Executive Perspectives on Top Risks for 2016

Executive Perspectives

on Top Risks for 2016

Presenters: Mark Beasley, Pat Scott, Jim DeLoach

March 23, 2016 – 3:00 pm U.S. Eastern Time

© 20162

Following the webinar, all attendees will receive a link to a copy of the presentation and recording.

The survey report is available under the “Resource List” on the left of the presentation module.

During the webcast, you can ask questions using the Q&A function.

There will be a Q&A session at the end of the webinar.

If you are having trouble hearing the audio through the computer, separate phone lines are available.

A Reminder

© 20163

We offer one (1) CPE credit for this presentation.

To be eligible to receive these credits, ensure to answer (4 out of) the five (5) polling questions

throughout the duration of this webinar.

We also appreciate receiving your feedback via the CPE Course Evaluation Form.

(Available under “Resource List”).

You can return this evaluation form to Esther Veenhuizen at Protiviti via:

e-mail: [email protected] or fax : (+1) 212-708-6479

CPE Credits

© 20164

To get an idea of our audience that is currently attending our live webinar,

we’d like to ask you – in which area of your organization are you currently

working?

a) Board or Executive Management

b) Line of Business

c) Compliance

d) Risk Management

e) Internal Audit

f) Other

Polling Question #1

© 20165

Today’s Presenters

Mark S. Beasley is the Deloitte Professor of Enterprise Risk Management and Director of North

Carolina State’s Enterprise Risk Management (ERM) Initiative, which provides thought leadership

about ERM practices and their integration with strategy and corporate governance.

Mark recently completed over seven years of service on the board for the Committee of

Sponsoring Organizations of the Treadway Commission (widely known at COSO). He is a

frequent speaker at national and international conferences on ERM, internal controls, and

corporate governance, including audit committee practices and frequently works with boards of

directors and senior executives on risk oversight issues. He received a BS in accounting from

Auburn University and a Ph.D. from Michigan State University. Visit www.erm.ncsu.edu.

Pat Scott is Protiviti's executive vice president, global industry and client programs. He oversees

and coordinates the efforts of the Industry Program leadership, as well as guides the strategy for

the program, which encompasses seven industries. Scott also leads Protiviti’s client cornerstone

and account management program, ensuring delivery on our promise to our clients and helping

serve the complex needs of Protiviti’s largest clients around the world.

He previously served as regional managing director for the Central United States. He is an

experienced consultant with more than 25 years of experience delivering internal audit solutions

to clients in a variety of industries. Prior to joining Protiviti as a founding managing director, he

was a partner at Arthur Andersen. Scott holds a bachelor’s degree from Purdue University. He

is an active member of the American Institute of Certified Public Accountants (AICPA) and

Institute of Internal Auditors (IIA).

© 20166

Today’s Presenters

Jim DeLoach has more than 35 years of experience and is a member of the Protiviti Solutions

Leadership Team. His market focus is on helping organizations integrate risk management with

strategy setting, business planning and performance management. Jim serves as a member of

Protiviti’s Solutions Leadership. He was one of 25 recipients of the “Consultant of the Year”

award from Consulting Magazine in 2011. In each of the last four years, he was named to the

National Association of Corporate Directors’ Directorship 100 list, recognizing him as one of the

100 most influential governance professionals in the boardroom community. He has served on

the COSO Advisory Council for almost 10 years, contributing to the development of the original

Enterprise Risk Management – Integrated Framework, the COSO Project on Monitoring, the

update to the Internal Control – Integrated Framework and, more recently, the update to the ERM

framework. He has worked with, and delivered numerous presentations to, hundreds of

companies and groups in 30 countries. He writes many Protiviti publications and publishes

monthly with NACD Directorship and Corporate Compliance Insights.

© 20167

Introduction

• Protiviti and North Carolina State University’s ERM Initiative surveyed 535 board

members and C-suite executives globally on risks likely to affect their organizations over

the next 12 months

• The survey provides perspectives on the potential impact of 27 specific risks across

three dimensions:

– Macroeconomic Risks: Likely to affect the organization’s growth opportunities

– Strategic Risks: Likely to affect the validity of the organization’s strategy for the

pursuit of growth opportunities

– Operational Risks: Likely to affect key operations of the organization in executing its

strategy

© 20168

Survey Methodology

• Respondents were asked to rate 27 individual risk issues using a 10-point scale:

− A score of 10 reflects Extensive Impact to the organization over the next year

− A score of 1 reflects No Impact at All

• Based on average scores, we categorized these risks into one of three classifications:

– Significant Impact: Risks with an average score of 6.0 or higher

– Potential Impact: Risks with an average score of 4.5 through 5.9

– Less Significant Impact: Risks with an average score of 4.4 or lower

© 20169

Survey Respondent Breakdown

Organization Size

Revenues $10 billion or greater 12%

Revenues $1 billion to $9.99 billion 48%

Revenues $100 million to $999.99 million 27%

Revenues less than $100 million 13%

Executive Position

Board Member 4%

Chief Executive Officer 8%

Chief Financial Officer 7%

Chief Risk Officer 27%

Chief Audit Executive 20%

Other C-Suite 11%

Industry

Financial Services 31%

Consumer Products and Services 22%

Manufacturing and Distribution 16%

Technology, Media and Communications 8%

Healthcare and Life Sciences 7%

Energy and Utilities 9%

Note: The balancing figures are for other respondent categories

© 201610

Key Findings

• Global business environment in 2016 perceived slightly more risky for organizations

than it was in in 2015, but not as risky as in 2014.

