Protiviti, the global risk consultancy, have partnered with North Carolina State University to survey executives about their top risks. You should read the report. Here are four reasons why…
1. Communications risks are especially severe
The survey covered all kinds of businesses, but executives in the Technology, Media and Telecommunications sector were the gloomiest about the risks they faced. In addition, some risks that prompt universal concern are unusually acute for comms providers. These include regulatory intervention, cybersecurity, and the safeguarding of customer privacy. Comms providers are also vulnerable to some new and rising categories of risk, such as the influence of social media on brand and customer relationships.
2. The people at the top do not have a common view of risk
To quote the report:
… boards of directors identified four strategic risks as their top five risk concerns… In contrast, CEOs [listed] macroeconomic risk concerns as four of their top five risks… Furthermore, other executives rated more operational risks in their top five list… This disparity in viewpoints emphasizes the critical importance of both the board and management team engaging in risk discussions, given a lack of consensus about the organization’s most significant emerging risks.
The whole point of Enterprise Risk Management is to enable an enterprise to take a single, common view of risk so that priorities are set accordingly. When other professionals ask me for advice, they often comment on how they struggle to make progress following their initial round of workshops. That is no wonder. The theory found in most ERM textbooks is divorced from what is observed in reality! It is no good to simply spend lots of time asking people what they think about risk, and then write down the answers that were given. As this survey result shows, everybody is currently giving contradictory opinions, even at the very top of big organizations. The goal is not to have a common list of risks, but to have a common evaluation of risks, and consequently to adopt common priorities in dealing with those risks. Anybody who does ERM should take note of how this survey finding confounds the theory that risk management is done by asking everyone’s opinion, without following up with a strenuous (and often stressful) push for consensus.
3. Some people do not learn from other people’s mistakes
The report notes there is “little surprise” that cyberthreats have risen up the risk charts, and are now considered to be the top operational risk overall. Why is this true? It is not because newspapers are filled with stories about cybersecurity risks. It is because they are filled with stories about the impact of security breach after security breach! To say there is a perception of increased cyber risk is like saying there is a risk your car was stolen after you return to the place where it was parked and discover it is no longer there. Despite this, some businesses do not learn from the suffering of others. That is why only US firms put cybersecurity in their top 5 risks. Ironically, firms outside the US placed a higher priority on the risk that their culture was failing to support risk identification!
4. You like to learn from other people’s mistakes
That is why you like hearing alternative opinions about risk, to see what you can learn from them. And that is also why you read Commsrisk. Bravo!!!