Risks Confronting Boards 2016 - Top Concerns
The key objective of EisnerAmper's survey is to gain insights on the top risks facing boards. Over the past few years, the risks we have investigated include reputational risk, cybersecurity/IT risk, regulatory compliance risk, senior management succession planning, product risk, crisis management, risk due to fraud, disaster recovery, tax strategies, outsourcing risk, diversity, competition, liquidity risk, financial reporting risk, key skills deficits, global economic slowdown, emerging markets upheaval, and geopolitical volatility. Naturally, these risks have evolved over the years as different events and technologies have manifested themselves.
As previously stated, reputational risk has been removed from the survey. It was determined that the fallout and consequences of any of the other risks will also include reputation hardship and remediation. None of the new risks profiled – emerging markets upheaval, global economic slowdown and geopolitical volatility – were assigned significance by the directors.
A surprising overall trend shift shows cybersecurity, while clearly still on director's top list of concerns, falling below senior management succession planning in level of importance. After steadily increasing in importance since 2013, senior management succession planning now ranks in the top 3 concerns of more than half the respondents across all board types. It is the number one concern identified by not-for-profit boards and the second overall most important concern for public and private board directors. Regulatory compliance risk had continually been a top trending risk behind cybersecurity/IT and reputational risk year after year; however, this year (after 5 years worth of survey data) regulatory compliance risk fell in board member's top concerns. It will be interesting to see where regulatory compliance risk will trend in the future with the new administration.
OVERALL IMPORTANCE TO YOUR ORGANIZATION
Directors are concerned with risks; it's inevitable with all the possible scenarios that could disrupt or permanently damage an organization's future. We asked directors for their top-of-mind risks, in 3 different frameworks, in order to better see the full picture:
- Risks with the most overall importance to your organization
- Most challenging risks in terms of effective oversight (by the board)
- Level of confidence in the risk management (by the organization's leadership)
For the first time since this report's inception, not only did we break the findings down into the 3 different organization types – public, private and not-for-profit – we also asked about risk in the 3 structures listed above.
Cybersecurity is the risk of most importance for public boards: 55% of the directors ranked it in the top 3 out of 14 possible risks. Senior management succession planning follows closely with 51% placing it in the top 3 risks. After that, product risk (45% in top 3) and competition (41% in top 3).
Tied with cybersecurity, 23% of directors rank financial reporting as the number one risk.
Private board members only vary slightly from public board members in their perception of risk. The highest ranked risk is cybersecurity with 27% identifying it as the most important risk and 59% placing it in their top 3. While senior management succession planning also had 59% of respondents placing it in the top 3, only 9% classified it as the most concerning risk. Key skills deficits and product risk rank also stand out as one of the top 3 (48% and 45%, respectively). Both, however, only garnered 10% of the vote as the top concern.
Liquidity risk is seen as a major concern, as 44% selected it as one of their top 3 concerns. More than half of those (24% of private board directors) identify it as the top concern, placing it just behind cybersecurity as the number one concern.
Not-for-profit has the largest variance in terms of what directors believe to be the most important overall risks to their organizations. Not-for-profit concerns seem to be somewhat aligned with private boards, with the exception of cybersecurity risk. Only 4% of not-for-profit directors ranked cybersecurity as their top risk.
People, their skills and money seem to be the primary focus of not-for-profit boards. Senior management succession planning (52%), key skills deficits (50%) and liquidity risk (45%) rank as their top 3 most important risks. It is not surprising that these resources, a foundation on which every organization should be built, are of utmost concern to not-for-profits. It is surprising, however, that cybersecurity was not identified as more of a significant risk. With donor information stored digitally, a cyber breach could significantly impact an organization's reputation and future donor support.
MOST CHALLENGING RISK IN TERMS OF EFFECTIVE OVERSIGHT (BY THE BOARD)
Cybersecurity and senior management succession planning were standout concerns. They are tied with 42% of respondents citing them as the most challenging risk in terms of effective oversight at the board level.
As previously seen, product risk ranks third risk ranks third in overall importance to their organizations. However, for most challenging to effectively oversee, only 27% of respondents ranked this as one of the top 3.
For public boards, responses are closely aligned with the average for all board types. The risks most challenging to effectively oversee are senior management succession planning, cybersecurity and liquidity. This somewhat aligns with public board directors' top risks, which include cybersecurity and senior management succession planning, but not liquidity. It should also be noted that financial reporting risk is considered the hardest for effective oversight by the most respondents.
Private board members rank cybersecurity the most challenging risk to oversee, with half of the respondents choosing this risk in their top 3. Similar to public boards, liquidity and senior management succession planning follow in the trend of difficulty to oversee from a board level. While there are other risks along with liquidity that are of the utmost importance to private boards, liquidity is unmistakably seen as one of the most challenging risks to effectively oversee, with a quarter of directors selecting it as their number one (out of 14 possible risks).
Very similar to public boards' rankings, cybersecurity and senior management succession planning remain the top 2 most challenging risks to effectively oversee; failure of critical infrastructure (disaster recovery) rounds out the top 3 risks. This risk is not a major concern in terms of overall importance for not-for-profits; however, it is seen as difficult to effectively oversee. It should also be noted that regulatory compliance risk, which in the past has always been a major concern, is considered one of the hardest to effectively oversee by the most respondents.
Concerns About Risks Confronting Boards - 2016 Survey Results