The Most Important Risks to Face in 2017

Published by
Jim DeLoach

Jim DeLoach

The National Association of Corporate Directors’ (NACD) 2016-2017 Public Company Governance Survey reported that, according to the vast majority (96%) of directors, “big picture” risks are overseen at the full board level. The big-picture view of risks includes those with broad implications for the organization’s strategic direction, including issues that can create significant reputation damage.

NACD’s findings are complemented by a recent survey of more than 700 c-suite executives who were asked to identify the top risks for 2017. Conducted in the fall of 2016 by Protiviti in partnership with North Carolina State University’s ERM Initiative, the study indicated that the overall global business context is noticeably riskier than in the two previous years, while respondents’ results in the United States implied that the risk landscape is about the same as before.

The common risk themes were ranked in order of overall priority providing context for understanding the 10 most critical uncertainties companies face in 2017.

  1. Economic conditions in the global marketplace may significantly restrict growth opportunities. There are many sources of economic uncertainty in the markets that companies operate within. Examples of factors impacting growth include market volatility, Brexit, a strong U.S. dollar, central bank monetary policies, the aftermath of the U.S. 2016 election, sluggish growth rates in various global markets, rising global debt, and the threat of deflation. Survey participants may have concerns about a “new normal” of operating in an environment of slower organic growth.
  2. Regulatory changes and scrutiny may increase, noticeably affecting the manner in which organizations’ products or services will be produced or delivered. Ranked at the top in our prior surveys, this risk fell to the second spot for 2017. Companies continue to display anxiety about regulatory challenges affecting their strategic direction, how they operate, and their ability to compete with global competitors on a level playing field. This risk may be particularly relevant in 2017, given the climate of uncertainty surrounding the new U.S. executive and congressional administrations and their influence on the role of government and the business environment. Any major regulatory change—whether perceived as positive or negative—is of significant interest to executives and directors.
  3. Organizations may not be sufficiently prepared to manage cyberthreats that could significantly disrupt core operations or damage their brand. Cyber risks have evolved into a moving target. Many factors are driving change, including the ongoing digital revolution, new innovations to enhance customer experience, cloud adoption, social media, mobile device usage, and increasingly sophisticated attack strategies, among others. The harsh reality is that new technology offerings and developments in organizations are quickly extending beyond the security protections that they currently have in place.
  4. The rapid speed of disruptive innovations and new technologies within the industry may outpace the organization’s ability to compete or manage the risk appropriately. A company’s inability to respond in a timely manner to changing market expectations can be a major competitive threat for organizations that lack agility in the face of new market opportunities and emerging risks. The speed of change and development of emerging technologies can occur anywhere and in any industry, and this risk reaches far beyond the retail marketplaces. Disruption affects all industries. No company is immune.
  5. Privacy, identity, and information security risks are not being addressed with sufficient resources. The technological complexities giving rise to cybersecurity threats also spawn increased security risks to privacy, identity, and other sensitive forms of information. As the digital world evolves and connectivity increases, new opportunities emerge for identity theft and for the compromise of sensitive customer information. Recent hacks exposed tremendous amounts of identity data involving large companies and the federal government in the United States. These underscore the harsh realities of this growing risk concern.
  6. Succession challenges and the ability to attract and retain top talent may limit the ability to achieve operational targets. A number of factors are driving this risk—changing demographics in the workplace, slower economic growth, increasingly demanding customers, and growing complexity in the global marketplace. As a result, organizations are being forced to elevate their recruitment and retention efforts to acquire, develop, and retain talent with the requisite knowledge, skills, and core values to execute challenging growth strategies.
  7. Anticipated volatility in global financial markets and currencies may create significant challenges for organizations to address. Given questions surrounding the United Kingdom’s eventual exit from the European Union, as well as uncertainties in China and other world markets, it is not surprising that this risk remains among the top 10 for 2017. Factors indicated earlier—including rising public debt, falling commodity prices, sluggish economic growth, the strong U.S. dollar, and uncertainty regarding monetary policies—all contribute to uncertainty in global financial markets and currencies.
  8. The organization’s culture may not sufficiently encourage timely identification and escalation of significant risk issues. An organization’s culture has a huge impact on the manner in which risk issues are brought to the attention of decision makers when there is still time to act. Given the overall higher levels of risk-impact scores for all risks in 2017 relative to the year before, this cultural issue may be especially concerning to senior management and boards.
  9. Resistance to change could restrict organizations from making necessary adjustments to their business model and core operations. The cultural issues noted above combined with a lack of organizational resiliency can be lethal in these uncertain times. Organizations committed to continuous improvement and breakthrough change are more apt to be early movers in exploiting market opportunities and responding to emerging risks than those companies that cling to the status quo.
  10. Sustaining customer loyalty and retention may be increasingly difficult due to evolving customer preferences and demographic shifts in the existing customer base. Protecting the customer base is not easy in today’s highly competitive environment of disruptive change. This may be what is on the minds of the survey participants rating this risk.

The company’s directors may want to consider the risks ranked here when determining the organization’s “big picture risks” to be evaluated in 2017. Boards should be aware of the context of the nature of the entity’s risks inherent in its operations. If your board has not identified these issues as risks, your company’s directors should consider their relevance and ask why not.


Jim DeLoach is Managing Director of Protiviti. 

4 Comments

  • Jim DeLoach says:

    That’s right, Greg. And, looking forward, I agree it’s difficult to read the tea leaves as to exactly what changes are in store for FSI.

  • Gregg Riess says:

    As I speak with executives in the financial services and banking sector, there’s a sense that some regulations may actually decrease. For example, some are speculating that Dodd-Frank Act requirements could decrease. I do agree with your remarks on #2, “Any major regulatory change–whether perceived as positive or negative–is of significant interest to executives and directors.”

  • Jim DeLoach says:

    Jack, thank you for taking the time to comment. I couldn’t agree with you more. Yes indeed, cyber is a serious business issue requiring business unit collaboration with the CIO/CTO to develop comprehensive solutions and, most certainly, brand and reputation are at stake. I see some cyber fatigue in the board room, but we keep telling directors that the issue isn’t going away any time soon.

  • Jack Healey says:

    Interesting that two of the top 5 have to do with Information Security. I frequently speak to boards and management on this topic. – the desire to improve the Cyber Security Response is there, but very frequently the budgets don’t follow. Boards and Management see this as an IT issue, not a Business issue. Education, Defense and Deterrence should be a comprehensive solution. Frequently the Board focusses on Cyber Insurance (with its large deductibles) and miss the point of Brand and Reputation. All organizations should adopt a Cyber Security Plan in accordance with standards such as NIST, educate their employees, customers and suppliers on Information Security, and invest in a comprehensive plan. This will take capital and human resources.