Next Article in Journal
Risk Management in Practice: A Multiple Case Study Analysis in Italian Municipalities
Previous Article in Journal
The Internal Determinants of Gender Diversity and Its Non-Linear Impact on Firms’ Performance: Evidence from the Listed Companies in Palestine Exchange
Previous Article in Special Issue
The Role of ERM and Corporate Governance in Managing COVID-19 Impacts: SMEs Perspective
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
JRFM
Volume 16
Issue 1
10.3390/jrfm16010029
jrfm-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles thumb_up
...
Endorse textsms
...
Comment
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

An Evolving Risk Landscape: Insights from a Decade of Surveys of Executives and Risk Professionals

by
Mark Beasley
,
Bruce Branson
and
Don Pagach
*
Poole College of Management, NC State University, Raleigh, NC 27695, USA
*
Author to whom correspondence should be addressed.
J. Risk Financial Manag. 2023, 16(1), 29; https://doi.org/10.3390/jrfm16010029
Submission received: 21 October 2022 / Revised: 29 December 2022 / Accepted: 31 December 2022 / Published: 4 January 2023
(This article belongs to the Special Issue The Challenges and Opportunities for ERM Post-COVID-19)
Browse Figures
Versions Notes

Abstract

:
We report on the results obtained from ten annual surveys of global business executives on their perceptions of the most significant risks facing their organizations in the ensuing calendar year. These surveys of C-suite executives, directors and other risk professionals elicit their concerns about risks that may affect their organization’s success over the near-term horizon (i.e., the next calendar year). After a decade, we believe these results provide an opportunity to examine how the global risk landscape has evolved. In addition, two additional survey questions allow us to examine how these executives view the overall risk context and how enterprise risk management (ERM) is deployed and augmented in the face of an escalating risk environment. On average, we find that executives view the risk landscape they face as persistently risky over the ten-year period, even during the relatively robust economic environments for much of that time frame. Two industries report much more volatility in their risk environments, with respondents from the Healthcare sector and in Technology, Media and Telecommunications acknowledging the largest volatility. We also observe an increase in entities’ decisions to devote more time and resources to risk management over the ten-year period, suggesting that ERM has become an essential mechanism for organizational success. Our goal is to highlight the realities of constantly changing risk conditions and how context (e.g., industry and time) is an important distinguishing factor that affects an organization’s given risk profile, which is relevant to both executives and academics. Collectively, our findings emphasize the importance of understanding the ever-changing context of an organization’s environment, that risk identification must be an ongoing process, and that there is no “one-size-fits-all” approach to risk governance. We believe all this signals the importance of future research to help organizations respond with robust risk governance.

1. Introduction

Over the past two decades, enterprise risk management (ERM) has become an increasingly important mechanism for organizations to manage their key risk exposures (Beasley and Branson (2022), which has resulted in a growing body of academic studies focused on ERM implementations and benefits (see literature reviews provided by Bromiley et al. (2015), Gatzert and Martin (2015), and Viscelli et al. (2016)). ERM provides a process for identifying, monitoring, and responding to emerging uncertainty surrounding an organization’s core value drivers and strategic initiatives (COSO 2004, 2017). One of the fundamental components of any ERM process is risk identification and assessment, which requires organizations to estimate the severity and likelihood of risks that may impact the entity’s opportunity for success. Once a risk has been identified and assessed, ERM provides an infrastructure for information sharing, development, and implementation of risk responses, and tracking of emerging risk issues. Collectively, these actions are designed to increase the likelihood that the organization can achieve its strategic objectives.
The ERM Initiative at NC State University, in partnership with Protiviti, Inc., a global consulting firm, has conducted annual surveys of global business executives about their perceptions of the most significant risks their organizations will face in the upcoming year (Protiviti/NC State 2013–2022). These survey results provide a window into the mindset of executives and board members as they contemplate the risk environment their organizations must navigate to preserve and enhance value. The surveys are designed to better understand variation in risk perceptions across a variety of organization types and functional roles held by survey respondents. Academic literature on ERM has become an important part of examining issues concerning risk management practices. Pagach and Pascanik (2021) note that there were over 280 published research papers and cases examining ERM topics over the last 20 years. Numerous studies have focused on factors that explain an organization’s decision to implement ERM (e.g., Liebenberg and Hoyt 2003; Beasley et al. 2005; Paape and Speklé 2012) and how they implement ERM (for example, Fraser and Henry 2007; Beasley et al. 2015) while others have studied the impact of ERM implementations using different measures of value (e.g., Gordon et al. 2009; Hoyt and Liebenberg 2011; McShane et al. 2011; Baxter et al. 2013). Most of these studies note that there is a significant need for continued research related to ERM. In fact, Viscelli et al. (2016) include over 90 suggested ERM research issues warranting further examination.
How organizations have assessed, and managed risks has evolved over the past twenty years. This evolution in risk management approaches has been attributed to a variety of events. Examples include major fraudulent financial reporting events (e.g., Enron, WorldCom, Punjab National Bank, Petrobras, etc.), the “dot.com” crisis in the early 2000s, and the global financial crisis of 2008–2009 (Camfferman and Wielhouwer 2019; Carmichael 2020; Sheedy and Griffin 2018). While entities have managed risks for centuries, there has been an increasing emphasis over the past twenty years or so to expand upon traditional risk management processes and adopt a more formal risk management approach at an enterprise-wide level to better associate risk information generated by the refined risk management effort with decision making related to organizational strategy. The core principles of enterprise risk management include more formality and specificity of processes related to risk identification, assessment, response, monitoring, and communication of risk information uniquely customized for that entity (Jemaa 2022; Lundqvist 2015; Nocco and Stulz 2006). This refined approach also includes heightened risk governance and leadership, including an increase in the attention of the board of directors, the naming of chief risk officers (CROs) and other risk leaders, the introduction of risk management committees at both the board and management levels, and other investments in risk management processes (Aebi et al. 2012; Beasley and Branson 2022; Lundqvist 2015).
The annual report on the risk survey prepared by Protiviti and NC State is used extensively by management teams as a completeness check about the risks their management teams have identified. That is, management uses the report to understand what risks are on the minds of other executives to see what their own management team might be overlooking. To illustrate the impact of the annual survey, the 2020 and 2021 annual reports on the survey were each downloaded over 7500 times. The initial live webinar hosted by Protiviti and NC State that discusses the survey results is joined by over 1500 participants each year. In addition, the annual report on the risk survey receives coverage in such publications as The Wall Street Journal, Fortune, Compliance Week, Street Insider and Forbes.
The focus of this research is on the outcome of the risk assessment component of ERM. The goal of risk assessment is to identify the most critical risks that have the potential to disrupt the strategic success of the organization. Risk assessment lays the foundation for management to respond to these risks with targeted responses designed to best manage the exposure. We know little about executive perspectives about the overall risk environment and how risks identified by management through risk oversight efforts differ across organizations, industries, and time.
This research provides descriptive evidence based on surveys designed to identify what executives perceive to be the key risks to be monitored and managed over the ensuing year. Our data are based on ten separate annual risk surveys that were conducted starting in September/October 2012 (asking respondents about risks on the horizon for 2013, which we then refer to as the 2013 survey data) and repeated at similar points in time each year through 2021. The surveys asked C-suite executives, directors, and other risk professionals to individually assess the impact of a set of predetermined risks that their organizations may encounter over the next 12 months. Each survey participant rated individual risk issues using a 10-point scale, ranging from 1 (“No Impact at All”) to 10 (“Extensive Impact”) to their organization.1 Our analysis is based on a large sample that is diverse across industry and firm size. The survey approach allows us to ask executives specific and qualitative questions about the risks facing their organizations. We recognize that a survey approach has potential limitations in that it may not be representative of the global population of organizations, or that the survey questions are misunderstood or not fully addressed. However, the survey approach provides unique information about emerging risks on the horizon spanning a decade that are of most concern to business executives not found in other ERM-related research. We believe these data may serve to better inform future research by specifically identifying areas of concern worthy of additional investigation.

