Research for the fourth annual “Executive Perspectives on Top Risks Survey” from Protiviti and North Carolina State University’s ERM Initiative shows business leaders across industries are slightly more concerned, overall, about the risk environment for 2016, compared to 2015. Respondents to the survey represented several countries; about half were from the United States.

While there has not been dramatic change in concern over the past year, it’s important to note that the executives and board members surveyed for the 2015 report were feeling more optimistic about the future – albeit tentatively. The slight uptick in concern this year may indicate many leaders have adopted a more cautious outlook as recent dynamics and events have reminded them that their business operates in a risky world.

According to the report, organizations are taking steps to meet new risk challenges head on: Most respondents indicated that their business is likely to invest additional resources toward risk management this year. This may be a sign that more business leaders are realizing that their organization should increase the sophistication of its risk management practices given the fast pace at which complex risks are emerging.

What types of risks are on the minds of executives and board members this year? Here are the top five risks for 2016 cited by respondents, along with some analysis:

1. Regulatory change and scrutiny may heighten, noticeably affecting the manner in which companies deliver their products or services

Regulatory issues once again ranked first among top risks, although business leaders’ overall concern about this risk was down slightly from last year. Executives and boards of directors at U.S.-based organizations expressed more concern about this risk than their counterparts in other countries.

It was also the number-one risk for every industry represented in the survey, except for manufacturing and distribution, which ranked this risk fifth; leaders at these organizations appear to view regulatory change and scrutiny as more of a long-term issue, according to the survey report.

2. Economic conditions in markets that organizations serve may restrict their growth opportunities

This risk level is slightly elevated when compared to 2014 and 2015. In addition, 60 percent of respondents rated this as a “significant impact” risk. CEOs and boards of directors rated this as a top risk; chief audit executives did not. Internal audit leaders classified risks such as regulatory changes and scrutiny, insufficient preparation to manage cyber threats, and succession planning, recruitment and retention challenges as being more significant concerns for their organizations this year.

3. Organizations may not be sufficiently prepared to manage cyber threats that have the potential to significantly disrupt core operations and damage their brand

Cyber threats are a concern for any technology-enabled business, and 2015 and 2016 have seen a number of significant attacks targeting large enterprises in the public and private sectors, including retail, government and healthcare organizations. So, it is not surprising to find that this risk not only ranked again as a top-five concern for business leaders, but it was also the number-one risk cited by executives and board members at large organizations.

4. Succession challenges and recruiting and retention issues may limit organizations' ability to achieve operational targets

The demand for skilled talent is relentless in many industries, and employers often find recruitment and retention of in-demand professionals an intense struggle. This risk ranked in the top five for all industries included in the survey, indicating that there is general concern in the business world that the tightening labor market may undermine organizations’ future ability to assemble teams with specialized skills and expertise needed to support growth.

5. Ensuring privacy/identity management and information security/system protection may require significant resources

This year marks the first time this risk has been included in the top five. Its inclusion in this leader group can likely be attributed to growing concerns by executives and boards about their organization's ability to protect personally identifiable information and other sensitive data in an increasingly treacherous cyber risk landscape. Businesses’ embrace of new and disruptive technologies, such as cloud computing and social media, make managing privacy, information and business system security even more challenging.

Notably, several risks listed above (3-5) are categorized by Protiviti and North Carolina State University’s ERM Initiative as operational risks; in fact, half of the top 10 risks for 2016 are operational risks. In a blog post for The Protiviti View blog, Protiviti managing director Jim DeLoach said he was not surprised by the high number of operational risks weighing on business leaders’ minds. He added that the current risk environment has companies focused on “preserving bottom-line performance.”

Improving the risk assessment process

The authors of the 2016 survey report recommend that executives and boards of directors “maintain an active dialogue and discussion concerning potential risks” to their organization. Following are examples of key questions business leaders should seek to answer as a “diagnostic” for evaluating and improving their risk assessment process:

Does management apprise the board in a timely manner of significant risks or significant changes in the organization’s risk profile? Is there an effective process for identifying emerging risks? Does it result in consideration of response plans on a timeline basis?

Does the organization’s risk assessment process engage the appropriate executives and stakeholders to ensure that all appropriate risk perspectives are understand and considered?

Are risks evaluated in the context of the strategy and incorporated as a key consideration in the organization’s decision-making processes on an ongoing basis over time?

To see the full list of key questions that business leaders should consider when evaluating their risk assessment process, as well as the list of top 10 risks for the year, visit the Protiviti website.

Do you need expert support for your risk management initiatives? Robert Half Management Resources can provide highly skilled consultants for your next project. In addition to project staffing, we offer solution consulting in partnership with Protiviti, a Robert Half subsidiary. Contact us to learn more.