The Governance Institute of Australia (GIA) has released its 2019 Risk Management Survey, which identifies the key challenges/priorities (as nominated by risk managers/governance leaders) facing Australian businesses in the immediate and longer term. A high level overview of some of the key findings is below.
Top five risks over the next 12 months?
Risk managers and governance leaders across all sectors ranked regulatory reform and legislative changes as the top risks to manage over the next 12 months. Followed by: damage to brand/reputation (2); increased competition (3); talent attraction/retention (4); and cybercrime (5). In the financial sector, regulatory risk was also ranked as the top risk, but cybercrime was ranked at 2, competition at 3, brand/reputation at 4 and disruption at 5.
Top five risks to manage over the next three to five years?
Over the longer term, regulatory or legislative change was again identified the key issue across all sectors followed by: disruption/failure to innovate (2); increased competition (3); cybercrime (4); and damage to brand/reputation (5). In the financial sector, the priorities were a little different. After regulatory/legislative change, respondents identified: cybercrime (2); competition (3); disruption (4); and economic shock (5) as the next most important issues.
Organisations across all sectors believe their level of preparedness is high
Asked how effective their organisations are in proactively identifying and managing risks overall, respondents ranked themselves on average at 6.69/10. This increased to 7.27/10 for regulatory risk (ranked the top risk over the next year/over the next 5 years).
Level of (overall) preparedness in the finance sector?
Respondents in the finance sector assessed themselves to be better prepared than the overall average (7.24/10). Consistent with the average across all sectors, they were most confident in their preparedness to manage regulatory risk (7.85/10 vs the average across all industries 7.27/10) and least confident in the preparedness to identify and manage talent risk (6.33/10 vs 5.78/10 across all sectors)
[Note: Among the issues the Australian Prudential Regulation (APRA) flagged in its recent information paper presenting its analysis of self-assessments conducted by 36 financial institutions was whether boards/leadership had been sufficiently self-critical in their assessments. APRA noted that boards/senior leadership teams tended to have generally positive assessments of their own performance, even when they had identified serious weaknesses in their institutions APRA has said that one area of focus in engaging with institutions on the self-assessments will be whether boards and senior leadership have been sufficiently self-critical given the wide range of weaknesses identified.]
- Organisations believe they are already addressing many of the risks identified at the Financial Services Royal Commission? Respondents across all sectors consider that they are well placed to manage the risks associated with damage to brand/reputation (7.07/10). Likewise, they assessed their level of preparedness to manage risks associated with staff conduct, and professional liability (issues that were raised at the Financial Services Royal Commission) similarly highly (7+/10). The Governance Institute concludes from this that organisations believe that are addressing these risks successfully already.
- Respondents said that they were least well prepared to manage disruption (6.01/10) and talent (5.78/10). The GIA suggests that this is an indication of the competitive pressures local companies are feeling from multi-nationals (eg Amazon, Apple, Google and Facebook). The GIA also suggests that the findings indicate that though respondents are aware of the risks posed by talent/retention, cyber crime and disruption/failure to innovate in the longer term, they are as yet unsure about how best to address/manage these risks and also that they believe that these issues will continue to be an ongoing concern.
- Environmental risk? Overall, environmental risk was ranked third to last in terms of preparedness (6.314/10) which the Governance Institute says is an indication that organisations are aware they are lacking in this area and also that they are less concerned about it (than they are about other risks).
- Highly valued but under-resourced? While respondents felt that the risk management function was highly valued by their organisations (70% agreed/strongly agreed), the need for ‘better tools and resources’ (29%) to manage risk and ‘clarity of purpose and strategy’ (23%) from senior leadership were identified as key areas of concern.
Conclusions?
Governance Institute CEO Megan Motto commented that the survey indicates that there is 'still a lot of confusion and nervousness in the market, especially about reporting requirements, roles, and engaging the newly strengthened regulators', which reflects what has been observed anecdotally in the market.
Ms Motto added that there are also a number of 'positives' to emerge from the findings. 'I think it’s safe to say that governance and risk professionals have never been so valuable. They are increasingly being relied on at board, and executive level to provide the right data and analysis, strengthening their trusted advisor status'. There is scope, she suggested for further education/training.
About the survey
- The online survey was conducted from 3 April to 3 May 2019 with 499 respondents
- 20% of respondents were drawn from the financial services sector; 17% from healthcare, 15% from education; 11% from professional/technical services and 11% from the public sector
- 38% of respondents were senior governance/risk managers; 21% were CEO/C-suite and 27% lead the risk management team within their organisation
- 39% of organisations surveyed had revenue over $100m, 45% had revenue between $1m-$100m. 31% operate in other countries as well as Australia