The topic of discussion at the November 2014 IRMSA Breakfast Presentations was “Emerging key global strategic risks and how organisations should be responding”. There was a specific focus on three of the top emerging risks, namely reputational, cyber and data-analytic risks.
To encourage robust discussions on this topic, the breakfast sessions included a presentation and a panel discussion. Each session had a panel discussion facilitator and subject matter experts from Deloitte.
The perspectives provided by Deloitte were insightful as they were based on a global survey that explored views of business leaders on strategic risks. The survey was conducted in the following regions: The Americas, Europe-Middle East-Africa and Asia-Pacific. Some of the questions posed to the business leaders were:
· Does your organisation have an explicit focus on managing strategic risks?
· Has your approach to managing strategic risks changed in the last three years?
· How well do you think your risk management programme supports your ability to develop and execute your business strategy?
· Who primarily determines your company’s approach to managing strategic risks?
· Do you believe that technology enablers and/or disrupters on the horizon may threaten your business model?
· Has your business strategy changed since the emergence of mobile, social, digital, big data and other innovative technologies?
· Does your company have a common definition for the term “strategic risk”?
The results of the survey showed that in excess of 80% of all respondents globally have an explicit focus on managing strategic risks. In addition, 94% of the respondents indicated that their approach to managing strategic risks has changed significantly or to some degree in the last three years. One of the questions on the survey sought to assess the alignment of risk management to strategy; 61% of respondents felt there was a reasonable or strong alignment compared to 50% in South Africa.
Similarly, South Africa was in line with the global trends of having the CEO, board or board risk committee as ultimately responsible for managing strategic risks. The most split response globally was on whether technology enablers and/or disrupters on the horizon may threaten the business models of various companies. 53% responded ‘yes’, 37% responded ‘no’ and the remaining 10% were ‘unsure’.
Predictably, over 90% of companies indicated that their business strategy has changed since the emergence of mobile, social, digital, big data and other innovative technologies – 81% of companies in South Africa agreed with this view.
The survey also indicated that globally and in South Africa, reputation is now rated as the highest impact risk area. The key themes emerging around reputation is that reputational risk is a consequence of other underlying factors or incidents.
The panel discussion revealed that companies are least confident about reputation risks beyond their direct control: According to the respondents, the root causes of reputational risks are likely to be around competitive attacks, negative customer comments, and third-party ethics. The discussion further indicated that companies have higher confidence about risks related to regulatory compliance, employee and executive misconduct.
Reputation risks are perceived to have a major impact on revenue and brand value - respondents who previously experienced a negative reputation event say the biggest impact areas were revenue (41%) and loss of brand value (41%), followed by regulatory investigations (37%).
In response to concerns around reputation, there is an emerging trend where companies are investing to improve their capabilities for managing reputation risk. More than half of the surveyed companies in the survey indicated that there were plans to address reputation risk by investing in technology such as analytical and brand monitoring tools, together with crisis management and scenario planning among ways of managing reputation.
The Deloitte surveyed further indicated that most companies are prepared to manage reputation risk drivers in areas such as regulatory compliance and employee/executive misconduct. However, they are less prepared when it comes to risk drivers such as third-party ethics, competitive attacks, hazards or other catastrophes.
At the centre of concerns about reputation, there is consensus customers are the most important stakeholders. Other important stakeholders include regulators, senior executives, employees, and investors. The underlying risks that drive reputation are ethics, integrity, fraud, bribery and corruption. Closely linked to this are risks around security (including both physical and cyber), health, safety and the environment. Respondents to the survey also indicated that third-party relationships are another rapidly emerging risk area, with companies increasingly being held accountable for the actions of their suppliers and vendors.