2. Methodology

The data reported in this study are based on surveys of executives and board members conducted annually starting in September/October of 2012 and ending in September/October of 2021. The survey asked executives about the likely impact over the subsequent year arising from a list of specific risks related to macroeconomic, strategic, and operational issues.2 The survey approach provides additional evidence beyond findings reported in large sample empirical studies and case studies. Large sample empirical studies have become the most common form of academic research and have several advantages over other approaches. Most large-sample empirical studies provide significant statistical power and cross-sectional variation. However, a weakness of this approach is that it is not possible to ask qualitative questions and specific variables may not always be determinable. Case studies are less common in academic research but provide significant detail and can delve deeply into specific behavior. However, case studies typically employ extremely small samples, and their results are often sample-specific, and conclusions reached may not translate to the broader population of organizations.
A survey approach can also be criticized. Respondents are limited to the risks provided by the survey instrument and this format does not allow significant depth of questioning in that the survey uses a general set of questions for all participants. The risk survey also only captures responses from participants that completed the survey, we do not know the full sample of risk management participants and are unable to generalize our results to the population. Finally, the survey does not control for the respondents over the 10-year period of the study, thus we are unable to statistically compare the results of the survey from year to year for a given respondent. Even with these weaknesses, we believe the examination of the Protiviti/NC State risk survey findings provides a unique opportunity to understand and learn about boards and risk executives’ views and assessments about the major risks capable of disrupting their organizations’ strategic success within the global economy.
The Protiviti/NC State survey differs from other risk identification surveys by its focus on a large set of risks facing international businesses over the near term (i.e., the next twelve months) and by surveying global business leaders on the front-line of risk management. However, there are a number of other risk surveys. Aon, the financial services firm, produces a biennial risk survey that is conducted in the second quarter of every other year. Respondents are global and in the most recent survey 68% were employed by private firms with the balance from public and government organizations. Aon employs a web-based survey that addresses both qualitative and quantitative risk issues that allow respondents “...to provide feedback and insights into their insurance and risk management choices, interests and concerns” (AON 2021). The World Economic Forum Global Risk Report obtains responses from its “multi stakeholder communities (including the Global Shapers Community)” (World Economic Forum 2022). That survey focuses on global risks that the World Economic Forum suggests “could cause significant negative impact for several countries or industries. For the purposes of this report, the scope is over the next 10 years” (World Economic Forum 2022). The Association for Financial Professionals (AFP) annual Risk Survey Report is sent to executives with job titles including “CFO, Treasurer, Controller, Cash Manager, Director, Treasury and Assistant Treasurer.” This survey is focused on risks facing Treasury teams (Association for Financial Professionals 2021). Deloitte, the global accounting and advisory firm, publishes an annual global risk management survey that “assesses the financial services industry’s risk management practices and challenges.” The Deloitte findings are obtained from 57 financial services firms and are focused on financial risks (Deloitte 2021). The Society of Actuaries, Casualty Actuarial Society and the Canadian Institute Actuaries publish an Annual Survey of Emerging Risks. The 2022 survey had 153 respondents with most from North America and it asks respondents “to choose their top current risk, top five emerging risks, top emerging risk, and three sets of two-risk combinations, selecting from 23 risks” (Society of Actuaries 2021).
The initial Protiviti/NC State survey was launched in 2012, and asked risk professional about 20 specific risks, with five focused on macroeconomic issues, eight on strategic issues, and seven on operational issues. This initial set of risk concerns was developed based on input received from risk professionals and from monitoring issues reported in the business press. Each year, additional inquiries of risk professionals took place, current issues from the business press were noted, and open-ended risks provided by prior year survey participants were evaluated to identify whether additional risks should be added or risks that were no longer relevant dropped. Over the ten-year period, three risks have been dropped from the survey and 19 new risk issues have been added. The 2022 survey requested evaluation of 36 specific risks, with 11 focused on macroeconomic issues, 13 on strategic issues, and 12 on operational issues. The evolution in specific risks is meant to provide respondents with the ability to evaluate risk concerns that have the potential to be “front of mind” at the time of the survey (Protiviti/NC State 2013–2022). For example, when healthcare reform became a significant issue of concern for many organizations that item was added and after its legislative resolution became clear the question was removed, given the lack of ongoing uncertainty.
In the first few years of the survey the number of responses received was relatively modest and focused on executives in North America. However, in 2016, the sample size increased significantly by adding executives from Europe and Asia. In 2019, the survey was again expanded geographically to include executives from Africa, Australia/New Zealand, India, Latin America, and the Middle East. The number of survey respondents has continued to increase and as of the 2022 survey there were 1453 risk professionals providing their perspectives on near-term risk concerns for their organizations. Over the ten years, 7276 responses from risk professionals have been received. In Table 1, we provide information on the survey respondents by geographical location.
In Table 2, we provide summary information about the industries represented by respondents in our sample, by year. The survey covers a broad range of industries, with Financial Services as the most represented industry, comprising between 23% and 33% of each annual survey and 28% of the entire sample. Consumer Products and Services are represented by 22% of the full sample, while Manufacturing and Distribution makes up 18% of the full sample. The higher percentage of Financial Services firms is consistent with other extant ERM-related research. This is also consistent with the heavy emphasis placed on risk management by regulators of the financial services industry. For example, Beasley et al. (2008), in their research into the degree of ERM adoption of 123 firms, found that firms in banking and insurance industries have more advanced ERM processes.
In Table 3, we provide summary information about the size of firms (based on total revenues in USD) in our sample, by year. Our sample consists of firms of all sizes, with 13% of the total respondents at organizations with total revenues of greater than USD 10 billion, 37% of respondents at organizations with total revenues that range between USD 1 billion and USD 9.99 billion, 32% of respondents at organizations with revenues that fall between USD 100 million and USD 999.9 million, and 18% of respondents at organizations with revenues less than USD 100 million. While the percentages for our largest and smallest sized firms are fairly consistent with the yearly samples, our two middle categories tend to vary considerably through the survey. For example, the organizations that report total revenues ranging between USD 1 billion and USD 9.99 billion represent 50% of the 2017 sample but only 24% of the 2014 sample.
Each survey participant assessed individual risk issues using a 10-point scale, where a 1 was associated with “No Impact at All” and a 10 represented “Extensive Impact” over the next year.3 As discussed previously, the initial set of risk concerns was developed based on input received from risk professionals and from monitoring issues reported in the business press. Examining the same list of risk concerns (as possible) allows for the examination of trends over time and across different organizational contexts. In addition, participants were provided the opportunity to indicate any notable risk concerns not included in the predetermined list of risks.
In addition to providing individual assessments about the anticipated significance of each risk, the survey asked executives to provide an overall assessment of the magnitude and severity of risks that their entity will face over the next twelve-month period. They were also asked about the amount of time and resources their organization expects to channel towards risk management activities over the ensuing 12 months.

