reflect even greater uncertainty, because many observers were of the view prior to the election that a Clinton administration would have continued the policies of the prior administration. Such is not the case with the Trump administration, which has promised tax and regulatory reform as well as an overhaul of the nation’s trade deals with selected countries. Accordingly, the implications of change in policy on the global outlook must play themselves out over time.

In our report on the results, we ranked the common risk themes in order of priority on an overall basis, noting the previous year’s rankings parenthetically. This summary provides a context for understanding the most critical uncertainties companies are facing as they move forward into 2017.[1]

1. Economic conditions in markets the organization currently serves may significantly restrict growth opportunities (2). This year, this issue moved to the top risk spot, which is not surprising, as myriad factors continue to cloud the global economic outlook. These sources of uncertainty include financial market volatility, Brexit, massive immigration pressures, ongoing terrorist incidents, a strong U.S. dollar, central bank monetary policies in many countries, anticipation of the U.S. 2016 national elections (see commentary above), sluggish growth rates in various global markets, rising global debt and the threat of deflation. Overall, survey participants may be suggesting a concern over a “new normal” for businesses operating in an environment of slower organic growth as they search for new markets, products and services to stimulate fresh sources of growth. This view could change, given the new U.S. administration’s policies, particularly domestically.
2. Regulatory changes and scrutiny may heighten, noticeably affecting the manner in which organizations’ products or services will be produced or delivered (1). Ranked at the top in each of the surveys we’ve conducted over the previous four years, this risk experienced a only slightly decreased rating this year, suggesting companies continue to have anxiety that regulatory challenges may affect their strategic direction, how they operate and their ability to compete with global competitors on a level playing field. This risk may be particularly relevant in 2017, given the uncertainty surrounding the 2016 U.S. presidential election influencing the role of government and its impact on the business environment, particularly with respect to trade policy with other nations. (And during the new administration’s first 100 days, that is exactly what we’re seeing unfold.) These developments are significant as the cost of, and influence of regulation on, business models remain high in many industries.
3. The organization may not be sufficiently prepared to manage cyber threats that have the potential to significantly disrupt core operations and/or damage its brand (3). Cyber risks have evolved into a moving target, with digitization advances, cloud computing adoption, mobile device usage, creative applications of exponential increases in computing power, and innovative IT transformation initiatives constantly advancing the digital footprint and outpacing the security protections companies have in place. Given publicity about data breaches affecting politicians, global financial institutions, major retailers and other high-profile companies and the growing presence of state-sponsored cyber terrorism, executives are recognizing the need for “cyber resiliency.” In fact, it is highly probable the company is already breached and doesn’t know it yet.
4. Rapid speed of disruptive innovations and/or new technologies within the industry may outpace the organization’s ability to compete and/or manage the risk appropriately without making significant changes to the business model (6). With the speed of change and advancement of technologies, rapid response to changing market expectations can be a major competitive threat for organizations that lack agility as an early mover in the face of new market opportunities and emerging risks.
5. Privacy/identity and information security risks may not be addressed with sufficient resources (5). The technological complexities giving rise to cybersecurity threats also spawn increased privacy/identity and other information security risks. As the digital world evolves and enables individuals to connect and share information, it presents fresh exposures to sensitive customer and personal information and identity theft.
6. Succession challenges and the ability to attract and retain top talent may limit ability to achieve operational targets (4). With changing demographics in the workplace due to an aging population and the increasing influence of millennials, the challenges of slower economic growth, increasingly demanding customers and growing complexity in the global marketplace, organizations must up their game to acquire, develop and retain the right talent with the requisite knowledge, skills and core values to execute challenging growth strategies. Multiple trends are transforming the global talent landscape as well as creating the need for altering talent management strategies. These trends include globalization, digitalization, increasing mobility, worker shortfalls over the long term in many developed countries and growing opportunities in emerging markets. As they expand their global reach, boundaryless organizations must “think global” to build diverse and collaborative teams that can be resilient in a rapidly changing and increasingly digital world.
7. Anticipated volatility in global financial markets and currencies may create significant challenging issues for our organization to address (8). Given questions in Europe surrounding the U.K.’s eventual exit from the European Union and uncertainties in other world markets, including China, it is not surprising that this risk continues to be a top 10 risk for 2017. Factors we’ve indicated earlier – including rising public debt, falling commodity prices, sluggish economic growth, the strong U.S. dollar and uncertainty regarding monetary policies – all contribute to uncertainty in the marketplace.
8. The organization’s culture may not sufficiently encourage timely identification and escalation of significant risk issues (9). The collective impact of the tone at the top, tone in the middle and tone at the bottom on risk management, compliance and responsible business behavior has a huge effect on timely escalation of risk issues, particularly those affecting core operations. Given the overall higher levels of risk impact scores for all risks in 2017 relative to 2016, this cultural issue may be especially concerning to senior management and boards.
9. Resistance to change could restrict the organization from making necessary adjustments to the business model and core operations (7). The cultural issues surrounding the escalation of top risk concerns noted above, combined with a lack of organizational resiliency, can be lethal in these uncertain times. It makes sense to enhance the organization’s ability and discipline to act decisively in revising strategic and business plans in response to changing market realities. Organizations committed to continuous improvement and breakthrough change are more apt to be early movers in exploiting market opportunities and responding to emerging risks.
10. Sustaining customer loyalty and retention may be increasingly difficult due to evolving customer preferences and/or demographic shifts in the existing customer base (10). Customer preferences can shift rapidly, making it difficult to retain customers in an environment of modest growth in certain sectors. Sustaining customer loyalty and retention is about increasing profitability through superior top-line performance, along with reduced marketing costs and costs associated with educating new customers.

Three risks fell just short of the top 10 risk cutoff – (a) uncertainty surrounding political leadership in national and international markets, (b) anticipated increases in labor costs impacting ability to meet profitability targets and (c) inability to utilize data analytics and big data to achieve market intelligence and increase productivity and efficiency. The point is that these risks are also significant to some companies.

The above results are global. Respondents from the U.S. noted similar risks but ranked them differently. One other notable survey finding: The respondents in Asia-Pacific and Europe reported that the risks their organizations will be facing with respect to reaching or exceeding profitability (or funding) targets over the next 12 months have increased slightly in terms of magnitude and severity compared to the assessment reported in last year’s survey (in which the participating respondents looked forward to 2016). In the U.S., the level of risk is about the same.

Senior executives and boards of directors may want to consider the above risks in evaluating their risk oversight focus for the coming year in the context of the nature of the entity’s risks inherent in its operations. If their organizations have not identified these issues as risks, executives and directors should consider their relevance and ask why not.

[1] Executive Perspectives on Top Risks for 2017, Protiviti and North Carolina State University’s ERM Initiative, available at www.protiviti.com/toprisks.