In a constantly shifting risk landscape, risk management leaders need to regularly reassess the priority of the risks impacting their organization. Reprioritizing requires awareness of the risks already present, emergent risks on the horizon, and risk intersections that lead to unexpected impacts.
In my role leading the Risk Products team at AuditBoard, I have the privilege of speaking with our customers about how they’re approaching their current challenges, and how technology can support them in achieving a holistic view of risk in their organizations. This article will break down five risks that risk leaders should have on their radar, and strategies to address these individually and as a whole.
1. Regulatory Change
Currently, many organizations are dealing with new regulations and increased scrutiny. While some industries are more heavily regulated than others, all organizations face some level of regulatory risk. Regulators are paying especially close attention to risks related to climate change modeling and cybersecurity oversight. The scrutiny is high because predictive data modeling and defending against cybersecurity threats require skill sets that most companies need to improve. Risk leaders can work with the different teams in their organizations to mitigate those risks by keeping the focus on the regulatory requirements while balancing staffing shortages and addressing internal skill gaps.
2. Supply Chain
Due to recent inflationary pressures, supply chain risks are very high on risk managers’ radars. Many organizations are exploring ways to gain efficiencies and reduce costs with sustainability in mind. Some implement more sophisticated simulation software for process optimization to address these concerns. Others make business decisions to cut product lines that are hard to source or require costly components. Risk managers should help organizational leaders understand the long-term impact of cost-reduction initiatives to avoid unexpected negative effects.
3. Digital Disruption
Digital disruption comes in many different forms. Over the past several years, organizations responded to the need for work-from-home and hybrid situations by bringing in cloud-based software solutions that integrated a variety of departments and teams. Most of those solutions improved operations, but not all. Now individual business units are looking for their own technology enablers to support their unique needs while feeding information into the broader corporate solution. Meanwhile, other teams are trying to tap into those solutions with BOTs and RPAs to support their business needs. Risk managers can address digital disruption risk by bringing in an inventory of current systems, including BOTs running various jobs, and information on which teams will likely replace their technology soon.
4. Geopolitical Pressure
Geopolitical pressures are creating disruptions for organizations, and many lessons should be learned so mistakes are not repeated. At the organizational level, risk leaders are in a great position to synthesize the global political landscape as it impacts the organization. It could include sharing distilled information with business leaders to draw the connection from a global concern to their operations, or it may be sharing the results of predictive analysis scenarios to understand what risks are on the horizon. A key message for risk managers is to embrace an agile approach to making business decisions. The unpredictability of global political leaders can force businesses to make decisions and pivot in response to outside pressure, and decision-makers need access to digestible data to make informed decisions.
5. Skill Gaps
Organizations are dealing with the impact of a widespread labor shortage. While the great resignation was considered a major movement several years ago, employees are still moving around and looking for new employment. The influx of new employees and high turnover rates have led to knowledge and skills gaps. Risk management and other assurance teams should ensure this risk is sufficiently mitigated with internal training programs that include information about the organization, people’s respective positions, and deeper training into an individual’s skills and tools to perform their jobs now and in the future effectively.
Connecting Risk Across the Organization
A strong risk management function aggregates information from across an organization to develop a holistic understanding of risks that impact operations. The top risks in 2023 all represent risk intersections that can only be identified and managed by breaking down different silos of risk (e.g., compliance, technology, finance).
It can be a mistake to simply assume that the current system is “good enough.” Risk management teams need a connected risk solution to bridge the different parts of the organization and keep pace with the speed and complexity of the risks we face. By removing those silos and facilitating communication between different parts of the business, risk leaders unify risk data, streamline risk management activities, can capture key risk indicators, and provide stakeholders visibility into the top risks, trends, and overall risk appetite — ultimately positioning the organization to thrive in an ever-evolving risk environment.
Anand Bhakta is Sr. Director of Risk Solutions at AuditBoard and a cofounder and Principal of SAS. He has over twenty years of audit and advisory experience. Anand spent 8 years at Ernst & Young prior to SAS, and has served as a trusted advisor for numerous internal audit and management executives. Connect with Anand on LinkedIn.