3. Results

We begin our examination of the survey results by first considering the economic conditions over the time period of our survey data. Although we have a global sample, we use U.S. economic data to provide insights into the economic conditions faced by respondents. As shown in Figure 1, real gross domestic product in the U.S. over the time period has grown from USD 16.4 trillion to almost USD 20 trillion (U.S. Bureau of Economic Analysis 2022). There has been one recession during the ten-year period and that occurred during the early part of 2020 due to the COVID-19 pandemic. These data for the U.S. are consistent with global GDP, which has grown from USD 75.5 trillion in 2012 to almost USD 96 trillion in 2021 (World Bank 2022).
In Figure 2, we provide U.S. inflation rates obtained from the World Bank over the survey period. For the majority of the ten-year time period the U.S. enjoyed low inflation and in the early portion of the survey period many economists were more concerned by deflation than inflation. Only after the economic stimulus provided to the economy due to the COVID-19 pandemic has inflation begun to accelerate. This most recent period of higher inflationary expectations coincides with our final two survey years.
In Figure 3, we display the U.S. unemployment rate over the survey period (U.S. Bureau of Labor Statistics 2022). For the majority of the period U.S. employers were adding jobs and the labor market was becoming significantly tighter with the unemployment rate decreasing from 8% to 3%. While the COVID-19 pandemic resulted in a large spike to unemployment, this has been short-lived with unemployment decreasing to the 3% range by end of 2021.
Together, this information provides the economic background in place as our survey responses were collected. The ten-year period was one of significant economic growth, low inflation, and declining interest rates, up until the onset of the COVID-19 pandemic in the first quarter of 2020, which resulted in a sudden economic shock.
Before examining individual risk concerns, we focus on the two overall risk questions. First, the perception of the overall risk environment was measured by asking executives to provide their overarching assessment of the severity and magnitude of risks that their organizations would encounter over the following 12 months. Second, executives were asked to assess the likelihood that their organizations would increase resources for risk management activities in the subsequent year. These two questions allow us to determine how each of these assessments are changing over the decade under review. In addition, we are able to determine whether there is an association between the nature of the risk environment and an organization’s anticipated investment in risk management infrastructure.
In Table 4, we provide the full survey sample descriptive results for the first of these two questions by industry affiliation. Consistent with the economic data previously examined, respondents decreased their impression about the magnitude and severity of risks on the horizon up until the 2021 survey (which was conducted in September/October 2020) when these perceptions of the risk environment escalated. These decreases in mean responses from 2013 to 2020 are significantly different at the p < 0.05 (or better) level for each industry (and the full sample) except for the Energy and Utilities, Financial Services, and Healthcare industries, where no statistically significant change is observed. The increase in the mean response to this question about the magnitude and severity of risks from 2020 to 2021 can be seen for most industries, but most dramatically for the Consumer Products and Services industry and for the Energy and Utilities industry. These increases in the mean response are also statistically significant at the p < 0.001 level for Consumer Products and Services and the p < 0.05 level for Energy and Utilities.
Despite the reduction in overall concerns about the risk environment over the ten-year period (from 6.7 in 2013 to 6.2 in 2022, for the full sample)4, we find that most industries expect to increase the amount of time and resources that they plan to devote to risk identification and risk management activities in the subsequent 12 months (from 5.8 in 2013 to 6.4 in 2022, for the full sample).5 In Table 5, we report the full survey sample descriptive results for the amount of time and resources expected to be allocated to enhancements in risk management capabilities.
We also report these results by industry sector. For the most recent year (2022), we note that the Financial Services industry had the largest increase in the planned level of investment in risk identification, which is consistent with volatility the industry has faced due to changes in interest rates and difficult financial markets. This increase (from 6.1 to 6.9) is statistically significant at the p < 0.01 level. On the opposite side, the Healthcare industry had a decrease in its planned level of risk management which we believe is attributable to its heightened focus on risk identification during the pandemic. That is, these investments in more robust risk management processes occurred earlier in this industry (see the increase from 2020 to 2021). This increase (from 6.0 to 6.4) is not statistically significant nor is the decrease (from 6.4 to 5.9) in the following year (2021 to 2022).
Thus, while the overall risk environment is improving in the minds of executives, the data suggest an increasing trend over the 10-year period towards investing more in their organization’s ability to identify and manage risks they anticipate. This is consistent with the overall growth of enterprise risk management and additional expectations for its adoption and refinement (Beasley and Branson 2022). For most industries, respondent expectations are lower in the earlier years of our survey but higher over time. This finding may suggest that executives believe expectations for greater risk oversight are increasing and that they see the strategic value of investing in more enhanced enterprise-wide risk oversight to improve the odds of achieving their organization’s strategic goals.
We next provide the ten-year history of specific risk evaluations. The survey participants provide their assessments of specific risks over these three dimensions:
  • Macroeconomic risks that may affect growth opportunities
  • Strategic risks that may affect the efficacy of particular strategies designed for maximizing growth opportunities
  • Operational risks that may affect operational capabilities with respect to strategic execution6
In Table 6, we provide the results for the set of macroeconomic risk concerns. We observe that the macroeconomic risk that “economic conditions may significantly restrict growth opportunities or impact margins for our organization” (M5) tends to be the highest rated (i.e., most troubling) macroeconomic risk each year. Surprisingly, even with the strong economic growth that we observed over much of the ten-year period, respondents continue to be concerned about the impact of overall economic conditions on their organization’s ability to meet or achieve growth targets. Given the significance and depth of the 2008 financial crisis and the longest economic recession since the 1940s, it is not surprising that there was significant lingering concern among executives in the early years of the survey. Then, during the 2014–2017 survey period, almost all countries were still concerned about employment participation, income levels, and job creation. Finally, due to the onset of the COVID-19 pandemic, overall economic risk concerns again ratcheted up during the final portion of the survey period.
Other macroeconomic risks that stood out were from survey questions added towards the latter part of the survey period. Executives expressed concerns about labor costs, government health policies, and shifts in external expectations concerning social issues. Additionally, the risks related to the adoption of digital technologies have been rated highly in each of the three years that it has been included.
In Table 7, we provide the results for the set of strategic risk issues. We observe that the strategic risk that “regulatory changes may increase, affecting our processes and our products” (S2) is the most highly rated strategic risk in eight of the ten survey years. In addition, this risk has an average rating above 6.0 in seven of the ten years, suggesting it consistently is a significant and persistent risk concern. The strategic risk associated with the “Disruptive innovations enabled by advanced technologies may outpace our organization’s ability to compete” (S1) was one of the two risks that were rated as the top risk concern by survey participants over the decade. This risk, like the macroeconomic risk associated with the adoption of digital technologies, reveals that executives have grown to be highly concerned about the rapid speed in which technology is changing the business environment, and their own organizations’ ability to keep up in the rapidly evolving technological landscape. The other strategic risk that was of significant concern in more recent surveys is (perhaps unsurprisingly) associated with the effects of the ongoing pandemic. The risk issue that “Market conditions imposed by and in response to COVID-19 including shifts in consumer behavior may continue to impact customer demand” (S12) while jump started by the COVID-19 pandemic, also speaks to how technology continues to create significant challenges for many organizations in the pursuit of growth and value creation.
In Table 8, we provide the results for operational risk issues. We observe that as the overall economy grew over the survey period, executives became increasingly concerned about operational risks. This result suggests that executives were increasingly concerned about their organizations’ ability to maintain and increase productivity in order to produce strong results. In Figure 4, we provide a visual perspective of the increasing ratings of the seven operational risks that were consistently surveyed over the ten-year time-period. As the overall economy grew operational risks O1 through O7 (which were asked each year of the annual survey) also increased. Once the COVID-19 pandemic arose during this period, the ratings of these operational risks increased up to the 2020 survey and then declined slightly. Respondents expressed major concerns that their organization’s succession challenges and ability to attract and retain top talent may limit their ability to achieve operational targets. In addition, we see that technology-related risks associated with cyber threats, ensuring data privacy and compliance, and concerns over an inability to utilize data analytics all represent significant issues for executives.
In Table 9, we provide a count of the number of different types of risk issues (by category) that were identified by survey participants as “Top Ten” risk concerns for that year. That is, of the risk issues the respondents were asked to evaluate each year, these are the categories of risk issues that were of top concern in that year. There are a few interesting patterns to note.
Macroeconomic risk issues were on the minds of executives and board members in the first two years of the decade we examine, with three (in 2013) and four (in 2014) making the top ten list. Then, for the middle six years of the ten-year period, macroeconomic risk issues become less of a concern relative to other risks that made the top ten, with zero, one, or two risk issues appearing among the top ten risks in each of those years. Finally, in 2021 (three) and 2022 (five) we see the rise of macroeconomic concerns again, likely triggered by the shocks attributable to the COVID-19 pandemic.
Strategic risk concerns have been remarkably stable over the last decade. For the first nine years, either two or three strategic risk concerns were included in the top ten list. In the most recent year (2022), only a single strategic risk was included as a top ten risk issue. Operational risks dominate the top ten in almost every year of the survey. In eight of the ten years, operational risk concerns comprise at least half of the top ten, with seven operational lists appearing on both the 2018 and 2019 top ten lists. Even in 2014 and 2022, operational risks represented four of the top ten, and only in 2022 does another category (macroeconomic risks) contribute more risk concerns to the top ten than operational risk issues.