• The top 10 risks vary in nature – There are growing concerns about operational risk

issues.

• Regulatory change and heightened scrutiny is –again– top overall risk.

• Domestic and international economic conditions are raising concerns.

• Cyber threats disrupting core operations is again a top 5 concern for 2016.

• Boards of Directors, CEOs and other members of the executive team report differing

views of the top risk exposures facing their organizations.

• CEOs and CFOs perceive a riskier environment.

Top 10 Risks

© 201612

M

M

O

S

O

O

O

M

M

© 201613

My organization conducts a comprehensive risk assessment, at least

annually, that effectively delineates the critical enterprise risks from the day-

to-day business risks

a) Strongly Agree

b) Agree

c) Unsure

d) Disagree

e) Strongly Disagree

Polling Question #2

© 201614

#1 – Regulatory Risk

Regulatory changes and scrutiny may

heighten, noticeably affecting the manner

in which our products or services will be

produced or delivered

© 201615

#2 – Economic Conditions and #8 – Volatility in Global Financial Markets

Economic conditions in markets we

currently serve may significantly restrict

growth opportunities for our organization

Anticipated volatility in global financial

markets and currencies may create

significantly challenging issues for our

organization to address

© 201616

#3 – Cyber Threats and #5 – Privacy and Identity Protection

Our organization may not be sufficiently

prepared to manage cyber threats that

have the potential to significantly disrupt

core operations and/or damage our brand

Ensuring privacy/identity management and

information security/system protection may

require significant resources for us

© 201617

My organization has significantly increased efforts and resources around

protection against cyber attacks over the last year and I expect this trend to

continue over the next 12-24 months:

a) Strongly Agree

b) Agree

c) Unsure

d) Disagree

e) Strongly Disagree

Polling Question #3

© 201618

#4 – Succession and Retention Challenges

Our organization’s succession challenges

and ability to attract and retain top talent

may limit our ability to achieve operational

targets

© 201619

#6 – Disruptive Innovations and Technologies

Rapid speed of disruptive innovations

and/or new technologies within the industry

may outpace our organization’s ability to

compete and/or manage the risk

appropriately, without making significant

changes to our business model

© 201620

#7 – Resistance to Change

Resistance to change may restrict our

organization from making necessary

adjustments to the business model and

core operations

© 201621

#9 – Organization’s Culture

Our organization’s culture may not

sufficiently encourage the timely

identification and escalation of risk issues

that have the potential to significantly affect

our core operations and achievement of

strategic objectives

© 201622

#10 – Customer Loyalty and Retention

Sustaining customer loyalty and retention

may be increasingly difficult due to the

evolving customer preferences and/or

demographic shifts in our existing customer

base

Industry Analysis

© 201624

Analysis Across Industry – Top 5 Risks*

Risk Issues Overall FS CPS MD TMC HLS EU

Regulatory risk

Economic conditions

Cyberthreats

Succession/talent

Security/privacy

Rapid speed of

disruptive innovations

Resistance to change

Financial markets/

currencies

Organization’s culture

Customer

loyalty/retention

Healthcare reform

Significant Impact – Rating of 6.0 or higher Potential Impact – Rating of 4.5 – 5.99* Includes ties as well as differences among

industry groups

© 201625

As organizations evolve their risk governance practices, relevant and timely

information about emerging risks is key. Does your organization have

processes in place to proactively identify and assess emerging risks?

a) Yes (e.g., risk committee, scenario analysis, periodic executive team agenda

item, etc.)

b) I think so, but I’m not aware how these processes are organized or being

managed to ensure they are effective

c) Unsure

d) No

Polling Question #4

Analysis across

Respondent Role

© 201627

Analysis Across Respondent Role – Top 5 Risks*

Risk Issues Overall Board CEO CFO CRO CAE CIO

Regulatory risk

Economic conditions

Cyberthreats

Succession/talent

Security/privacy

Rapid speed of disruptive

innovations

Resistance to change

Financial markets/

currencies

Organization’s culture

Customer loyalty/retention

Sovereignty risk/political

gridlock

Organic growth

Outsourcing/strategic

sourcing

Uncertainty in supply chain

* Includes ties as well as differences among

industry groups

Analysis across

Organization Size

© 201629

Analysis Across Organization Size – Top 5 Risks

Risk Issues Overall$10B or

Greater

$1B –

$9.99B

$100M –

$999.99M

Less than

$100M

Regulatory risk

Economic conditions

Cyberthreats

Succession/talent

Security/privacy

Rapid speed of disruptive

innovations

Resistance to change

Financial markets/

currencies

Organization’s culture

Customer loyalty/retention

Crisis management

Significant Impact – Rating of 6.0 or higher Potential Impact – Rating of 4.5 – 5.9

© 201630

How confident are you that all executive stakeholders who should be

engaged in the risk assessment process in your organization are

participating in the process?

Rank on a scale from 1-5 with 5 being highly confident and 1 being not at all

confident:

a) 1

b) 2

c) 3

d) 4

e) 5

Polling Question #5

Top 5 Increases

and Decreases

© 201632

Top 5 Increases

© 201633

Top 5 Decreases

Q&A

Thank you!For more information and to download the full report

Executive Perspectives on Top Risks in 2016

visit:

www.protiviti.com/toprisks

and

www.erm.ncsu.edu