The Edward Snowden case and the theft of Target customer data have both driven home the point that cybersecurity is an emerging, and rising, risk issue for both companies and political entities. But there are other risks that emerge as rapidly-changing multi-market regulatory and business interactions redefine the landscape.
Every year business consultant CEB (Corporate Executive Board) issues a list of emerging risks that sharp companies need to address to stay ahead of the game. This year they recommend managers pay special attention to these 10 specific risks:
- Compliance management
- Cybersecurity: malicious insiders
- Risk management
- Cybersecurity: malicious outsiders
- Emerging markets
- IT governance
- Third-party relationships
- Project management
- Intellectual property
- Crisis response management
The main reason to review a list like this is that changes in the business environment can make companies’ risk management plans obsolete or improperly targeted. Changes in regulation alone make compliance a major problem, not to mention the fact that multiple regulators issuing new rules may create unintended conflict that in turn increases the potential for compliance risk. Risk managers need to allocate resources to evaluate and respond to this new control environment.
An Actionable Emerging Risk Agenda
To help move you toward an actionable plan to address these emerging elements, Friso Van Der Oord and Jeffery Ugbah at RM magazine have consolidated the 10 risks identified by CEB into four analytical themes. The themes are:
The downside of business interdependence: Businesses are increasingly entangled in networks of stakeholders, partners, clients and suppliers who expose them to risks that are difficult to identify and evaluate.
Balancing business control and value creation: The risks of many new business opportunities are opaque, such as in emerging markets. In these circumstances, managers have to make difficult decisions balancing risk against expected value.
Embedding compliance and risk discipline into the business: The increasingly complicated and sometimes conflicting regulatory demands require a higher and more sophisticated approach to compliance management. Formal full-scale enterprise risk management initiatives are part of the solution.
Blind spots inside our organizational perimeter: Dependence on digital technology creates new risks within the organization, as well as in the external networks it is connected to. IT security spanning everything from cyber spying to employee fraud becomes even more urgent.
The speed of change is not likely to slow down anytime soon. It will continue through good economic conditions and bad as governments, corporations, and businesses in general seek to gain advantages and control. Smart organizations will commit significant resources to identify these tendencies and develop policies to cope.
If you need help formulating your enterprise risk management strategy, let’s talk.