4. Conclusions

The Protiviti/NC State surveys of C-suite executives, directors, and other risk professionals’ perspectives of the risk landscape and of specific risk concerns over the last ten years provide unique results reflecting an increasingly risky global environment. No other risk surveys provide an annual update to top risk concerns on the minds of the global business community, as they look ahead to the coming year. The observed increase in the level of anticipated risk highlights the growing importance of risk governance and risk management activities for both regulated and unregulated firms. Survey participants reveal significant concerns for specific risks and how those risks may impede their organizations as they pursue growth opportunities and seek to preserve and enhance stakeholder value.
The annual report highlighting top risk concerns on the minds of global business professionals prepared by Protiviti/NC State is used extensively by management teams and boards. Both groups utilize the top risk concerns identified in the annual reports as a completeness check for the risks their own risk assessment processes have identified and prioritized. That is, boards and senior executives use the report to identify any potential omissions from their own organization’s key risks based on what others in their industry or geographic region report as “top of mind” risk concerns. Our research provides a unique view into how these risk perceptions have evolved over the last decade. The Protiviti/NC State surveys do not summarize these evolving trends in this fashion and do not associate changes in risk perceptions with economic data (e.g., GDP, CPI, and unemployment rates) over the research time period.
Other risk surveys differ from the Protiviti/NC State reports used in this research in significant ways. For example, the Aon survey is conducted only every other year while the World Economic Forum’s Global Risk Report requests participants to consider risks that may occur over the next decade. Surveys conducted by the Association of Financial Professionals (targeted to Treasury teams), Deloitte (financial services industry), and the Society of Actuaries (primarily North America and smaller samples) have a much narrower focus.
We find that the overall impression of the magnitude and severity of potential risks that may arise in the near-term future (i.e., the subsequent calendar year) has been consistent for most of the time period, ranging from a low of 6.0 (in 2015, and again in 2018) to a high of 6.7 (in 2013). In similar fashion, we observe that planned investments in enhanced risk identification and risk management capabilities have been fairly consistent, though the indicated likelihood of increased investment has increased from 5.8 (in 2013) to 6.4 in the last year of the ten-year survey period (2022).
We also highlight how operational risk concerns have been the dominant form of risk issue for risk executives. In all but two years, operational risks were rated more frequently as “top ten” risk concerns when compared to either macroeconomic or strategic risks. This may not be surprising when we consider that the focus of the surveys has been relatively short term, that is, over the next year. Future researchers may wish to consider longer time horizons and explore whether strategic risk issues are more frequently of concern to executives and board members when thinking about a five-to-ten year time horizon, as opposed to the next twelve months. Over the ten years of the survey, the respondents have consistently identified the risk of regulatory oversight and scrutiny as a top strategic risk concern, closely followed by concerns about the economic conditions of the markets they serve and concerns about organizational succession challenges and the ability to attract and retain talent. Perhaps unsurprisingly, we also find that risks associated with technology implementation and the ability to adopt new technology at a faster pace have become more pronounced. Collectively, our findings illustrate the ever-changing nature of risks in the global business environment over time, and the reality that risks affect different industries and sizes of organizations, with no organization immune to changing risk conditions. This suggests that the importance of effective risk governance processes remains strong, and that research focused on enhancing our understanding of effective risk governance processes has the potential to offer tremendous insights impacting how organizations navigate the complex world of uncertainty. While research on enterprise-wide risk management is emerging, there remains tremendous opportunity for scholars to help shape and inform risk governance for the next decade and beyond.
We acknowledge certain limitations to our research. The survey respondents are not constant through the ten-year survey period and for this reason we are unable to make many statistical comparisons over time. Thus, changes in risk assessment scores may be attributable to changes in participants rather than actual changes in economic conditions or evolving threats. In addition, the nature of the survey does not allow respondents to elaborate more fully on specific items that may or may not affect their responses. Our goal in this research is to provide users with an overall understanding of the risks that business executives consider significant in managing their organizations and to provide insight into what risk concerns are both shared and differ across industries and geographic regions.

