By Peter White – Peter.White@EthicalBoardroom.com
Across the globe the major risks corporations are facing include service interruptions, cybersecurity attacks, disruptions to supply chain and distribution, natural disasters and political crises amongst others.
As an example, the cost of cyber-crime to companies worldwide averaged approximately $5.9 million over 2013 which is an increase of 56% from 2012. Since the economic crisis corporate directors have had increased expectations on them to improve risk management. Boards are responding with a number of significant changes to the enterprises they are charged with running and are making changes to increase their focus towards the areas of risk management. They are in particular working towards recognising the importance of IT risks and the role this plays in business strategy. There has been growing media scrutiny and attention in this area and boards now need to apply a greater amount of effort towards risks across a range of areas – macroeconomic risks, strategic risks and operational risks. Macroeconomic risks are those that are capable of impacting the growth of a company over the upcoming fiscal period. Strategic risks are risks that may jeopardise the validity and success of business strategy in the pursuit of growth over the upcoming fiscal period. Finally, operational risks are those that may affect the operational workings of the enterprise in executing the strategy over the upcoming fiscal period. Boards are aware of the increased amount of scrutiny that they are now being put under, and they are working to improve their oversight functions to properly address the risks their companies are facing. Boards remain concerned about how effective they are at mitigating corporate risk exposure. Currently, only 19% of directors believe that their board is fully effective in overseeing their company’s risk management processes. Therefore, risk management oversight remains a primary focus of boards at this time. Boards have become more effective in their risk management efforts over the last couple of years but much more is needed.
Currently the major risks companies are facing are those related to crisis management, fraud and IT.
Boards are in particular becoming increasingly involved with oversight of crisis management planning. Although directors cannot predict the form of crisis that may occur or the timing of it, more attention is being focused in this area. For example, 80% of directors have indicated through corporate study research that they have discussed business continuity plans in the last twelve months—up from 67% for the past year.
Fraud is also a critically important concern for directors, in particular bribery fraud. Prosecutions and investigations are ramping up in number and effort in this area and legislation in the area of The Foreign Corrupt Practices Act in the US has been broadened. Currently, bribery guidelines are set so that they require companies to develop a corporate culture that encourages a commitment to comply with the relevant fraud laws. Companies should make more efforts and put in place more procedures to ensure that fraud and bribery related risks are mitigated.
Another dominant corporate risk is that related to cybersecurity. New technologies are creating significant competitive advantages to businesses across the globe – however these technological advancements are creating a lot of new threats to businesses too. Advancements such as cloud computing, mobile computing devices and social media tools are helping businesses grow and new risks are also surfacing from these changes. Directors may acknowledge this concern however the majority of them are uncomfortable and lacking knowledge when it comes to overseeing information technology risks. To combat this risk boards are now employing the expertise of specialist consultants in this area and additionally some boards are searching for IT qualified directors to add to the board. It would be a good idea for more company boards to take on advice and expertise where knowledge and understanding gaps have been identified at the earliest possible opportunity.
In the corporate climate of today, board directors are embracing and seeking wider opportunities to manage risk and to pave the way to a more stable and successful future for their organisations. Effective risk oversight and management frameworks are key to their success.