Author Contributions

All three authors (M.B., B.B. and D.P.) shared equally in this research. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Data Availability Statement

Not applicable.

Acknowledgments

We thank three anonymous reviewers and the academic editor for their helpful comments. The manuscript has been greatly improved by their suggested revisions.

Conflicts of Interest

The authors declare no conflict of interest. Protiviti had no role in the design of this study; in the collection, analyses, or interpretation of data; in the writing of this manuscript; or in the decision to publish the results.

Notes

1
A 10-point scale was chosen to allow a broad range of choices to survey participants. Responses have included all options (i.e., assessments have ranged from one to ten).
2
As the risk landscape has evolved, the number of specific risk issues included in the surveys has expanded over the decade we focus on in this research. Thus, not all risks have a full ten-year history of responses.
3
A response of “Not Applicable” was also available. These responses were not included in the data analysis.
4
This decrease in the full sample mean responses from 2013 to 2022 is statistically significant at the p < 0.01 level.
5
This increase from 5.8 in 2013 to 6.4 in 2022 is also statistically significant (p < 0.01).
6
The risks provided in the table are abridged to enhance readability and reduce word-count. For the specific wording of each risk, please see the surveys at erm.ncsu.edu.

References

  1. Aebi, Vincent, Gabriele Sabato, and Markus Schmid. 2012. Risk management, corporate governance, and bank performance in the financial crisis. Journal of Banking and Finance 36: 3213–26. [Google Scholar] [CrossRef]
  2. AON. 2021. Global Risk Management Survey. Available online: http://www.aon.com/attachments/risk-services/2013-GRMS-Executive-Summary.pdf (accessed on 7 September 2022).
  3. Association for Financial Professionals. 2021. 2021 AFP RISK SURVEY: Post Crisis and Preparation for the Future. Available online: https://www.marshmclennan.com/insights/publications/2021/september/2021-afp-risk-survey.html (accessed on 7 September 2022).
  4. Baxter, Ryan, Jean C. Bedard, Rani Hoitash, and Ari Yezegel. 2013. Enterprise risk management program quality: Determinants, value relevance, and the financial crisis. Contemporary Accounting Research 30: 1264–95. [Google Scholar] [CrossRef]
  5. Beasley, Mark S., and Bruce C. Branson. 2022. 2022 State of Risk Oversight, 13th ed. Available online: https://erm.ncsu.edu/library/article/2022-risk-oversight-report-erm-ncstate-lp (accessed on 7 September 2022).
  6. Beasley, Mark S., Bruce C. Branson, and Donald P. Pagach. 2015. An Analysis of the Maturity and Strategic Impact of Investments in ERM. Journal of Accounting & Public Policy 34: 219–43. [Google Scholar] [CrossRef]
  7. Beasley, Mark S., Donald P. Pagach, and Richard S. Warr. 2008. Information conveyed in hiring announcements of senior executives overseeing enterprise-wide risk management processes. Journal of Accounting, Auditing, and Finance 23: 311–32. [Google Scholar] [CrossRef]
  8. Beasley, Mark S., Richard Clune, and Dana R. Hermanson. 2005. Enterprise risk management: An empirical analysis of factors associated with the extent of implementation. Journal of Accounting and Public Policy 24: 521–31. [Google Scholar] [CrossRef]
  9. Bromiley, Philip, Michael McShane, Anil Nair, and Elzotbek Rustambekov. 2015. Enterprise risk management: Review, critique, and research directions. Long Range Planning 48: 265–76. [Google Scholar] [CrossRef] [Green Version]
  10. Camfferman, Kees, and Jacco L. Wielhouwer. 2019. 21st century scandals: Towards a risk approach to financial reporting scandals. Accounting and Business Research 49: 503–35. [Google Scholar] [CrossRef] [Green Version]
  11. Carmichael, Douglas. 2020. Financial Statement Fraud by External Parties. The CPA Journal 90: 28–34. [Google Scholar]
  12. COSO. 2004. Enterprise Risk Management: Integrated Framework. Committee of Sponsoring Organizations of the Treadway Commission. Available online: www.coso.org (accessed on 7 September 2022).
  13. COSO. 2017. Enterprise Risk Management: Aligning Risk with Strategy and Performance: Committee of Sponsoring Organizations of the Treadway Commission. Available online: www.coso.org (accessed on 7 September 2022).
  14. Deloitte. 2021. Global Risk Management Survey. Available online: https://www2.deloitte.com/us/en/insights/industry/financial-services/global-risk-management-survey-financial-services.html (accessed on 7 September 2022).
  15. Fraser, Ian, and William Henry. 2007. Embedding risk management: Structures and approaches. Managerial Auditing Journal 22: 392–409. [Google Scholar] [CrossRef]
  16. Gatzert, Nadine, and Michael Martin. 2015. Determinants and value of enterprise risk management: Empirical evidence from the literature. Risk Management and Insurance Review 18: 29–53. [Google Scholar] [CrossRef]
  17. Gordon, Lawrence A., Martin P. Loeb, and Chih-Yang Tseng. 2009. Enterprise risk management and firm performance: A contingency perspective. Journal of Accounting & Public Policy 28: 301–27. [Google Scholar]
  18. Hoyt, Robert E., and Andre P. Liebenberg. 2011. The value of enterprise risk management. Journal of Risk and Insurance 78: 795–822. [Google Scholar] [CrossRef]
  19. Jemaa, Fatma. 2022. Recoupling work beyond COSO: A longitudinal case study of enterprise-wide risk management. Accounting, Organizations and Society, 103, 101369. [Google Scholar]
  20. Liebenberg, Andre P., and Robert E. Hoyt. 2003. The determinants of enterprise risk management: Evidence from the appointment of chief risk officers. Risk Management & Insurance Review 6: 37–52. [Google Scholar]
  21. Lundqvist, Sara A. 2015. Why firms implement risk governance: Stepping beyond traditional risk management to enterprise risk management. Journal of Accounting and Public Policy 34: 441–66. [Google Scholar] [CrossRef]
  22. McShane, Michael K., Anil Nair, and Elzotbek Rustambekov. 2011. Does enterprise risk management increase firm value? Journal of Accounting, Auditing, and Finance 26: 641–58. [Google Scholar] [CrossRef]
  23. Nocco, Brian W., and René M. Stulz. 2006. Enterprise risk management: Theory and practice. Journal of Applied Corporate Finance 18: 8–20. [Google Scholar] [CrossRef]
  24. Paape, Leen, and Roland F. Speklé. 2012. The Adoption and Design of Enterprise Risk Management Practices: An Empirical Study. European Accounting Review 21: 533–64. [Google Scholar] [CrossRef] [Green Version]
  25. Pagach, Don, and Heather Pascanik. 2021. A Review of Academic Research on Enterprise Risk Management. In Enterprise Risk Management: Today’s Leading Research and Best Practices for Tomorrow’s Executives. Edited by John R. S. Fraser, Rob Quail and Betty Simkin. Hoboken: John Wiley and Sons, Inc., chp. 39. [Google Scholar]
  26. Protiviti/NC State. 2013–2022. Executive Perspectives on Top Risks. Available online: https://erm.ncsu.edu/library/article/top-risks-report-2013-executive-perspectives-on-top-risks-for-2013 (accessed on 7 September 2022).
  27. Sheedy, Elizabeth, and Barbara Griffin. 2018. Risk governance, structures, culture, and behavior: A view from the inside. Corporate Governance: An International Review 26: 4–22. [Google Scholar] [CrossRef]
  28. Society of Actuaries. 2021. 15th Emerging Risk Survey|SOA. Available online: https://www.soa.org/resources/research-reports/2022/15th-survey-emerging-risks/ (accessed on 7 September 2022).
  29. U.S. Bureau of Economic Analysis, Real Gross Domestic Product [GDPC1]. 2022. Retrieved from FRED, Federal Reserve Bank of St. Louis. Available online: https://fred.stlouisfed.org/series/GDPC1 (accessed on 20 September 2022).
  30. U.S. Bureau of Labor Statistics, Unemployment Rate [UNRATE]. 2022. Retrieved from FRED, Federal Reserve Bank of St. Louis. Available online: https://fred.stlouisfed.org/series/UNRATE (accessed on 20 September 2022).
  31. Viscelli, Therese R., Mark Beasley, and Dana R. Hermanson. 2016. Research Insights About Risk Governance: Implications from a Review of ERM Research. SAGE Open 6: 2158244016680230. [Google Scholar] [CrossRef]
  32. World Bank, Inflation, Consumer Prices for the United States [FPCPITOTLZGUSA]. 2022. Retrieved from FRED, Federal Reserve Bank of St. Louis. Available online: https://fred.stlouisfed.org/series/FPCPITOTLZGUSA (accessed on 20 September 2022).
  33. World Economic Forum. 2022. The Global Risks Report 2022, 17th ed. Available online: https://www.weforum.org/global-risks/reports (accessed on 7 September 2022).
Jrfm 16 00029 g001 550
Figure 1. U.S. Real Gross Domestic Product, 2012–2021 (in billions). Source: Created by the Authors.
Figure 1. U.S. Real Gross Domestic Product, 2012–2021 (in billions). Source: Created by the Authors.
Jrfm 16 00029 g001
Jrfm 16 00029 g002 550
Figure 2. U.S. Consumer Price Index (2015 = 100), 2012–2021. Source: Created by the Authors.
Figure 2. U.S. Consumer Price Index (2015 = 100), 2012–2021. Source: Created by the Authors.
Jrfm 16 00029 g002
Jrfm 16 00029 g003 550
Figure 3. U.S. Unemployment rate, 2012–2021. Source: Created by the Authors.
Figure 3. U.S. Unemployment rate, 2012–2021. Source: Created by the Authors.
Jrfm 16 00029 g003
Jrfm 16 00029 g004 550
Figure 4. Time Series of Operational Risks Survey Responses, 2013 through 2022 Risk Surveys. Source: Author Created.
Figure 4. Time Series of Operational Risks Survey Responses, 2013 through 2022 Risk Surveys. Source: Author Created.
Jrfm 16 00029 g004
Table
Table 1. Sample by Geographic Region and Survey Year.
Table 1. Sample by Geographic Region and Survey Year.
2013201420152016201720182019202020212022
North America205374277257413333371418424632
EuropeNANANA114136198120233207292
AsiaNANANA12815113382111105207
Australia/New ZealandNANANANANANA86798288
Latin AmericaNANANANANANA7274108113
IndiaNANANANANANA33526243
AfricaNANANANANA1821211524
Middle EastNANANANANANA40757854
OtherNANANA3635460000
Totals205374277535735728825106310811453
Source: Author Compilation. Table 1 provides a count of usable survey responses received each year by geographic region. Note that the years refer to the year of concern (i.e., the 2013 survey responses were collected in September/October 2012 and asked about 2013 risk concerns). In 2016–2018, responses were received from other geographic regions but were insufficient in size to provide meaningful stand-alone results.
Table
Table 2. Sample Responses by Industry.
Table 2. Sample Responses by Industry.
2013201420152016201720182019202020212022Total
N%N%N%N%N%N%N%N%N%N%N%
Financial Services5728%8623%9233%16831%19827%24333%23028%32030%30528%31922%201828%
Consumer Products and Services3919%8422%6624%11722%18525%17324%18522%22121%21019%31922%159922%
Manufacturing and Distribution2713%7420%3011%8316%12918%11215%12916%22721%20619%28820%130518%
Technology, Media and Telecommunications2512%3910%218%428%466%699%638%797%11811%17312%6759%
Energy and Utilities199%287%3011%479%588%375%729%10510%11911%1319%6469%
Healthcare2311%318%145%377%628%507%9311%606%454%886%5037%
Other157%329%249%418%578%446%536%515%787%1359%5307%
Totals205 374 277 535 735 728 825 1063 1081 1453 7276
Source: Author Compilation. Table 2 provides a count of usable survey responses received each year by industry affiliation. The percentage column provides a percentage of the total annual responses, except for the total which provides a percentage of the total responses. Note that the years refer to the year of concern (i.e., the 2013 survey responses were collected in September and October of 2012 and asked about 2013 risk concerns).
Table
Table 3. Sample by Firm Size (Total Revenues in USD).
Table 3. Sample by Firm Size (Total Revenues in USD).
2013201420152016201720182019202020212022Total
N%N%N%N%N%N%N%N%N%N%N%
Greater than USD 10 Bn3115%5013%4215%6412%7510%659%15018%16315%14313%19613%97913%
Between USD 1 Billion and USD 9.99 Bn6934%8824%8430%25848%37150%23532%34842%38136%37835%46432%267637%
Between USD 100 Million and USD 999 Mn7436%13235%8029%14327%20428%31844%22627%33732%34732%45231%231332%
Less than USD 100 Mn2412%9826%6925%7013%8512%11015%10112%18217%21320%34123%129318%
Did not report73%62%21%00%00%00%00%00%00%00%150%
Totals205 374 277 535 735 728 825 1063 1081 1453 7276
Source: Author Compilation. Table 3 provides a count of usable survey responses received each year by firm size (annual revenues in USD). Note that the years refer to the year of concern (i.e., the 2013 survey responses were collected in September and October 2012 and asked about 2013 risk concerns).
Table
Table 4. Overall Assessment of the Risk Environment. Survey Question: What is your perception of the magnitude and severity of risks your entity will confront with respect to reaching or exceeding profitability (or funding) targets over the next year?
Table 4. Overall Assessment of the Risk Environment. Survey Question: What is your perception of the magnitude and severity of risks your entity will confront with respect to reaching or exceeding profitability (or funding) targets over the next year?
2013201420152016201720182019202020212022
Financial Services6.56.15.76.06.55.86.16.26.56.3
Consumer Products and Services6.56.26.25.95.95.86.15.86.56.4
Manufacturing and Distribution7.06.36.26.56.16.26.46.36.46.1
Technology, Media and Telecommunications7.06.95.86.66.56.56.26.16.06.0
Energy and Utilities6.06.66.45.96.55.76.16.06.45.9
Healthcare7.17.35.56.66.26.26.86.56.86.3
Combined Sample6.76.46.06.16.26.06.26.16.46.2
Source: Author Compilation. Table 4 provides the mean response by industry affiliation to the question asking about the overall magnitude and severity of risk. Note that the years refer to the year of concern (i.e., the 2013 survey responses were collected in September/October 2012 and asked about 2013 risk concerns). The table provides the mean survey result by year based on the following 10-point scale: 1 = “Extremely low” and 10 = “Extremely high”.
Table
Table 5. Planned Level of Risk Management Investment by Industry and Survey Year. Survey Question: “Will your organization increase time and/or resources to risk identification and management over the next year?”.
Table 5. Planned Level of Risk Management Investment by Industry and Survey Year. Survey Question: “Will your organization increase time and/or resources to risk identification and management over the next year?”.
2013201420152016201720182019202020212022
Financial Services7.05.96.96.46.36.46.76.66.16.9
Consumer Products and Services5.75.56.06.25.86.06.15.76.26.3
Manufacturing and Distribution5.45.35.46.06.36.36.46.25.96.3
Technology, Media and Telecommunications5.55.55.65.85.96.36.46.06.06.3
Energy and Utilities4.55.75.85.55.95.26.16.16.46.2
Healthcare5.56.16.26.25.55.96.16.06.45.9
Combined Sample5.85.76.26.16.06.16.46.26.16.4
Source: Author Compilation. Table 5 provides the mean response by industry affiliation to the question asking about the likelihood of additional investment in risk management processes. Note that the years refer to the year of concern (i.e., the 2013 survey responses were collected in September and October 2012 and asked about 2013 risk concerns). The scores reported above represent mean respondent scores by year based on the following 10-point scales: 1 = “Extremely unlikely to make changes” and 10 = “Extremely likely to make changes”.
Table
Table 6. Survey Responses for Macroeconomic Risk Issues.
Table 6. Survey Responses for Macroeconomic Risk Issues.
Year2013201420152016201720182019202020212022
Number of Observations205374277535735728825106310811453
Macroeconomic Risks (abridged)
M1: Increasing volatility in global financial markets and in foreign currency exchange rates 5.45.04.75.35.75.45.35.15.25.1
M2: Political uncertainty and political extremism may impact the stability of national and international markets5.66.05.25.05.55.55.15.15.14.9
M3: Global trade policies may adjust and affect our ability to operate in an effective and efficient manner in international markets 4.34.43.74.55.24.85.14.94.64.6
M4: Insufficient capital/liquidity may restrict growth opportunities 4.14.64.34.84.85.05.24.85.05.0
M5: Economic conditions may significantly restrict growth opportunities or negatively affect profit margins5.76.55.75.86.65.75.96.35.85.7
M6: Uncertainty surrounding compliance costs associated with healthcare reform legislation (added for the 2014 survey and dropped for the 2019 survey)NA5.14.04.54.54.6NANANANA
M7: Regional conflicts, geopolitical shifts, expansion of global terrorism, and/or instability in governmental regimes may impact our global growth and profitability objectives (added for the 2015 survey)NANA4.24.44.75.15.34.74.84.8
M8: Increases in labor costs may affect profitability targets (added for the 2017 survey)NANANANA5.55.25.55.15.15.6
M9: Interest rates may affect operations and profitability (added for the 2017 survey)NANANANA5.45.35.55.25.15.0
M10: New digital technologies may require skills that are in short supply or require significant resources to upskill our current employees (added for the 2020 survey)NANANANANANANA5.75.75.7
M11: Government policies surrounding public health practices and other pandemic-related regulations may significantly impact performance (added for the 2021 survey) NANANANANANANANA6.55.9
M12: Increasing expectations concerning social issues and diversity, equity and inclusion goals may affect our ability to attract and retain talent and compete effectively (added for the 2021 survey)NANANANANANANANA5.35.5
Source: Author Compilation. Table 6 provides the mean full sample response by the specific macro-economic risk issue. Note that the years refer to the year of concern (i.e., the 2013 survey responses were collected in September and October 2012 and asked about 2013 risk concerns). The scores reported above represent mean respondent scores by year based on the following 10-point scales: 1 = “No Impact at All” and 10 = “Extensive Impact” to their organization over the next year.
Table
Table 7. Survey Responses for Strategic Risk Issues.
Table 7. Survey Responses for Strategic Risk Issues.
Year2013201420152016201720182019202020212022
Number of Observations205374277535735728825106310811453
Strategic Risks (abridged)
S1: Disruptive innovations enabled by advanced technologies may outpace our organization’s ability to compete 4.64.85.25.55.96.16.15.65.25.4
S2: Regulatory scrutiny may increase, affecting our processes and our products 6.86.46.46.16.55.96.26.45.65.5
S3: Enhanced expectations associated with climate change policies, regulations, and expanded disclosure requirements may demand changes in our strategy and business model 4.64.75.05.15.35.65.24.74.75.1
S4: New competitors entering the industry may threaten our market share 3.94.34.54.95.15.25.65.25.05.2
S5: We may not be sufficiently resilient and/or agile to effectively manage an unexpected crisis that threatens our reputation 4.84.85.35.25.45.55.85.65.35.4
S6: Growth opportunities may be difficult to identify and implement 4.34.64.64.95.25.35.45.15.15.2
S7: We may experience limitations on our ability to grow organically through customer acquisition5.55.34.95.05.35.65.75.35.25.3
S8: Our competitors may develop substitute products and services that impacts the success of our current business model 4.44.74.34.95.25.45.65.15.05.2
S9: Rapidly expanding social media developments may affect how we conduct business, interact with our customer base, ensure compliance with applicable regulations, and/or manage our image/brand (added for the 2015 survey)NANA5.25.15.45.65.85.14.44.9
S10: Changes in customer preferences and/or demographic shifts may challenge our ability to sustain customer loyalty (added for the 2015 survey)NANA5.25.35.65.636.05.85.35.2
S11: Activist shareholders who seek changes to our organization’s strategic plan and vision may be triggered by performance shortfalls (added for the 2017 survey)NANANANA5.15.05.14.64.74.8
S12: Shifts in consumer behavior caused by the COVID-19 pandemic may continue to impact customer demand (added for the 2021 survey)NANANANANANANANA5.85.8
S13: The evolving “new normal” resulting from the ongoing pandemic and emerging social change may impact our business model and our ability to adapt in a timely fashion (added for the 2021 survey)NANANANANANANANA5.25.4
Source: Author Compilation. Table 7 provides the mean full sample response by the specific macro-economic risk issue. Note that the years refer to the year of concern (i.e., the 2013 survey responses were collected in September and October 2012 and asked about 2013 risk concerns). The scores reported above represent mean respondent scores by year based on the following 10-point scales: 1 = “No Impact at All” and 10 = “Extensive Impact” to their organization over the next year.
Table
Table 8. Survey Responses for Operational Risk Issues.
Table 8. Survey Responses for Operational Risk Issues.
Year2013201420152016201720182019202020212022
Number of Observations205374277535735728825106310811453
Operational Risks (abridged)
O1: Uncertainty in our supply chain, including the viability of key suppliers and/or scarcity of materials, may make it difficult to deliver products and/or services to our customer base3.843.64.555.15.24.74.95.5
O2: Our ability to attract and retain top talent in a tightening labor market and manage succession challenges may make it difficult to achieve operational targets 5.55.55.75.65.85.96.36.35.65.8
O3: Cyber threats that have the potential to disrupt core operations may present significant management challenges 5.45.35.75.85.96.06.26.15.65.5
O4: Compliance with growing identity protection expectations and ensuring data privacy may require adjustments that consume significant resources 5.45.25.45.65.95.86.16.15.65.3
O5: Legacy IT infrastructure, our lack of digital expertise in the workforce and our existing operating model(s) may damage our ability to meet performance expectations 4.94.85.25.15.45.76.46.25.45.5
O6: Inability to utilize data analytics to achieve information advantages may affect our management of core operations and strategic plans4.74.55.05.25.55.76.15.65.45.5
O7: Our organization’s resistance to change our culture may restrict us from making necessary adjustments to our core operations and business model 5.25.25.45.45.66.06.26.25.65.6
O8: Organizational targets may be affected by third-party risks arising from outsourcing and strategic sourcing arrangements (added for the 2014 survey)NA4.34.34.95.35.35.75.55.45.5
O9: Our culture may prevent the timely identification and escalation of risk issues and opportunities that may affect our operations and ability to achieve our strategic objectives (added for the 2015 survey)NANA5.55.35.75.96.05.85.35.5
O10: We may experience difficulty in obtaining affordable insurance coverages for certain risks that have been covered in the past (added for the 2015 survey and dropped for the 2018 survey)NANA3.24.14.7NANANANANA
O11: The conduct of the organization’s management team and other key representatives may not conform to internal or external expectations (added for the 2019 survey and dropped for the 2021 survey)NANANANANANA5.44.3NANA
O12: Our ability to protect the health and safety of our employees may be insufficient to operate effectively or encourage people to work for or do business with us (added for the 2021 survey)NANANANANANANANA4.95.1
O13Expectations from a significant portion of our workforce to “work remotely” may impact our ability to retain talent (added for the 2021 survey)NANANANANANANANA5.45.5
O14: Shifts to hybrid work environments, expansion of digital labor, and evolving talent and labor shortages, may lead to challenges in sustaining our organization’s culture and the way we conduct business (added for the 2022 survey)NANANANANANANANANA5.5
Source: Author Compilation. Table 8 provides the mean full sample response by the specific macro-economic risk issue. Note that the years refer to the year of concern (i.e., the 2013 survey responses were collected in September and October 2012 and asked about 2013 risk concerns). The scores reported above represent mean respondent scores by year based on the following 10-point scales: 1 = “No Impact at All” and 10 = “Extensive Impact” to their organization over the next year.
Table
Table 9. Type of Risk Identified as a Top Ten Risk in Survey Year.
Table 9. Type of Risk Identified as a Top Ten Risk in Survey Year.
Year2013201420152016201720182019202020212022
Macroeconomic Risks3412210235
Strategic Risks2233323221
Operational Risks5465577654
Source: Author Compilation. Table 9 provides a count of the number of risks within each category that were included as one of the top ten risk concerns in a given year. Note that the years refer to the year of concern (i.e., the 2013 survey responses were collected in September/October 2012 and asked about 2013 risk concerns).
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Beasley, M.; Branson, B.; Pagach, D. An Evolving Risk Landscape: Insights from a Decade of Surveys of Executives and Risk Professionals. J. Risk Financial Manag. 2023, 16, 29. https://doi.org/10.3390/jrfm16010029

AMA Style

Beasley M, Branson B, Pagach D. An Evolving Risk Landscape: Insights from a Decade of Surveys of Executives and Risk Professionals. Journal of Risk and Financial Management. 2023; 16(1):29. https://doi.org/10.3390/jrfm16010029

Chicago/Turabian Style

Beasley, Mark, Bruce Branson, and Don Pagach. 2023. "An Evolving Risk Landscape: Insights from a Decade of Surveys of Executives and Risk Professionals" Journal of Risk and Financial Management 16, no. 1: 29. https://doi.org/10.3390/jrfm16010029

Article Metrics

Back to TopTop